Shyam Murthy,Srinivas Vivek

DOI: https://doi.org/10.1007/978-3-031-20974-1_8

2023-01-04

Abstract:Privacy preservation in Ride Hailing Services is intended to protect privacy of drivers and riders. ORide is one of the early RHS proposals published at USENIX Security Symposium 2017. In the ORide protocol, riders and drivers, operating in a zone, encrypt their locations using a Somewhat Homomorphic Encryption scheme (SHE) and forward them to the Service Provider (SP). SP homomorphically computes the squared Euclidean distance between riders and available drivers. Rider receives the encrypted distances and selects the optimal rider after decryption. In order to prevent a triangulation attack, SP randomly permutes the distances before sending them to the rider. In this work, we use propose a passive attack that uses triangulation to determine coordinates of all participating drivers whose permuted distances are available from the points of view of multiple honest-but-curious adversary riders. An attack on ORide was published at SAC 2021. The same paper proposes a countermeasure using noisy Euclidean distances to thwart their attack. We extend our attack to determine locations of drivers when given their permuted and noisy Euclidean distances from multiple points of reference, where the noise perturbation comes from a uniform distribution. We conduct experiments with different number of drivers and for different perturbation values. Our experiments show that we can determine locations of all drivers participating in the ORide protocol. For the perturbed distance version of the ORide protocol, our algorithm reveals locations of about 25% to 50% of participating drivers. Our algorithm runs in time polynomial in number of drivers.

Cryptography and Security

Haining Yu,Hongli Zhang,Xiangzhan Yu

DOI: https://doi.org/10.1155/2020/4948387

IF: 1.968

2020-01-01

Security and Communication Networks

Abstract:Online ride hailing (ORH) services enable a rider to request a driver to take him wherever he wants through a smartphone app on short notice. To use ORH services, users have to submit their ride information to the ORH service provider to make ride matching, such as pick-up/drop-off location. However, the submission of ride information may lead to the leakages of users’ privacy. In this paper, we focus on the issue of protecting the location information of both riders and drivers during ride matching and propose a privacy-preserving online ride matching scheme, called pRMatch. It enables an ORH service provider to find the closest available driver for an incoming rider over a city-scale road network, while protecting the location privacy of both riders and drivers against the ORH service provider and other unauthorized participants. In pRMatch, we compute the shortest road distance over encrypted data by using road network embedding and partially homomorphic encryption and further efficiently compare encrypted distances by using ciphertext packing and shuffling. The theoretical analysis and experimental results demonstrate that pRMatch is accurate and efficient, yet preserving users’ location privacy.

Haining Yu,Xiaohua Jia,Hongli Zhang,Xiangzhan Yu,Jiangang Shu

DOI: https://doi.org/10.1109/TDSC.2019.2931295

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Online Ride Hailing (ORH) has extensively made our trip more convenient. With mobile devices, riders can request taxis through ORH systems in a short time. However, to enjoy ORH services, users need to submit their location information to ORH systems, which raises serious privacy concerns. In this paper, we study the privacy leakage of online ridesharing matching, a more complex and economy ORH service that allows riders to share rides with others, and propose a privacy-preserving shared ride matching scheme, called PSRide. PSRide can find the taxi with the minimum additional travel time to serve a new rider based on its existing schedule, while protecting the location privacy of both riders and taxis. In PSRide, we propose a zone-based minimum road travel time estimation approach and a secure comparison protocol to efficiently optimize the schedules of taxis for a new rider over encrypted data. We implement PSRide and analyze it thoroughly. Theoretical analysis and experimental evaluations show that PSRide is secure and efficient for ORH systems.

