Comments on "A Privacy-Preserving Online Ride-Hailing System Without Involving a Third Trusted Server"
Srinivas Vivek
TL;DR
This paper critically analyzes a recent privacy-preserving ride-hailing protocol and reveals a passive attack that compromises rider and driver location privacy, highlighting vulnerabilities in the proposed system.
Contribution
It identifies a passive attack on Xie et al.'s protocol, demonstrating how the SP can recover sensitive location data, exposing privacy flaws.
Findings
The attack allows full recovery of rider locations.
Driver locations can also be fully exposed.
The protocol has significant privacy vulnerabilities.
Abstract
Recently, Xie et al. (IEEE Transactions on Information Forensics and Security, vol. 16, pp. 3068-3081, 2021) proposed a privacy-preserving Online Ride-Hailing (ORH) protocol that does not make use of a trusted third-party server. The primary goal of such privacy-preserving ORH protocols is to ensure the privacy of riders' and drivers' location data w.r.t. the ORH Service Provider (SP). In this note, we demonstrate a passive attack by the SP in the protocol of Xie et al. that enables it to completely recover the location of the rider as well as that of the responding drivers in each and every ride request query.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy-Preserving Technologies in Data · Vehicular Ad Hoc Networks (VANETs) · Human Mobility and Location-Based Analysis