User-Defined Privacy-Preserving Traffic Monitoring Against n-by-1 Jamming Attack

Li, Meng; Zhu, Liehuang; Zhang, Zijian; Lal, Chhagan; Conti, Mauro; Alazab, Mamoun

doi:10.1109/tnet.2022.3157654

Cited by 15 publications

(4 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since we build our RHS system upon Ethereum, both riders and drivers will pay transaction fees and may suffer a varying fee because of ether price's unstable nature. We can alleviate this problem by building a consortium blockchain among ride-hailing companies, insurance companies, transportation departments, and other vehicle-related institutions [59], [60]. Using the consortium blockchain, the miners/stakeholders can set the transaction fee to a fixed and acceptable value.…”

Section: Gas Costs and Monetary Costsmentioning

confidence: 99%

Nereus: Anonymous and Secure Ride-Hailing Service Based on Private Smart Contracts

Chen²,

Lal

et al. 2023

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

Security and privacy issues have become a major hindrance to the broad adoption of Ride-Hailing Services (RHSs). In this article, we introduce a new collusion attack initiated by the Ride-Hailing Service Provider (RHSP) and a driver that could easily link the real riders and their anonymous requests (credentials). Besides this attack, existing work requires heavy computations to execute user matching, and it is challenging for riders to verify matching results. Meanwhile, a malicious driver may cancel an assigned ride order due to its short distance. To address these issues, we present a RHS system named Nereus to support collusion resistance, efficiency, verifiability, and accountability. First, we integrate a smart contract into a Software Guard Extensions (SGX) enclave to establish a private smart contract for collusion resistance. We use a Bloom filter to achieve efficient matching. Second, we leverage privacy-preserving range query and Merkle proofs to make matching results verifiable. Meanwhile, we adopt short group signatures to provide anonymous authentication and deposit commitments to hold the runaway driver accountable. We formally state and prove the security and privacy of Nereus. We build a prototype based on Ethereum and SGX to conduct extensive performance analysis in regard to gas costs, computational costs, and communication overhead. Experimental results show that Nereus significantly improves over existing schemes in terms of computational costs.Index Terms-Ride-hailing services, privacy, collusion attack, private smart contract, SGX Ç INTRODUCTIONT HE development of popular Ride-Hailing Services (RHSs) is spawned by mature cloud computing, wireless communication, and sensor-enriched smartphones. RHSs have been prospering as a global phenomenon over the past decade and offering users (riders and drivers) many benefits.During ride-hailing, user matching is the most important component because it is related to rider's waiting time, driver's income, system efficiency, and the RHSP's profits. To form a ride, the rider and the driver submit ride data to the Ride-Hailing Service Provider (RHSP) for user matching. These data include identity, current location, destination, and requirements, e.g., vehicle brand, driver experience, and driver reputation. Such information correlates with sensitive information about the user, e.g. home, workplace, and propensities. Besides, the RHSP is considered an untrustworthy entity due to cyber attacks or mischievous employees. One report showed that 2.7 million Uber users in the UK were affected by a mass data breach in 2016 [1]. Hence, sharing ride data with the RHSP raises many significant security and privacy concerns [2], [3], [4], [5], [6], [7]. Without careful design, these concerns will hobble to what proves to be a more convenient mode of transportation. In the literature, there are multiple schemes utilizing cryptographic primitives and data structures to achieve privacypreserving RHSs (e.g., ORide [8], DAP-DAD [9], pRide [10], FICA [11], CoRide [12], B...

show abstract

Section: Gas Costs and Monetary Costsmentioning

confidence: 99%

Nereus: Anonymous and Secure Ride-Hailing Service Based on Private Smart Contracts

Chen²,

Lal

et al. 2023

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

show abstract

“…To complete the user matching, riders upload real-time locations to the RHSP. This induces privacy risks [11], [12], [13], [14], [15], [16], [17], [18] since location information is highly related to user activities such as leaving home, dining in an Italian restaurant, and attending a political gathering. To solve this problem, secure k nearest neighbour (SkNN) [19] is proposed.…”

Section: Mnemosyne: Privacy-preserving Ride Matching Withmentioning

confidence: 99%

“…Recall that two projection functions determine a feasible location and two feasible locations determine a feasible area. We select t from [2,4,6,8,10,12,14,16,18,20] and each case of t (t > 2) requires an additional OR than the case of t − 2. For the rider, with the increase of t, she has to compute more feasible locations fl and feasible areas fa, resulting in a large string set Q and a larger new string set Q .…”

Section: Performance By Varying Tmentioning

confidence: 99%

Mnemosyne: Privacy-Preserving Ride Matching With Collusion-Resistant Driver Exclusion

Gao

Zhu

et al. 2023

IEEE Trans. Veh. Technol.