Haining Yu,Xiaohua Jia,Hongli Zhang,Jiangang Shu

DOI: https://doi.org/10.1109/tsc.2020.3022875

IF: 11.019

2020-01-01

IEEE Transactions on Services Computing

Abstract:Online Ride Hailing (ORH) services enable a rider to request a taxi via a smartphone app in real time. When using ORH services, users (including riders and taxis) have to submit their locations to the ORH server. With received locations, the ORH server makes online ride matching between riders and taxis. There are serious privacy concerns for users to reveal location information to ORH servers. In this article, we propose an efficient and privacy-preserving ride matching scheme for ORH services, named EPRide. EPRide can find the taxi with the minimum road distance to serve an incoming rider, while protecting the location information of both taxis and riders against ORH servers or other curious servers. In EPRide, we propose an efficient exact shortest road distance computation approach over encrypted data, which converts road distance computation into Hamming distance computation over packed ciphertexts by using road network hypercube embedding and somewhat homomorphic encryption. Meanwhile, we design a secure comparison protocol, which efficiently compares encrypted distances in parallel by using ciphertexts blinding and packing, without leaking any distance. Theoretical analysis and experimental evaluations show that EPRide is secure, accurate and efficient.

Qian Wang,Chengzhe Lai,Gang Han,Dong Zheng

DOI: https://doi.org/10.1109/tits.2023.3286804

IF: 8.5

2023-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Privacy-preserving online ride-hailing (ORH) service enables riders and drivers to conveniently establish optimized ride-hailing through mobile applications without disclosing their location information. In order to alleviate the load of central server and unnecessary increased response latency caused by centralized schemes, we investigate the privacy-preserving ORH matching service in distributed deployment environment. In this paper, we first design three secure outsourced calculation protocols based on Distributed Two-Trapdoor Public-Key Cryptosystem (DT-PKC), including ciphertext packing, blinding and decryption protocol across domains (CPBD), secure Euclidean square distance calculation protocol across domains (SESDC) and secure minimum distance selection protocol (SMDS). Then, we apply the protocols to construct a privacy-preserving distributed ORH matching scheme named pdRide. Geographically distributed road-side unit (RSU) and computation service provider (CSP) collaborate to securely select the matching driver for the requesting rider within a range. Specifically, SESDC can effective calculate the Euclidean square distances between multiple drivers and requesting rider over the encrypted location information with different keys. SMDS can select the driver with the minimum distance for the requesting rider on the encrypted distances. Finally, experiment results demonstrate its effectiveness in terms of communication overhead, computation overhead and transmission latency.

engineering, electrical & electronic,transportation science & technology, civil

Haining Yu,Jiangang Shu,Xiaohua Jia,Hongli Zhang,Xiangzhan Yu

DOI: https://doi.org/10.1109/TVT.2019.2941761

IF: 6.8

2019-01-01

IEEE Transactions on Vehicular Technology

Abstract:An Online Ride Hailing (ORH) system enables a rider to request a taxi through a smartphone app on a short notice. To enjoy ORH services, users have to submit their location information to ORH servers. There are serious privacy concerns for users to reveal location information to ORH servers. In this paper, we propose a lightweight and privacy-preserving ride matching scheme for ORH systems, named lpRide, which can find the taxi with the minimum road distance to serve an incoming rider, while protecting the location privacy of both riders and taxis against the ORH server. In lpRide, we propose an efficient shortest road distance computation approach over encrypted data, which computes approximate road distance by using road network embedding and the modified Paillier cryptosystem. Moreover, we design a secure comparison method to compare two distances over the corresponding blinded ciphertexts, without revealing the actual distances. Theoretical analysis and experimental evaluations show that lpRide is private, accurate and efficient.

Haining Yu,Hongli Zhang,Xiangzhan Yu,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.1109/jiot.2020.3030274

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:An online ride hailing (ORH) service creates a typical supply-and-demand two-sided market, which enables riders and drivers to establish optimized rides conveniently via mobile applications. Group ridesharing is a novel form of ridesharing, which allows a group of riders to share a vehicle that holds the minimum aggregate distance to the whole group. Accompanied by the advantage of ORH services, there comes some vital privacy concerns. In this article, we propose a privacy-preserving online group ridesharing matching scheme for ORH services, called PGRide. PGRide can select the nearest driver to serve a group of riders, without leaking the location privacy of both riders and drivers. In PGRide, we propose an encrypted aggregate distance computation approach by using somewhat homomorphic encryption with ciphertexts packing, which efficiently computes the aggregate distances from a group of riders to large-scale dynamic drivers in encrypted form. Meanwhile, we design a secure minimum selection protocol by using ciphertexts packing and blinding, which efficiently finds the minimum element from a set of encrypted integers without leaking any actual element value. Theoretical analysis and performance evaluations prove that PGRide is secure, accurate, and efficient.

