Presentation is loading. Please wait.

Presentation is loading. Please wait.

PrivateRide: A Privacy-Enhanced Ride-Hailing Service

Published byGeorgina Wade Modified over 6 years ago

Similar presentations

Presentation on theme: "PrivateRide: A Privacy-Enhanced Ride-Hailing Service"— Presentation transcript:

1 PrivateRide: A Privacy-Enhanced Ride-Hailing Service
Anh Pham1, Italo Dacosta1, Bastien Jacot-Guillarmod1, Kévin Huguenin2, Taha Hajar1, Florian Tramèr3, Virgil Gligor4, and Jean-Pierre Hubaux1 1EPFL, 2UNIL, 3Stanford, 4CMU

2 Ride-Hailing Services (RHSs)
Millions of users, billions of rides, hundreds of cities

3 Service providers track riders’ locations

4 Our contributions The first general privacy analysis of RHSs
Identified high-risk threats PrivateRide: the first solution that addresses the identified threats Privacy and performance evaluation of PrivateRide

5 RHS overview Match riders and drivers Compute fares Handle payment
Provide reputation system Service Provider (SP) Internet Some other variations. This is the most common setup. Riders (R) Drivers (D) Request rides Offer rides

6 Threat model SP Honest-but-curious Outsider (O) Active Internet
Riders (R) Drivers (D) Active Active

7 Privacy analysis: high-risk threats
SP tracks riders’ locations Outsider harvests drivers’ PII SP database Rider’s real identity Precise pickup and drop-off locations Precise pickup and drop-off times Full location trace Fare Driver’s real identity SP Internet ID2, Location Y ID1, Location X Closest drivers’ info Cancel Outsider (O)

8 PrivateRide: Goals while preserving: No riders’ location tracking
No drivers’ PII harvesting SP economic incentives Usability Payment and reputation operations Accountability while preserving: PrivateRide

9 Overall protocol SP Ride initiation Alice drives to pick up Bob
Secure channel Proximity channel Rider: Bob (anonymously logged in using an AC) SP Driver: Alice certBob e-cash ACs (1) zone1 certAlice Ride initiation Driver: Dave (1) zone2 certDave (2) zone3, e-cash deposit (3) Match to the closest driver (Alice) (4) Build a secure channel, exchange locations, repBob, generate a PIN Alice drives to pick up Bob (5) Alice’s locations in real time In proximity of the pick-up location (6) Proximity check using PIN (7) Identifying info: vehicle’s info., Alice’s profile picture (8) Build and exchange reputation tokens During the ride (9) loc. b/w zone3 and drop-off zone (11) Charge from deposit (10) Done End of the ride (12a) Anonymously rate Bob (12b) Anonymously rate Alice

10 Protocol analysis: PrivateRide vs. current RHSs
Identities Pick-up loc. Pick-up time Drop-off loc. Drop-off time Loc. trace Fare Current RHSs Rider, Driver Precise Full Yes PrivateRide Driver Zone Obfuscated Partial

11 Evaluation Data-sets Evaluation criteria NYC taxi rides:
Pick-up, drop-off locations and times, drivers’ info. SF Uber rides: Truncated anonymous GPS traces Evaluation criteria Cryptographic overhead Privacy level (k-anonymity) [NYC] Effect of the size of the zones on Fare calculation [SF] Optimality of ride matching [NYC]

12 Cryptographic overhead
A prototype Android1 client ACL2 operations Blind and standard signatures Security parameters: ACL with an EC group of 521 bits and 4096-bit RSA keys ACL with an EC group of 224 bits and 2048-bit RSA keys Negligible w.r.t. waiting time of minutes in RHSs 1 LG G3 (4x2.5 GHz, 2GB RAM) running Android 5.0 2 F. Baldimtsi and A. Lysyanskaya. Anonymous Credentials Light, CCS (2013)

13 Privacy guarantees Measured by k-anonymity
Targeted attack by a powerful SP: Knows the pick-up location and time of a specific rider Wants to know the drop-off location General case: Knows riders’ home/work addresses Wants to profile riders’ activities

