iRide: A Privacy-Preserving Architecture for Self-Driving Cabs Service

Despite the popularity Ride Hailing Services (RHSs) have gained recently, they pose significant privacy risks. In particular, a user wishing to benefit from a RHS is required to disclose her precise spatio-temporal data to the RHS provider. The provider is, thus, able to infer and harvest further sensitive information about the user, including, e.g., her social behavior. Previous work on protecting privacy in such a context assumes service provider to not collude with drivers. This assumption does not hold in the scenario of self-driving cabs, as driverless vehicles replace drivers and, thus, the service provider has to control and collude with her fleet. In this paper, we tackle the open issue of service provider colluding with her fleet by analyzing the scenario of self-driving cab services. We present iRide, a privacy-preserving architecture for self-driving cab service that relies on Intel SGX to provide strong privacy guarantees. iRide maintains the convenience of the functionality while offering strong privacy guarantees, that is, we do not introduce or rely on trade-offs between functionality and privacy. The introduced overhead in iRide design is relatively small and rather acceptable under practical aspects. To our best knowledge, this is the first work that tackles privacy protection in self-driving cab services.