Youssef Khazbak,Jingyao Fan,Sencun Zhu,Guohong Cao

DOI: https://doi.org/10.26599/tst.2020.9010010

2020-12-01

Abstract:Ride-hailing service has become a popular means of transportation due to its convenience and low cost. However, it also raises privacy concerns. Since riders' mobility information including the pick-up and drop-off location is tracked, the service provider can infer sensitive information about the riders such as where they live and work. To address these concerns, we propose location privacy preserving techniques that efficiently match riders and drivers while preserving riders' location privacy. We first propose a baseline solution that allows a rider to select the driver who is the closest to his pick-up location. However, with some side information, the service provider can launch location inference attacks. To overcome these attacks, we propose an enhanced scheme that allows a rider to specify his privacy preference. Novel techniques are designed to preserve rider's personalized privacy with limited loss of matching accuracy. Through trace-driven simulations, we compare our enhanced privacy preserving solution to existing work. Evaluation results show that our solution provides much better ride matching results that are close to the optimal solution, while preserving personalized location privacy for riders.

computer science, information systems,engineering, electrical & electronic, software engineering

Lei Zhang,Shiyi Lin,Chao Wang,Jing Li,Yi Liu,Yue Sun

DOI: https://doi.org/10.1109/jiot.2022.3232504

IF: 10.6

2023-05-09

IEEE Internet of Things Journal

Abstract:Online ride-hailing and navigation (ORHN) is a significant application in location-based services (LBSs). With this application, users can get convenient services in daily travel. However, during the process of ORHN, the user has to confront the violation of personal privacy (such as the initial point, the destination, and the moving path) from the taxi driver or the ride-hailing sharer. Therefore, in order to cope with the problem of privacy violation, in this article, an initial, route, and destination preservation ride system (short for IRDP Ride system) is proposed. In the IRDP Ride system, the initial point, the destination, and the route can be preserved during the process of ORHN, no matter whether the adversary (such as the un-trusted driver or sharer) utilizes the analysis method in the same car (such as the range attack or the segment direction attack). In this article, before elaborating on the IRDP Ride system, two types of methods used for analyzing the initial point and destination were given. Then based on the characteristics of Voronoi and the navigation deviation, three algorithms used in this system for providing privacy preservation service are proposed. In the last part of this article, the IRDP Ride system's security and stability are discussed from the theoretical analysis. At the same time, this system is also verified with several groups of experiments in the real environment to determine the optimization parameters, and then this system is also compared with other similar systems to demonstrate its superiority.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yubin Duan,Guo-Ju Gao,Ming-Jun Xiao,Jie Wu

DOI: https://doi.org/10.1007/s11390-020-0256-1

IF: 1.871

2020-01-01

Journal of Computer Science and Technology

Abstract:With the quick development of the sharing economy, ride-hailing services have been increasingly popular worldwide. Although the service provides convenience for users, one concern from the public is whether the location privacy of passengers would be protected. Service providers (SPs) such as Didi and Uber need to acquire passenger and driver locations before they could successfully dispatch passenger orders. To protect passengers’ privacy based on their requirements, we propose a cloaking region based order dispatch scheme. In our scheme, a passenger sends the SP a cloaking region in which his/her actual location is not distinguishable. The trade-off of the enhanced privacy is the loss of social welfare, i.e., the increase in the overall pick-up distance. To optimize our scheme, we propose to maximize the social welfare under passengers’ privacy requirements. We investigate a bipartite matching based approach. A theoretical bound on the matching performance under specific privacy requirements is shown. Besides passengers’ privacy, we allow drivers to set up their maximum pick-up distance in our extended scheme. The extended scheme could be applied when the number of drivers exceeds the number of passengers. Nevertheless, the global matching based scheme does not consider the interest of each individual passenger. The passengers with low privacy requirements may be matched with drivers far from them. To this end, a pricing scheme including three strategies is proposed to make up for the individual loss by allocating discounts on their riding fares. Extensive experiments on both real-world and synthetic datasets show the efficiency of our scheme.

