geo locating drivers a study of sensitive data leakage in
play

Geo-locating Drivers: A Study of Sensitive Data Leakage in - PowerPoint PPT Presentation

Oct 05, 2022 •174 likes •995 views

Computer Security Laboratory Geo-locating Drivers: A Study of Sensitive Data Leakage in Ride-Hailing Services Qingchuan Zhao , Chaoshun Zuo , Giancarlo Pellegrino , Zhiqiang Lin The Ohio State University CISPA Helmholtz

  1. Computer Security Laboratory Geo-locating Drivers: A Study of Sensitive Data Leakage in Ride-Hailing Services Qingchuan Zhao ∗ , Chaoshun Zuo ∗ , Giancarlo Pellegrino †‡ , Zhiqiang Lin ∗ ∗ The Ohio State University † CISPA Helmholtz Center for Information Security ‡ Stanford University NDSS 2019 T HE O HIO S TATE U NIVRESITY

  2. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References What is Ride-Hailing Service? 2 / 27

  3. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References What is Ride-Hailing Service? Rider App Driver App 2 / 27

  4. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References What is Ride-Hailing Service? Backend Servers Rider App Driver App 2 / 27

  5. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References What is Ride-Hailing Service? Rider Driver GPS,PII GPS, PII Backend Servers Rider App Driver App 2 / 27

  6. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References Concerns with Driver’s Security 3 / 27

  7. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References A Simplified Protocol Rider App Backend Servers Driver App 4 / 27

  8. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References A Simplified Protocol Rider App Backend Servers Driver App driver positions 4 / 27

  9. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References A Simplified Protocol Rider App Backend Servers Driver App driver positions login token 4 / 27

  10. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References A Simplified Protocol Rider App Backend Servers Driver App driver positions login token rider position nearby cars, est costs 4 / 27

  11. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References A Simplified Protocol Rider App Backend Servers Driver App driver positions login token rider position nearby cars, est costs request ride accept ride? yes driver, $, pickup location 4 / 27

  12. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References The Nearby Cars API Rider App Backend Servers login token rider position nearby cars, est costs request ride driver, $, pickup location 5 / 27

  13. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References The Nearby Cars API Rider App Backend Servers login token rider position nearby cars, est costs request ride driver, $, pickup location 5 / 27

  14. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References The Nearby Cars API Rider App Backend Servers login token rider position nearby cars, est costs request ride Pham et al. 2017, PoPETs driver, $, pickup location 5 / 27

  15. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References The Nearby Cars API Rider App Backend Servers login token rider position nearby cars, est costs request ride driver, $, pickup location 5 / 27

  16. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References The Nearby Cars API GET /nearby-cars?lat=33.7114&lng=151.1321 HTTP/1.1 … HTTP/1.1 200 OK Content-type: application/json ... { "cars": [ { "id" : "509AE827", "positions": [ { "GPS": "-33.7100 / 151.1342", "t" : "15259620050000" }, { "GPS": "-33.7300 / 151.1200", "t" : "15259620060000" }, ... }, { "id" : "6F09E2AA", ... }, ... } 5 / 27

  17. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References The Nearby Cars API The Research Questions 1 Private Info Leakage ◮ Direct PII of Drivers ◮ Movement of Drivers ◮ Working Patterns of Drivers ◮ Appeared Locations of Drivers 2 Business Info Leakage ◮ Dual-Apping Driver ◮ Driver Preference ◮ # Drivers (Local or Global) ◮ Operation Performance 5 / 27

  18. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References App Selection Service Name #Downloads APK Obfus? Uber 100+ millions ✔ Easy 10+ millions ✔ Gett 10+ millions ✔ Lyft 10+ millions ✔ myTaxi 5+ millions ✔ Taxify 5+ millions ✗ BiTaksi 1+ millions ✔ Heetch 1+ millions ✔ Jeeny 500+ thousands ✔ Flywheel 100+ thousands ✗ GoCatch 100+ thousands ✔ miCab 100+ thousands ✗ RideAustin 100+ thousands ✗ Ztrip 100+ thousands ✔ eCab 50+ thousands ✔ GroundLink 10+ thousands ✗ HelloCabs 10+ thousands ✗ Ride LA 10+ thousands ✗ Bounce 10+ thousands ✗ DC Taxi Rider 5+ thousands ✔ 6 / 27

