Abstract
The widespread popularity of carpooling services has brought about several privacy concerns, including the collection and use of user location data by service providers. To address these concerns, various carpooling service schemes based on homomorphic encryption have been proposed. TAROT, proposed by Xu et al. (IEEE IOT Journal 2022), aims to be an efficient, accurate, and privacy-preserving carpooling service scheme. In this paper, we show that there is a leakage of location data for users in TAROT. Specifically, we examine a Goldwasser-Micali (homomorphic encryption scheme)-based Equality Determination Algorithm (GMEDA) used in TAROT and propose passive attacks, where honest-but-curious users collude to steal the location information of other users.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Belaïd, S., Coron, J.-S., Fouque, P.-A., Gérard, B., Kammerer, J.-G., Prouff, E.: Improved side-channel analysis of finite-field multiplication. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 395–415. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48324-4_20
Belaïd, S., Fouque, P.-A., Gérard, B.: Side-channel analysis of multiplications in GF(2128). In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 306–325. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_17
Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984). https://doi.org/10.1016/0022-0000(84)90070-9
Kumaraswamy, D., Murthy, S., Vivek, S.: Revisiting driver anonymity in ORide. In: AlTawy, R., Hülsing, A. (eds.) SAC 2021. LNCS, vol. 13203, pp. 25–46. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99277-4_2
Kumaraswamy, D., Vivek, S.: Cryptanalysis of the privacy-preserving ride-hailing service TRACE. In: Adhikari, A., Küsters, R., Preneel, B. (eds.) INDOCRYPT 2021. LNCS, vol. 13143, pp. 462–484. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92518-5_21
Murthy, S., Vivek, S.: Driver locations harvesting attack on pRide. In: Yuan, X., Bai, G., Alcaraz, C., Majumdar, S. (eds.) NSS 2022. LNCS, vol. 13787, pp. 633–648. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-23020-2_36
Murthy, S., Vivek, S.: Passive triangulation attack on ORide. In: Beresford, A.R., Patra, A., Bellini, E. (eds.) CANS 2022. LNCS, vol. 13641, pp. 167–187. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-20974-1_8
Vivek, S.: Attacks on a privacy-preserving publish-subscribe system and a ride-hailing service. In: Paterson, M.B. (ed.) IMACC 2021. LNCS, vol. 13129, pp. 59–71. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92641-0_4
Vivek, S.: Attack on “a privacy-preserving online ride-hailing system without involving a third trusted server”. In: Proceedings of the 18th International Conference on Availability, Reliability and Security, ARES 2023, pp. 59:1–59:3. ACM (2023). https://doi.org/10.1145/3600160.3605040
Xu, Q., Zhu, H., Zheng, Y., Zhao, J., Lu, R., Li, H.: An efficient and privacy-preserving route matching scheme for carpooling services. IEEE Internet Things J. 9(20), 19890–19902 (2022). https://doi.org/10.1109/JIOT.2022.3168661
Yan, Y., Oswald, E., Vivek, S.: An analytic attack against ARX addition exploiting standard side-channel leakage. In: Mori, P., Lenzini, G., Furnell, S. (eds.) Proceedings of the 7th International Conference on Information Systems Security and Privacy, ICISSP 2021, pp. 89–97. SCITEPRESS (2021). https://doi.org/10.5220/0010223600890097
Acknowledgements
This work was funded by the Infosys Foundation Career Development Chair Professorship grant for Srinivas Vivek.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Vargheese, M., Vivek, S. (2023). Attack on the Privacy-Preserving Carpooling Service TAROT. In: Muthukkumarasamy, V., Sudarsan, S.D., Shyamasundar, R.K. (eds) Information Systems Security. ICISS 2023. Lecture Notes in Computer Science, vol 14424. Springer, Cham. https://doi.org/10.1007/978-3-031-49099-6_15
Download citation
DOI: https://doi.org/10.1007/978-3-031-49099-6_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-49098-9
Online ISBN: 978-3-031-49099-6
eBook Packages: Computer ScienceComputer Science (R0)