Attacks on a Privacy-Preserving Publish-Subscribe System and a Ride-Hailing Service

A privacy-preserving Context-Aware Publish-Subscribe System (CA-PSS) enables an intermediary (broker) to match the content from a publisher and the subscription by a subscriber based on the current context while preserving confidentiality of the subscriptions and notifications. While a privacy-preserving Ride-Hailing Service (RHS) enables an intermediary (service provider) to match a ride request with a taxi driver in a privacy-friendly manner. In this work, we attack a privacy-preserving CA-PSS proposed by Nabeel et al. (2013), where we show that any entity in the system including the broker can learn the confidential subscriptions of the subscribers. We also attack a privacypreserving RHS called lpRide proposed by Yu et al. (2019), where we show that any rider/driver can efficiently recover the secret keys of all other riders and drivers. Also, we show that any rider/driver will be able to learn the location of any rider. The attacks are based on our cryptanalysis of the modified Paillier cryptosystem proposed by Nabeel et al. that forms a building block for both the above protocols.

[1]  Cyrus Shahabi,et al.  A Road Network Embedding Technique for K-Nearest Neighbor Search in Moving Object Databases , 2003, GeoInformatica.

[2]  Mohamed Baza,et al.  B-Ride: Ride Sharing With Privacy-Preservation, Trust and Fair Payment Atop Public Blockchain , 2019, IEEE Transactions on Network Science and Engineering.

[3]  Giovanni Russello,et al.  Collusion Defender: Preserving Subscribers’ Privacy in Publish and Subscribe Systems , 2019, IEEE Transactions on Dependable and Secure Computing.

[4]  Xiaohua Jia,et al.  pRide: Privacy-Preserving Ride Matching Over Road Networks for Online Ride-Hailing Service , 2019, IEEE Transactions on Information Forensics and Security.

[5]  Fenghua Li,et al.  Privacy-Preserving Partner Selection for Ride-Sharing Services , 2018, IEEE Transactions on Vehicular Technology.

[6]  Elisa Bertino,et al.  Attribute Based Group Key Management , 2014, Trans. Data Priv..

[7]  Elisa Bertino,et al.  Privacy Preserving Context Aware Publish Subscribe Systems 2013-1 , 2013 .

[8]  Jean-Pierre Hubaux,et al.  ORide: A Privacy-Preserving yet Accountable Ride-Hailing Service , 2017, USENIX Security Symposium.

[9]  Jiangang Shu,et al.  lpRide: Lightweight and Privacy-Preserving Ride Matching Over Road Networks in Online Ride Hailing Systems , 2019, IEEE Transactions on Vehicular Technology.

[10]  Hongli Zhang,et al.  PSRide: Privacy-Preserving Shared Ride Matching for Online Ride Hailing Systems , 2021, IEEE Transactions on Dependable and Secure Computing.

[11]  Rongxing Lu,et al.  Efficient and Privacy-Preserving Dynamic Spatial Query Scheme for Ride-Hailing Services , 2018, IEEE Transactions on Vehicular Technology.

[12]  Elisa Bertino,et al.  Efficient privacy preserving content based publish subscribe systems , 2012, SACMAT '12.

[13]  Selected Areas in Cryptography: 27th International Conference, Halifax, NS, Canada (Virtual Event), October 21-23, 2020, Revised Selected Papers , 2021, SAC.

[14]  Cyrus Shahabi,et al.  A Road Network Embedding Technique for K-Nearest Neighbor Search in Moving Object Databases , 2002, GIS '02.

[15]  Elisa Bertino,et al.  Privacy Preserving Context Aware Publish Subscribe Systems , 2013, NSS.

[16]  Jean-Pierre Hubaux,et al.  PrivateRide: A Privacy-Enhanced Ride-Hailing Service , 2017, Proc. Priv. Enhancing Technol..

[17]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.