  19. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References App Selection Service Name #Downloads APK Obfus? Uber 100+ millions ✔ Easy 10+ millions ✔ Gett 10+ millions ✔ Lyft 10+ millions ✔ myTaxi 5+ millions ✔ Taxify 5+ millions ✗ BiTaksi 1+ millions ✔ Heetch 1+ millions ✔ Jeeny 500+ thousands ✔ Flywheel 100+ thousands ✗ GoCatch 100+ thousands ✔ miCab 100+ thousands ✗ RideAustin 100+ thousands ✗ Ztrip 100+ thousands ✔ eCab 50+ thousands ✔ GroundLink 10+ thousands ✗ HelloCabs 10+ thousands ✗ Ride LA 10+ thousands ✗ Bounce 10+ thousands ✗ DC Taxi Rider 5+ thousands ✔ 6 / 27

  20. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References App Selection Service Name #Downloads APK Obfus? Uber 100+ millions ✔ Easy 10+ millions ✔ Gett 10+ millions ✔ Lyft 10+ millions ✔ myTaxi 5+ millions ✔ Taxify 5+ millions ✗ BiTaksi 1+ millions ✔ Heetch 1+ millions ✔ Jeeny 500+ thousands ✔ Flywheel 100+ thousands ✗ GoCatch 100+ thousands ✔ miCab 100+ thousands ✗ RideAustin 100+ thousands ✗ Ztrip 100+ thousands ✔ eCab 50+ thousands ✔ GroundLink 10+ thousands ✗ HelloCabs 10+ thousands ✗ Ride LA 10+ thousands ✗ Bounce 10+ thousands ✗ DC Taxi Rider 5+ thousands ✔ 6 / 27

  21. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References App Selection Service Name #Downloads APK Obfus? Uber 100+ millions ✔ Easy 10+ millions ✔ Gett 10+ millions ✔ Lyft 10+ millions ✔ myTaxi 5+ millions ✔ Taxify 5+ millions ✗ BiTaksi 1+ millions ✔ Heetch 1+ millions ✔ Jeeny 500+ thousands ✔ Flywheel 100+ thousands ✗ GoCatch 100+ thousands ✔ miCab 100+ thousands ✗ RideAustin 100+ thousands ✗ Ztrip 100+ thousands ✔ eCab 50+ thousands ✔ GroundLink 10+ thousands ✗ HelloCabs 10+ thousands ✗ Ride LA 10+ thousands ✗ Bounce 10+ thousands ✗ DC Taxi Rider 5+ thousands ✔ 6 / 27

  22. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References A Running Example GET /v1/nearby-drivers-pickup-etas? lat=10.10&lng=-10.10 HTTP/1.1 Authorization: Bearer dmGtpMx1qCKeA HTTP/1.1 200 OK Content-type: application/json { "nearby_drivers":[ { ... "driver":{ ... }, "locations":[ { "lat":10.10, "lng":-10.10, "recorded_at_ms":1234 }, ... ] }, { ... "driver":{ ... }, ... } (c) Nearby Cars API 7 / 27

  23. Introduction Methodology and Tool Security Analysis Vulnerabilities Discussions Related Work Conclusion References A Running Example GET /v1/nearby-drivers-pickup-etas? lat=10.10&lng=-10.10 HTTP/1.1 Authorization: Bearer dmGtpMx1qCKeA HTTP/1.1 200 OK Content-type: application/json { "nearby_drivers":[ { ... "driver":{ ... }, "locations":[ { "lat":10.10, "lng":-10.10, "recorded_at_ms":1234 }, ... ] }, { ... "driver":{ ... }, ... } (c) Nearby Cars API 7 / 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Geo-locating Drivers: A Study of Sensitive Data Leakage in Ride-Hailing Services Qingchuan Zhao

Geo-locating Drivers: A Study of Sensitive Data Leakage in Ride-Hailing Services Qingchuan Zhao

Geo-locating Drivers: A Study of Sensitive Data Leakage in Ride-Hailing Services Qingchuan Zhao , Chaoshun Zuo , Giancarlo Pellegrino , Zhiqiang Lin The Ohio State University CISPA Helmholtz Center for Information

478 views • 15 slides
The Water Detective Q-Leak is a sensitive leakage detector which can be placed anywhere water

The Water Detective Q-Leak is a sensitive leakage detector which can be placed anywhere water

The Water Detective Q-Leak is a sensitive leakage detector which can be placed anywhere water leakage can occur . To prevent leakage-related damages it sends an alert whenever water is detected. The device also visualizes its status on the online

234 views • 10 slides
Leakage-Resilient Cryptography with Key Derived from Sensitive Data Konrad Durnoga, Stefan

