In a typical ride-hailing service, the service provider (RS) matches a customer (RC) with the closest vehicle (RV) registered to this service. TRACE is an efficient privacy-preserving ride-hailing service proposed by Wang et al. in 2018. TRACE uses masking along with other cryptographic techniques to ensure efficient and accurate ride-matching. The RS uses masked location information to match RCs and RVs within a quadrant without obtaining their exact locations, thus ensuring privacy. In this work, we disprove the privacy claims in TRACE by showing the following: a) RCs and RVs can identify the secret spatial division maintained by RS (this reveals information about the density of RVs in the region and other potential trade secrets), and b) the RS can identify exact locations of RCs and RVs (this violates location privacy). Prior to exchanging encrypted messages in the TRACE protocol, each entity masks the plaintext message with a secret unknown to others. Our attack allows other entities to recover this plaintext from the masked value by exploiting shared randomness used across different messages, that eventually leads to a system of linear equations in the unknown plaintexts. This holds even when all the participating entities are honest-but-curious. We implement our attack and demonstrate its efficiency and high success rate. For the security parameters recommended for TRACE, an RV can recover the spatial division in less than a minute, and the RS can recover the location of an RV in less than a second on a commodity laptop.
翻译:在典型的乘车便利服务中,服务提供商(RS)将客户(RC)与注册为该服务的最接近的车辆(RV)匹配。TRACE是Wang等人在2018年提出的高效的隐私保护乘车服务。TRACE与其它加密技术一道使用掩蔽技术,以确保高效和准确的乘车搭配。RS使用隐蔽位置信息在一个方格内交换RC和RV的加密信息,而不获得其确切位置,从而确保隐私。在这项工作中,我们通过展示以下信息来证明TRACE的隐私要求:(a)RCS和RV可以识别RS维持的秘密空间划分(这揭示了该区域RV密度和其他潜在贸易秘密的信息),以及(b)RS可以识别其他加密技术,以确保高效。在TRAC协议中交换加密信息之前,每个实体都可以将简便信息与其他人所不知道的秘密信息相掩码。我们的攻击允许其他实体通过利用共享的随机代码来恢复这一隐蔽价值。在STRV的不同信息中,最终在R系统上显示一个不那么高的平坦的里,我们所推荐的安全率可以恢复。