Meng Li,Jianbo Gao,Zijian Zhang,Liehuang Zhu,Chhagan Lal,Mauro Conti,Mamoun Alazab

DOI: https://doi.org/10.1109/tvt.2022.3225175

IF: 6.8

2023-04-21

IEEE Transactions on Vehicular Technology

Abstract:Ride-Hailing Service (RHS) has drawn plenty of attention as it provides transportation convenience for riders and financial incentives for drivers. Despite these benefits, riders risk the exposure of sensitive location data during ride requesting to an untrusted Ride-Hailing Service Provider (RHSP). Our motivation arises from repetitive matching, i.e., the same driver is repetitively assigned to the same rider. Meanwhile, we introduce a driver exclusion function to protect riders' location privacy. Existing work on privacy-preserving RHS overlooks this function. While Secure Nearest Neighbor (S NN) facilitates efficient matching, the state-of-the-art neglects a collusion attack. To solve this problem, we formally define repetitive matching and strong location privacy, and propose Mnemosyne: privacy-preserving ride matching with collusion-resistant driver exclusion. We extend the simple integration of equality checking and item exclusion to a dynamic integration. We concatenate each prefix of an acceptable identity range to each location code when generating a ride request, i.e., secure mix index. We process each prefix of the driver identity to generate a ride response, i.e., a mix token. We build an indistinguishable Bloom-filter as an index to query the token. When matching riders with drivers, the colluding parties cannot distinguish identity prefixes from location codes. We build a prototype of Mnemosyne based on servers, smartphones, and a real-world dataset. Experimental results demonstrate that Mnemosyne outperforms existing work regarding strong location privacy and computational costs.

telecommunications,engineering, electrical & electronic,transportation science & technology

Srinivas Vivek

DOI: https://doi.org/10.48550/arXiv.2105.04351

2021-05-10

Abstract:A privacy-preserving Context-Aware Publish-Subscribe System (CA-PSS) enables an intermediary (broker) to match the content from a publisher and the subscription by a subscriber based on the current context while preserving confidentiality of the subscriptions and notifications. While a privacy-preserving Ride-Hailing Service (RHS) enables an intermediary (service provider) to match a ride request with a taxi driver in a privacy-friendly manner. In this work, we attack a privacy-preserving CA-PSS proposed by Nabeel et al. (2013), where we show that any entity in the system including the broker can learn the confidential subscriptions of the subscribers. We also attack a privacy-preserving RHS called lpRide proposed by Yu et al. (2019), where we show that any rider/driver can efficiently recover the secret keys of all other riders and drivers. Also, we show that any rider/driver will be able to learn the location of any rider. The attacks are based on our cryptanalysis of the modified Paillier cryptosystem proposed by Nabeel et al. that forms a building block for both the above protocols.

Cryptography and Security

Yubin Duan,Guoju Gao,Mingjun Xiao,Jie Wu

DOI: https://doi.org/10.1109/mass.2019.00023

2019-01-01

Abstract:The ride-hailing system has become popular around the world. The Service Providers (SPs) such as Uber and Didi dispatch passenger orders based on their location information. However, one concern from the public is whether the SPs could protect the location privacy of passengers. In this paper, we propose an order dispatch scheme that could preserve the location privacy of passengers based on their requirements. Our scheme uses cloaking regions in which the SPs cannot distinguish actual locations of passengers. The trade-off is the loss of matching performance or social welfare, i.e., the increase in the overall pick-up distance. We formulate the problem as maximizing the social welfare (or minimizing the overall pick-up distances) under privacy requirements of passengers. A bipartite-matching-based scheme is investigated, and we provide a theoretical bound on the matching performance under specific privacy requirements. Nevertheless, minimizing the overall pick-up distances does not consider the interest of each individual passenger. Passengers with low privacy requirements may be matched with drivers far from them. Therefore, we further propose a pricing scheme that could make up for the individual loss by allocating discounts on their riding fares. Especially, three discount allocation strategies are proposed in this paper. Experiments on both real-world and synthetic datasets show the efficiency of our scheme.