Leakage-Resilient Cryptography with Key Derived from Sensitive Data Konrad Durnoga, Stefan

Leakage-Resilient Cryptography with Key Derived from Sensitive Data Konrad Durnoga, Stefan Dziembowski, Tomasz Kazana, Micha Zaj c , Maciej Zdanowicz Estonian Computer Science Theory Days Jekla 2-4.10.2015 Computers can be

542 views • 32 slides
A6: Sensitive Data Exposure A6 Sensitive Data Exposure Sensitive data stored or transmitted

A6: Sensitive Data Exposure A6 Sensitive Data Exposure Sensitive data stored or transmitted

A6: Sensitive Data Exposure A6 Sensitive Data Exposure Sensitive data stored or transmitted insecurely Failure to protect all sensitive data Usernames, passwords, password hashes, credit-card information, identity info Session

415 views • 17 slides
How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research

How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research

How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research Silicon Valley Protecting Sensitive Computations from Leakage/Side-Channel Attacks Sensitive computations: Cryptographic Algorithms Secret Key

232 views • 20 slides
Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1:

Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1:

SAC Summer School 2019 Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1: ORAM simulation Store and simulate data structure with ORAM General-purpose Zero-leakage (if data is transformed

1.29k views • 60 slides
Protecting Sensitive Data Implementation of a Sensitive Data Manager Recommendation Briefed

Protecting Sensitive Data Implementation of a Sensitive Data Manager Recommendation Briefed

Protecting Sensitive Data Implementation of a Sensitive Data Manager Recommendation Briefed Presidents Executive Council on 13 Jan: recommended to proceed with deploying a Sensitive Data Manager tool on all UND owned computers to

321 views • 6 slides
Understanding Modern Device Drivers Why study device drivers? Linux drivers constitute ~5

Understanding Modern Device Drivers Why study device drivers? Linux drivers constitute ~5

3/6/12 Understanding Modern Device Drivers Why study device drivers? Linux drivers constitute ~5 million LOC and 70% of kernel Little exposure to this breadth of driver code from research Better understanding of drivers can lead to

484 views • 14 slides
Sensitive / Proprietary Sensitive / Proprietary Study Area Characteristics Four Bridge

Sensitive / Proprietary Sensitive / Proprietary Study Area Characteristics Four Bridge

Sensitive / Proprietary Sensitive / Proprietary Study Area Characteristics Four Bridge Crossings Env. Justice/Historic areas IN and KY sides are distinct IN to KY travel dominates 2.5:1 AM Peak Hour (EB) KY to IN travel

293 views • 25 slides
Agenda 1. Introductions 2. The Need to Develop Local Economies 3. Economic Leakage Study -

Agenda 1. Introductions 2. The Need to Develop Local Economies 3. Economic Leakage Study -

03/10/2014 Economic Leakage Studies CANDO Conference, September 23, 2014 Agenda 1. Introductions 2. The Need to Develop Local Economies 3. Economic Leakage Study - Described 4. Strategies from Findings 5. Closing Remarks 1 03/10/2014

586 views • 35 slides
Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional

Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional

Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional Account Director Arcom Digital < HOME Digital Leakage Outline Digital Leakage Traditional Leakage LTE Ingress and Egress issues

877 views • 68 slides
Understanding the Safety and Mobility Needs of Tomorrows Older Drivers The LongROAD Study

Understanding the Safety and Mobility Needs of Tomorrows Older Drivers The LongROAD Study

Understanding the Safety and Mobility Needs of Tomorrows Older Drivers The LongROAD Study Diana Imondi AAA Northeast April 2018 The LongROAD Study The LongROAD (Longitudinal Research on Aging Drivers) study: Will generate the largest

351 views • 18 slides
Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

SAC Summer School 2019 Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions allow us to prove that our schemes achieve a certain leakage profile but doesnt tell us if a leakage profile is

477 views • 22 slides
Postsecondary Data Reporting August 4, 2020 Objectives MI School Data and locating

Postsecondary Data Reporting August 4, 2020 Objectives MI School Data and locating

Postsecondary Data Reporting August 4, 2020 Objectives MI School Data and locating postsecondary reports Learn how to create reports specific to your IHE Answer questions like: o How many college transfers occur in/out of Michigan

467 views • 24 slides
Apps data data data learning Locality Filtering PageRank, Recommen sensitive data SVM

Apps data data data learning Locality Filtering PageRank, Recommen sensitive data SVM

High dim. Graph Infinite Machine Apps data data data learning Locality Filtering PageRank, Recommen sensitive data SVM SimRank der systems hashing streams Community Web Decision Association Clustering Detection advertising