14 Privacy guarantees – targeted attacks by powerful SP
For peak hour: 7 PM – 8 PM For least-busy hour: 4 AM – 5 AM For zones of size 600 m x 600 m: 60% of rides has anonymity set ≥ 7 during peak hour 50% of rides has anonymity set ≥ 2 during least-busy hour

15 Conclusions The first analysis about privacy threats in RHSs
The first privacy-enhancing solution for RHSs Negligible delay for ride-hailing operations Enhanced location privacy for riders Harvesting attacks on drivers’ PII are prevented Limitations: Trade-off between anonymity sets and accuracy of ride-matching operations Require riders to obtain e-cash in advance Follow-up work: ORide3 protocol at USENIX Security Symposium 2017 3http://oride.epfl.ch

Download ppt "PrivateRide: A Privacy-Enhanced Ride-Hailing Service"

Similar presentations

Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.

Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.
Dating Portal showcase Copyright © 2007 Credentica Inc. All Rights Reserved. February 15th - 16th, 2007.

Dating Portal showcase Copyright © 2007 Credentica Inc. All Rights Reserved. February 15th - 16th, 2007.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Quantifying Location Privacy: The Case of Sporadic Location Exposure Reza Shokri George Theodorakopoulos George Danezis Jean-Pierre Hubaux Jean-Yves Le.

Quantifying Location Privacy: The Case of Sporadic Location Exposure Reza Shokri George Theodorakopoulos George Danezis Jean-Pierre Hubaux Jean-Yves Le.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Your Presenter Amer Sharaf Electronic Payments: Where do we go from here? ByMarkus Jakobsson David Mraihi Yiannis Tsiounis Moti Yung.

Your Presenter Amer Sharaf Electronic Payments: Where do we go from here? ByMarkus Jakobsson David Mraihi Yiannis Tsiounis Moti Yung.
Link Setup Time (ms) Details : How do sender and receiver synchronize i ? Discovery/binding messages: infrequent and narrow interface  short term linkability.

Link Setup Time (ms) Details : How do sender and receiver synchronize i ? Discovery/binding messages: infrequent and narrow interface  short term linkability.
WiFi-Reports: Improving Wireless Network Selection Jeffrey Pang (CMU) with Ben Greenstein (IRS) Michael Kaminsky (IRP) Damon McCoy (U. Colorado) Srinivasan.

WiFi-Reports: Improving Wireless Network Selection Jeffrey Pang (CMU) with Ben Greenstein (IRS) Michael Kaminsky (IRP) Damon McCoy (U. Colorado) Srinivasan.
APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.

APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.
PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.

PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.
Electronic Payment Systems. Transaction reconciliation –Cash or check.

Electronic Payment Systems. Transaction reconciliation –Cash or check.
Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps Bin Liu (SRA), Bin Liu (CMU), Hongxia Jin (SRA), Ramesh Govindan (USC)

Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps Bin Liu (SRA), Bin Liu (CMU), Hongxia Jin (SRA), Ramesh Govindan (USC)
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.

Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
INTRODUCTION  Soch Solutions has launched an innovative e-queue system for crowd management.  Using the online advance queue web application, visitors.

INTRODUCTION  Soch Solutions has launched an innovative e-queue system for crowd management.  Using the online advance queue web application, visitors.
All Experimenters Meetings Windows 7 Migration 1 April 18, 2011 W7 AEM Presentation.

All Experimenters Meetings Windows 7 Migration 1 April 18, 2011 W7 AEM Presentation.
Quantifying Location Privacy Reza Shokri George Theodorakopoulos Jean-Yves Le Boudec Jean-Pierre Hubaux May 2011.

Quantifying Location Privacy Reza Shokri George Theodorakopoulos Jean-Yves Le Boudec Jean-Pierre Hubaux May 2011.
To place an online order with Red Runner go to: https://ccmobile.fs.cornell.edu:4778/ccweb/Login.aspx https://ccmobile.fs.cornell.edu:4778/ccweb/Login.aspx.

To place an online order with Red Runner go to:
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9 th 2014.

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9 th 2014.

Similar presentations

Ads by Google