Attack on the Privacy-Preserving Carpooling Service TAROT

Vargheese, Meghana; Vivek, Srinivas

doi:10.1007/978-3-031-49099-6_15

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14424))

Included in the following conference series:

International Conference on Information Systems Security

331 Accesses

Abstract

The widespread popularity of carpooling services has brought about several privacy concerns, including the collection and use of user location data by service providers. To address these concerns, various carpooling service schemes based on homomorphic encryption have been proposed. TAROT, proposed by Xu et al. (IEEE IOT Journal 2022), aims to be an efficient, accurate, and privacy-preserving carpooling service scheme. In this paper, we show that there is a leakage of location data for users in TAROT. Specifically, we examine a Goldwasser-Micali (homomorphic encryption scheme)-based Equality Determination Algorithm (GMEDA) used in TAROT and propose passive attacks, where honest-but-curious users collude to steal the location information of other users.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 59.99; Price excludes VAT (USA)

Softcover Book: USD 79.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Belaïd, S., Coron, J.-S., Fouque, P.-A., Gérard, B., Kammerer, J.-G., Prouff, E.: Improved side-channel analysis of finite-field multiplication. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 395–415. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48324-4_20
Chapter Google Scholar
Belaïd, S., Fouque, P.-A., Gérard, B.: Side-channel analysis of multiplications in GF(2¹²⁸). In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 306–325. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_17
Chapter MATH Google Scholar
Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984). https://doi.org/10.1016/0022-0000(84)90070-9
Kumaraswamy, D., Murthy, S., Vivek, S.: Revisiting driver anonymity in ORide. In: AlTawy, R., Hülsing, A. (eds.) SAC 2021. LNCS, vol. 13203, pp. 25–46. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99277-4_2
Chapter Google Scholar
Kumaraswamy, D., Vivek, S.: Cryptanalysis of the privacy-preserving ride-hailing service TRACE. In: Adhikari, A., Küsters, R., Preneel, B. (eds.) INDOCRYPT 2021. LNCS, vol. 13143, pp. 462–484. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92518-5_21
Chapter Google Scholar
Murthy, S., Vivek, S.: Driver locations harvesting attack on pRide. In: Yuan, X., Bai, G., Alcaraz, C., Majumdar, S. (eds.) NSS 2022. LNCS, vol. 13787, pp. 633–648. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-23020-2_36
Chapter Google Scholar
Murthy, S., Vivek, S.: Passive triangulation attack on ORide. In: Beresford, A.R., Patra, A., Bellini, E. (eds.) CANS 2022. LNCS, vol. 13641, pp. 167–187. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-20974-1_8
Chapter Google Scholar
Vivek, S.: Attacks on a privacy-preserving publish-subscribe system and a ride-hailing service. In: Paterson, M.B. (ed.) IMACC 2021. LNCS, vol. 13129, pp. 59–71. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92641-0_4
Chapter MATH Google Scholar
Vivek, S.: Attack on “a privacy-preserving online ride-hailing system without involving a third trusted server”. In: Proceedings of the 18th International Conference on Availability, Reliability and Security, ARES 2023, pp. 59:1–59:3. ACM (2023). https://doi.org/10.1145/3600160.3605040
Xu, Q., Zhu, H., Zheng, Y., Zhao, J., Lu, R., Li, H.: An efficient and privacy-preserving route matching scheme for carpooling services. IEEE Internet Things J. 9(20), 19890–19902 (2022). https://doi.org/10.1109/JIOT.2022.3168661
Yan, Y., Oswald, E., Vivek, S.: An analytic attack against ARX addition exploiting standard side-channel leakage. In: Mori, P., Lenzini, G., Furnell, S. (eds.) Proceedings of the 7th International Conference on Information Systems Security and Privacy, ICISSP 2021, pp. 89–97. SCITEPRESS (2021). https://doi.org/10.5220/0010223600890097

Download references

Acknowledgements

This work was funded by the Infosys Foundation Career Development Chair Professorship grant for Srinivas Vivek.

Author information

Authors and Affiliations

IIIT Bangalore, Bengaluru, India
Meghana Vargheese & Srinivas Vivek

Authors

Meghana Vargheese
View author publications
You can also search for this author in PubMed Google Scholar
Srinivas Vivek
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Meghana Vargheese .

Editor information

Editors and Affiliations

Griffith University, Gold Coast, QLD, Australia
Vallipuram Muthukkumarasamy
Centre for Development of Advanced Computing (C-DAC), Bangalore, India
Sithu D. Sudarsan
Indian Institute of Technology Bombay, Mumbai, India
Rudrapatna K. Shyamasundar

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Vargheese, M., Vivek, S. (2023). Attack on the Privacy-Preserving Carpooling Service TAROT. In: Muthukkumarasamy, V., Sudarsan, S.D., Shyamasundar, R.K. (eds) Information Systems Security. ICISS 2023. Lecture Notes in Computer Science, vol 14424. Springer, Cham. https://doi.org/10.1007/978-3-031-49099-6_15

Download citation

DOI: https://doi.org/10.1007/978-3-031-49099-6_15
Published: 09 December 2023
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-49098-9
Online ISBN: 978-3-031-49099-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Attack on the Privacy-Preserving Carpooling Service TAROT