Online ride-hailing services have become a vital component of urban transportation worldwide due to their convenience and flexibility. However, the expansion of their user base has dramatically heightened the risks of user privacy information leakage. Among these risks, the privacy leakage problem caused by the direct correlation between user (driver and passenger) identity information and location-based ride information is of particular concern. This paper proposes a novel privacy protection scheme for ride-hailing services. In this scheme, decentralized identities are employed for user authentication, separating the identity registration service from the ride-hailing platform, thereby preventing the platform from obtaining user privacy data. The scheme also employs a fuzzy matching strategy based on location Points of Interest (POI) and a ciphertext-policy attribute-based hybrid encryption algorithm to hide the user’s precise location and restrict access to location information. Crucially, the scheme achieves the complete decoupling of identity registration services and location-based ride services on the ride-hailing platform, ensuring that users’ real identities and ride data cannot be directly associated, effectively protecting user privacy. Within the decoupled architecture, regulatory authorities are established to handle emergencies within ride-hailing services. Through simulation experiments and security analysis, this scheme is demonstrated to be both feasible and practical, providing a new privacy protection solution for the ride-hailing industry.
Read full abstract