Matthew Tsao,Kaidi Yang,Karthik Gopalakrishnan,Marco Pavone

DOI: https://doi.org/10.48550/arXiv.2202.13305

2022-03-15

Abstract:Data-driven methodologies offer many exciting upsides, but they also introduce new challenges, particularly in the realm of user privacy. Specifically, the way data is collected can pose privacy risks to end users. In many routing services, a single entity (e.g., the routing service provider) collects and manages user trajectory data. When it comes to user privacy, these systems have a central point of failure since users have to trust that this entity will not sell or use their data to infer sensitive private information. Unfortunately, in practice many advertising companies offer to buy such data for the sake of targeted advertisements. With this as motivation, we study the problem of using location data for routing services in a privacy-preserving way. Rather than having users report their location to a central operator, we present a protocol in which users participate in a decentralized and privacy-preserving computation to estimate travel times for the roads in the network in a way that no individuals' location is ever observed by any other party. The protocol uses the Laplace mechanism in conjunction with secure multi-party computation to ensure that it is cryptogrpahically secure and that its output is differentially private. A natural question is if privacy necessitates degradation in accuracy or system performance. We show that if a road has sufficiently high capacity, then the travel time estimated by our protocol is provably close to the ground truth travel time. We validate the protocol through numerical experiments which show that using the protocol as a routing service provides privacy guarantees with minimal overhead to user travel time.

Cryptography and Security,Systems and Control

Haining Yu,Hongli Zhang,Xiaohua Jia,Xiao Chen,Xiangzhan Yu

DOI: https://doi.org/10.1109/tdsc.2021.3130571

2023-01-01

Abstract:Online Ride Hailing (ORH) services gain remarkable development in the past decade, which enable riders and drivers to establish optimized rides via mobile device. To guarantee user safety, ORH service providers often monitor the ride trajectory and report the abnormal behavior once a trajectory deviation occurs. Along with the advantage of safety monitoring raises some vital privacy concerns on user location information leakage. In this paper, we propose a privacy-preserving safety monitoring scheme for ORH services, called pSafety. It enables an ORH service provider to detect user's trajectory deviation without learning anything about users' locations. In pSafety, we propose two secure trajectory similarity computation algorithms by using somewhat homomorphic encryption, which are used to plan an agreed path and measure trajectory deviation, respectively. Furthermore, we also design a ciphertext compression algorithm and a secure comparison protocol to improve efficiency. Theoretical analysis and experimental evaluations show that pSafety is secure, accurate and efficient.

Nigang Sun,Yuxuan Liu,Yuanyi Zhang,Yining Liu

DOI: https://doi.org/10.3390/electronics13204060

IF: 2.9

2024-10-16

Electronics

Abstract:Online ride-hailing services have become a vital component of urban transportation worldwide due to their convenience and flexibility. However, the expansion of their user base has dramatically heightened the risks of user privacy information leakage. Among these risks, the privacy leakage problem caused by the direct correlation between user (driver and passenger) identity information and location-based ride information is of particular concern. This paper proposes a novel privacy protection scheme for ride-hailing services. In this scheme, decentralized identities are employed for user authentication, separating the identity registration service from the ride-hailing platform, thereby preventing the platform from obtaining user privacy data. The scheme also employs a fuzzy matching strategy based on location Points of Interest (POI) and a ciphertext-policy attribute-based hybrid encryption algorithm to hide the user's precise location and restrict access to location information. Crucially, the scheme achieves the complete decoupling of identity registration services and location-based ride services on the ride-hailing platform, ensuring that users' real identities and ride data cannot be directly associated, effectively protecting user privacy. Within the decoupled architecture, regulatory authorities are established to handle emergencies within ride-hailing services. Through simulation experiments and security analysis, this scheme is demonstrated to be both feasible and practical, providing a new privacy protection solution for the ride-hailing industry.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ryan Shah,Shishir Nagaraja