Self Cite

View full text Add to dashboard Cite

Ride-Hailing Service (RHS) has drawn plenty of attention as it provides transportation convenience for riders and financial incentives for drivers. Despite these benefits, riders risk the exposure of sensitive location data during ride requesting to an untrusted Ride-Hailing Service Provider (RHSP). Our motivation arises from repetitive matching, i.e., the same driver is repetitively assigned to the same rider. Meanwhile, we introduce a driver exclusion function to protect riders' location privacy. Existing work on privacy-preserving RHS overlooks this function. While Secure k Nearest Neighbor (SkNN) facilitates efficient matching, the stateof-the-art neglects a collusion attack. To solve this problem, we formally define repetitive matching and strong location privacy, and propose Mnemosyne: privacy-preserving ride matching with collusion-resistant driver exclusion. We extend the simple integration of equality checking and item exclusion to a dynamic integration. We concatenate each prefix of an acceptable identity range to each location code when generating a ride request, i.e., secure mix index. We process each prefix of the driver identity to generate a ride response, i.e., a mix token. We build an indistinguishable Bloom-filter as an index to query the token. When matching riders with drivers, the colluding parties cannot distinguish identity prefixes from location codes. We build a prototype of Mnemosyne

show abstract

“…(1) Data/Index/Token Privacy. From the encrypted data item, index, and token, the adversary cannot learn any useful information about the data, data item's location, query location, and type [25][26][27][28][29]. (2) Obliviousness.…”

Section: Privacymentioning

confidence: 99%

Repetitive, Oblivious, and Unlinkable SkNN Over Encrypted-and-Updated Data on Cloud

Zhang²,

Gao³

et al. 2022

Information and Communications Security

Self Cite

View full text Add to dashboard Cite

Location-Based Services (LBSs) depend on a Service Provider (SP) to store data owners' geospatial data and to process data users' queries. For example, a Yelp user queries the SP to retrieve the k nearest Starbucks by submitting her/his current location. It is wellacknowledged that location privacy is vital to users and several prominent Secure k Nearest Neighbor (SkNN) query processing schemes are proposed. We observe that no prior work addresses the requirement of repetitive query after index update and its privacy issue, i.e., how to match a data item from the cloud repetitively in an oblivious and unlinkable manner. Meanwhile, a malicious SP may skip some data items and recommend others due to unfair competition.In this work, we formally define the repetitive query and its privacy objectives and present an Repetitive, Oblivious, and Unlinkable SkNN scheme ROU. Specifically, we design a multi-level structure to organize locations to further improve search efficiency. Second, we integrate data item identity into the framework of existing SkNN query processing. Data owners encrypt their data item identity and location information into a secure index, and data users encrypt a customized identity range of a previously retrieved data item and location information into a token. Next, the SP uses the token to query the secure index to find the specific data item via privacy-preserving range querying. We formally prove the privacy of ROU in the random oracle model. We build a prototype based on a server to evaluate the performance with a real-world dataset.

show abstract

User-Defined Privacy-Preserving Traffic Monitoring Against n-by-1 Jamming Attack

Cited by 15 publications

References 37 publications

Nereus: Anonymous and Secure Ride-Hailing Service Based on Private Smart Contracts

Nereus: Anonymous and Secure Ride-Hailing Service Based on Private Smart Contracts

Mnemosyne: Privacy-Preserving Ride Matching With Collusion-Resistant Driver Exclusion

Repetitive, Oblivious, and Unlinkable SkNN Over Encrypted-and-Updated Data on Cloud

Contact Info

Product

Resources

About