Nereus: Anonymous and Secure Ride-Hailing Service based on Private Smart Contracts

Meng Li, Yifei Chen, Chhagan Lal, Mauro Conti, Fabio Martinelli, Mamoun Alazab

    Research output: Contribution to journalArticlepeer-review

    Abstract

    Security and privacy issues have become a major hindrance to the broad adoption of Ride-Hailing Services (RHSs). In this article, we introduce a new collusion attack initiated by the Ride-Hailing Service Provider (RHSP) and a driver that could easily link the real riders and their anonymous requests (credentials). Besides this attack, existing work requires heavy computations to execute user matching, and it is challenging for riders to verify matching results. Meanwhile, a malicious driver may cancel an assigned ride order due to its short distance. To address these issues, we present a RHS system named Nereus to support collusion resistance, efficiency, verifiability, and accountability. First, we integrate a smart contract into a Software Guard Extensions (SGX) enclave to establish a private smart contract for collusion resistance. We use a Bloom filter to achieve efficient matching. Second, we leverage privacy-preserving range query and Merkle proofs to make matching results verifiable. Meanwhile, we adopt short group signatures to provide anonymous authentication and deposit commitments to hold the runaway driver accountable. We formally state and prove the security and privacy of Nereus. We build a prototype based on Ethereum and SGX to conduct extensive performance analysis in regard to gas costs, computational costs, and communication overhead. Experimental results show that Nereus significantly improves over existing schemes in terms of computational costs.

    Original languageEnglish
    Pages (from-to)2849-2866
    Number of pages18
    JournalIEEE Transactions on Dependable and Secure Computing
    Volume20
    Issue number4
    Early online date2022
    DOIs
    Publication statusPublished - 1 Jul 2023

    Cite this