Attacks on a Privacy-Preserving Publish-Subscribe System and a Ride-Hailing Service

TL;DR

This paper demonstrates vulnerabilities in privacy-preserving publish-subscribe and ride-hailing systems, revealing that entities can learn confidential information and recover secret keys through cryptanalysis of the underlying cryptosystem.

Contribution

It provides the first cryptanalysis of the modified Paillier cryptosystem used in these privacy-preserving systems, exposing critical security flaws.

Findings

Confidential subscriptions can be learned by any entity in CA-PSS.

Secret keys of all riders and drivers can be recovered in lpRide.

Any rider can learn the location of any other rider.

Abstract

A privacy-preserving Context-Aware Publish-Subscribe System (CA-PSS) enables an intermediary (broker) to match the content from a publisher and the subscription by a subscriber based on the current context while preserving confidentiality of the subscriptions and notifications. While a privacy-preserving Ride-Hailing Service (RHS) enables an intermediary (service provider) to match a ride request with a taxi driver in a privacy-friendly manner. In this work, we attack a privacy-preserving CA-PSS proposed by Nabeel et al. (2013), where we show that any entity in the system including the broker can learn the confidential subscriptions of the subscribers. We also attack a privacy-preserving RHS called lpRide proposed by Yu et al. (2019), where we show that any rider/driver can efficiently recover the secret keys of all other riders and drivers. Also, we show that any rider/driver will be able to learn the location of any rider. The attacks are based on our cryptanalysis of the modified Paillier cryptosystem proposed by Nabeel et al. that forms a building block for both the above protocols.