Comments on "A Privacy-Preserving Online Ride-Hailing System Without Involving a Third Trusted Server"
This exposes a critical vulnerability in a privacy system for ride-hailing users, highlighting incremental security flaws.
The authors identified a passive attack by the service provider in an existing privacy-preserving online ride-hailing protocol, allowing complete recovery of rider and driver locations in every query.
Recently, Xie et al. (IEEE Transactions on Information Forensics and Security, vol. 16, pp. 3068-3081, 2021) proposed a privacy-preserving Online Ride-Hailing (ORH) protocol that does not make use of a trusted third-party server. The primary goal of such privacy-preserving ORH protocols is to ensure the privacy of riders' and drivers' location data w.r.t. the ORH Service Provider (SP). In this note, we demonstrate a passive attack by the SP in the protocol of Xie et al. that enables it to completely recover the location of the rider as well as that of the responding drivers in each and every ride request query.