PrivateRide: A Privacy-Enhanced Ride-Hailing Service

Abstract In the past few years, we have witnessed a rise in the popularity of ride-hailing services (RHSs), an online marketplace that enables accredited drivers to use their own cars to drive ride-hailing users. Unlike other transportation services, RHSs raise significant privacy concerns, as providers are able to track the precise mobility patterns of millions of riders worldwide. We present the first survey and analysis of the privacy threats in RHSs. Our analysis exposes high-risk privacy threats that do not occur in conventional taxi services. Therefore, we propose PrivateRide, a privacy-enhancing and practical solution that offers anonymity and location privacy for riders, and protects drivers’ information from harvesting attacks. PrivateRide lowers the high-risk privacy threats in RHSs to a level that is at least as low as that of many taxi services. Using real data-sets from Uber and taxi rides, we show that PrivateRide significantly enhances riders’ privacy, while preserving tangible accuracy in ride matching and fare calculation, with only negligible effects on convenience. Moreover, by using our Android implementation for experimental evaluations, we show that PrivateRide’s overhead during ride setup is negligible. In short, we enable privacy-conscious riders to achieve levels of privacy that are not possible in current RHSs and even in some conventional taxi services, thereby offering a potential business differentiator.

[1]  Anna Lysyanskaya,et al.  Anonymous credentials light , 2013, IACR Cryptol. ePrint Arch..

[2]  Kevin Fu,et al.  Privacy for Public Transportation , 2006, Privacy Enhancing Technologies.

[3]  Charles V. Wright,et al.  Inference Attacks on Property-Preserving Encrypted Databases , 2015, CCS.

[4]  Frank Dürr,et al.  A classification of location privacy attacks and approaches , 2012, Personal and Ubiquitous Computing.

[5]  Christo Wilson,et al.  Peeking Beneath the Hood of Uber , 2015, Internet Measurement Conference.

[6]  Carmela Troncoso,et al.  PrETP: Privacy-Preserving Electronic Toll Pricing , 2010, USENIX Security Symposium.

[7]  Patrick Murphy,et al.  Using Bluetooth for short-term ad hoc connections between moving vehicles: a feasibility study , 2002, Vehicular Technology Conference. IEEE 55th Vehicular Technology Conference. VTC Spring 2002 (Cat. No.02CH37367).

[8]  Sébastien Gambs,et al.  Towards privacy-driven design of a dynamic carpooling system , 2014, Pervasive Mob. Comput..

[9]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[10]  Jean-Pierre Hubaux,et al.  Secure and private proofs for location-based activity summaries in urban areas , 2014, UbiComp.

[11]  Ming Li,et al.  FindU: Privacy-preserving personal profile matching in mobile social networks , 2011, 2011 Proceedings IEEE INFOCOM.

[12]  Christof Paar,et al.  Efficient E-Cash in Practice: NFC-Based Payments for Public Transportation Systems , 2013, Privacy Enhancing Technologies.

[13]  Jan Camenisch,et al.  An Efficient Electronic Payment System Protecting Privacy , 1994, ESORICS.

[14]  Philippe Golle,et al.  On the Anonymity of Home/Work Location Pairs , 2009, Pervasive.

[15]  Andreu Pere Isern-Deyà,et al.  A Secure Automatic Fare Collection System for Time-Based or Distance-Based Services with Revocable Anonymity for Users , 2013, Comput. J..

[16]  Carmela Troncoso,et al.  PriPAYD: Privacy-Friendly Pay-As-You-Drive Insurance , 2011, IEEE Transactions on Dependable and Secure Computing.

[17]  Xue Liu,et al.  Location Cheating: A Security Challenge to Location-Based Social Network Services , 2011, 2011 31st International Conference on Distributed Computing Systems.

[18]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[19]  Nicolas Desmoulins,et al.  A Practical Set-Membership Proof for Privacy-Preserving NFC Mobile Ticketing , 2015, Proc. Priv. Enhancing Technol..

[20]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[21]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[22]  Yehuda Lindell,et al.  Security Against Covert Adversaries: Efficient Protocols for Realistic Adversaries , 2007, Journal of Cryptology.

[23]  Marco Gruteser,et al.  USENIX Association , 1992 .

[24]  Andrew J. Blumberg,et al.  VPriv: Protecting Privacy in Location-Based Vehicular Services , 2009, USENIX Security Symposium.

[25]  Hovav Shacham,et al.  The Phantom Tollbooth: Privacy-Preserving Electronic Toll Collection in the Presence of Driver Collusion , 2011, USENIX Security Symposium.

[26]  Ran Canetti,et al.  Studies in secure multiparty computation and applications , 1995 .