DOI: https://doi.org/10.48550/arXiv.1902.09590

2019-02-26

Abstract:Driverless vehicles are expected to form the foundation of future connected transport infrastructure. A key weakness of connected vehicles is their vulnerability to physical-proximity attacks such as sensor saturation attacks. It is natural to study whether such attacks can be used to disrupt swarms of autonomous vehicles used as part of a large fleet providing taxi and courier delivery services. In this paper, we start to examine the strategic options available to attackers and defenders (autonomous-fleet operators) in such conflicts. We find that attackers have the upper hand in most cases and are able to carry out crippling denial-of-service attacks on fleets, by leveraging the inherent deficiencies of road networks identified by techniques from graph analysis. Experimental results on ten cities using real-world courier traces shows that most cities will require upgraded infrastructure to defend driverless vehicles against denial-of-service attacks. We found several hidden costs that impact equipment designers and operators of driverless vehicles - not least, that road-networks need to be redesigned for robustness against attacks thus raising some fundamental questions about the benefits.

Computer Science and Game Theory,Networking and Internet Architecture

Geoffrey Ding,Alex Berke,Karthik Gopalakrishnan,Kwassi H. Degue,Hamsa Balakrishnan,Max Z. Li

DOI: https://doi.org/10.48550/arXiv.2203.04406

2022-03-04

Cryptography and Security

Abstract:Unmanned aerial vehicles (UAVs), or drones, are increasingly being used to deliver goods from vendors to customers. To safely conduct these operations at scale, drones are required to broadcast position information as codified in remote identification (remote ID) regulations. However, location broadcast of package delivery drones introduces a privacy risk for customers using these delivery services: Third-party observers may leverage broadcast drone trajectories to link customers with their purchases, potentially resulting in a wide range of privacy risks. We propose a probabilistic definition of privacy risk based on the likelihood of associating a customer to a vendor given a package delivery route. Next, we quantify these risks, enabling drone operators to assess privacy risks when planning delivery routes. We then evaluate the impacts of various factors (e.g., drone capacity) on privacy and consider the trade-offs between privacy and delivery wait times. Finally, we propose heuristics for generating routes with privacy guarantees to avoid exhaustive enumeration of all possible routes and evaluate their performance on several realistic delivery scenarios.

Hao Zhou,Yingjie Wu,Sisi Zhong,Zhao Luo,Xiaodong Wang

DOI: https://doi.org/10.1109/icicee.2012.418

2012-01-01

Abstract:The query privacy issue in location-based services (LBS) has recently received considerable attention. To protect the query privacy of users, current state-of-the-art techniques adopt cloaking which cloaks the sender's location to k-anonymized spatial region (ASR), such that an attack based on the sender's location cannot identify the query source with probability larger than 1/k, among other k-1 users. However, these techniques do not consider that these k-1 additional mobile users with different privacy requirements may send request at the same time. In this paper, we propose a new attack model that an adversary who observes all the ASRs at one time can identify the query source with probability larger than 1/k based on prior knowledge of the locations of all users. And we propose our two algorithms, namely, Basic and Adaptive Algorithms, which strengthen the privacy guarantee to defend such inference attack while still support personalized user privacy requirements. We verify the effectiveness of the proposed algorithms by experiments on location data which synthetically generated on real road maps.

Wei Tong,Jingyu Hua,Sheng Zhong

DOI: https://doi.org/10.1109/tifs.2017.2707334

IF: 7.231

2017-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Ridesharing services have gained tremendous popularity in recent years, benefiting the traffic and environment of cities to a large extent. However, with the demand of ridesharing services increasing sharply, serious privacy concerns (e.g., users’ mobility patterns) of ridesharing have become a major barrier against its further development. In this paper, we study the privacy protection of users’ location information in the scheduling of ridesharing services. Based on a state-of-the-art variant of differential privacy, joint differential privacy, we first propose a scheduling protocol for the purpose of protecting users’ location privacy and minimizing vehicle miles in the system. Then, in order to obtain a practical solution, we investigate several techniques to enhance the proposed protocol from both the privacy and efficiency aspects. The privacy of the proposed scheduling protocol is rigorously proven. Furthermore, we extensively evaluate our proposal based on a real-world data set. The analysis and experimental results show that the proposed protocol can achieve joint differential privacy, satisfactory scheduling performance, and reasonable efficiency.