1.61k views • 62 slides
Apps data data data learning Locality Filtering PageRank, Recommen sensitive data SVM

Apps data data data learning Locality Filtering PageRank, Recommen sensitive data SVM

High dim. Graph Infinite Machine Apps data data data learning Locality Filtering PageRank, Recommen sensitive data SVM SimRank der systems hashing streams Network Web Decision Association Clustering Analysis advertising

1.36k views • 110 slides
1 Peter Series Lesson #105 September 14, 2017 Dean Bible Ministries www.deanbibleministries.org

1 Peter Series Lesson #105 September 14, 2017 Dean Bible Ministries www.deanbibleministries.org

1 Peter Series Lesson #105 September 14, 2017 Dean Bible Ministries www.deanbibleministries.org Dr. Robert L. Dean, Jr. C HRIST S E XAMPLE OF U NJUST S UFFERING S UBSTITUTIONARY A TONEMENT 1 P ETER 3:18 1 Pet. 3:18, For Christ also

578 views • 38 slides
Trade-offs between nutrient and predator effects conceal the influence of canals on snails

Trade-offs between nutrient and predator effects conceal the influence of canals on snails

Trade-offs between nutrient and predator effects conceal the influence of canals on snails Clifton B. Ruehl & Joel C. Trexler Department of Biological Sciences Florida International University Miami, FL Canals: Panama canal Louisiana

479 views • 47 slides
The effect of on the Sculptor dSph* Giuliano Iorio Newton International Fellow Institute of

The effect of on the Sculptor dSph* Giuliano Iorio Newton International Fellow Institute of

The effect of on the Sculptor dSph* Giuliano Iorio Newton International Fellow Institute of Astronomy, University of Cambridge *Based on Iorio+19: http://adsabs.harvard.edu/doi/10.1093/mnras/stz1342 Collaborators C. Nipoti, G. Battaglia, A.

482 views • 17 slides
Fully Convolutional Networks for Handwriting Recognition Felipe Petroski Such*, Dheeraj Peri*,

Fully Convolutional Networks for Handwriting Recognition Felipe Petroski Such*, Dheeraj Peri*,

Fully Convolutional Networks for Handwriting Recognition Felipe Petroski Such*, Dheeraj Peri*, Frank Brockler, Paul Hutkowski, Raymond Ptucha* *Rochester Institute of Technology, Kodak Alaris, 1 Such et al. ICFHR18 Background

579 views • 20 slides
Session 08 GAMs an Introduction Overview Model assumes that the mean response is a sum of

Session 08 GAMs an Introduction Overview Model assumes that the mean response is a sum of

Session 08 GAMs an Introduction Overview Model assumes that the mean response is a sum of terms each depending on (usually) a single predictor: = + + = if the s are

413 views • 24 slides
Efficient Dependency-Guided Named Entity Recognition Zhanming Jie Aldrian Obaja Muis Wei Lu

Efficient Dependency-Guided Named Entity Recognition Zhanming Jie Aldrian Obaja Muis Wei Lu

Efficient Dependency-Guided Named Entity Recognition Zhanming Jie Aldrian Obaja Muis Wei Lu Singapore University of Technology and Design February 7, 2017 Slides: http://www.statnlp.org/project/depner.html Table of Contents Motivation Named

551 views • 21 slides
REVIEWING CONVENTIONAL APPROACHES & PROPOSING NEW ALTERNATIVES: PERI- URBAN CUSTOMARY TENURE

REVIEWING CONVENTIONAL APPROACHES & PROPOSING NEW ALTERNATIVES: PERI- URBAN CUSTOMARY TENURE

REVIEWING CONVENTIONAL APPROACHES & PROPOSING NEW ALTERNATIVES: PERI- URBAN CUSTOMARY TENURE AND LAND READJUSTMENT CLARISSA FOURIE UNIVERSITY OF CAPE TOWN INTRODUCTION/1 PRO - POOR AND PRACTICAL RE - DEFINING LAND ADMINISTRATION

285 views • 12 slides
Obesity & Diabetes: New targets in heart failure management Rudolf A. de Boer, MD, FESC,

Obesity & Diabetes: New targets in heart failure management Rudolf A. de Boer, MD, FESC,

Obesity & Diabetes: New targets in heart failure management Rudolf A. de Boer, MD, FESC, FHFA University Medical Center Groningen Groningen, the Netherlands Novel concepts and treatments of comorbidities in Heart Failure with Preserved

908 views • 39 slides

More recommend