Skip to main content
SpringerLink
Log in

Desynchronization resistant privacy preserving user authentication protocol for location based services

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Preserving user privacy and authenticity are essential requirements for location based services in order to protect user’s confidential information from public exposure and provide secure access to various services. Recently, numerous approaches towards these challenges have been proposed. Many of these are based on dynamic update of fixed parameters (such as pseudonym, transaction sequence number, shared key, counter, etc.) along with symmetric/asymmetric key cryptography, and seems promising in dealing with various security related issues such as unlinkability, forward/backward secrecy, replay attack and stolen verifier attack. However, the concept of dynamic update may affect the system performance in case of desynchronization attack as it requires to perform additional computations or user reregistration in order to resynchronize the peers. In this article, we address the problem of desynchronization attack and propose a privacy preserving user authentication protocol for location based services. The proposed protocol is based on elliptic curve cryptography and introduces dynamic randomized counters in order to synchronize the peers. Also, there is no need to resynchronize the peers in case of desynchronization attack. Additionally, there is no timestamp used in construction of the protocol to avoid clock synchronization problem. The security properties of the protocol are validated both formally and informally. Moreover, the safety of the protocol is assured using AVISPA tool based automated simulation. Finally, a performance comparison has been made against some recently proposed approaches to ensure the effectiveness of our protocol in real life implementations.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Rahman MG, Imai H (2002) Security in wireless communication. Wirel Person Commun 22 (2):213–228

    Article  Google Scholar 

  2. Song T, Li R, Mei B, Yu J, Xing X, Cheng X (2017) A privacy preserving communication protocol for iot applications in smart homes. IEEE Internet Things J 4(6):1844–1852

    Article  Google Scholar 

  3. Steinfield C (2004) The development of location based services in mobile commerce. In: E-life after the dot com bust, pp 177–197

  4. Boyd C, Mathuria A, Stebila D (2003) Protocols for authentication and key establishment, vol 1

  5. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29 (2):198–208

    Article  MathSciNet  Google Scholar 

  6. Shouqi C, Wanrong L, Liling C, Qing S, Xin H (2019) An improved anonymous authentication protocol for location-based service. IEEE Access 7:114203–114212

    Article  Google Scholar 

  7. Reddy AG, Das AK, Yoon EJ, Yoo KY (2016) A secure anonymous authentication protocol for mobile services on elliptic curve cryptography. IEEE Access 4:4394–4407

    Article  Google Scholar 

  8. Odelu V, Banerjee S, Das AK, Chattopadhyay S, Kumari S, Li X, Goswami A (2017) A secure anonymity preserving authentication scheme for roaming service in global mobility networks. Wirel Pers Commun 96(2):2351–2387

    Article  Google Scholar 

  9. Lee B, Kim K (2002) Receipt-free electronic voting scheme with a tamper-resistant randomizer. In: International conference on information security and cryptology, pp 389–406

  10. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Annual international cryptology conference, pp 388–397

  11. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  12. Raymond DR, Midkiff SF (2008) Denial-of-service in wireless sensor networks: Attacks and defenses. IEEE Pervasive Comput 7(1):74–81

    Article  Google Scholar 

  13. Wood AD, Stankovic JA (2002) Denial of service in sensor networks, vol 35

  14. Zhu J, Ma J (2004) A new authentication scheme with anonymity for wireless environments. IEEE Trans Consum Electron 50(1):231–235

    Article  Google Scholar 

  15. Lu Y, Xu G, Li L, Yang Y (2019) Robust privacy-preserving mutual authenticated key agreement scheme in roaming service for global mobility networks. IEEE Syst J 13(2):1454– 1465

    Article  Google Scholar 

  16. Gope P, Hwang T (2016) Lightweight and energy-efficient mutual authentication and key agreement scheme with user anonymity for secure communication in global mobility networks. IEEE Syst J 10(4):1370–1379

    Article  Google Scholar 

  17. Xu G, Liu J, Lu Y, Zeng X, Zhang Y, Li X (2018) A novel efficient maka protocol with desynchronization for anonymous roaming service in global mobility networks. J Netw Comput Appl 107:83–92

    Article  Google Scholar 

  18. Menezes AJ, Van Oorschot PC, Vanstone SA (2018) Handbook of applied cryptography. CRC press

  19. Shashidhara R, Bojjagani S, Maurya AK, Kumari S, Xiong H (2020) A robust user authentication protocol with privacy-preserving for roaming service in mobility environments. Peer-to-Peer Netw Appl 13(6):1943–1966

    Article  Google Scholar 

  20. Memon I, Hussain I, Akhtar R, Chen G (2015) Enhanced privacy and authentication: an efficient and secure anonymous communication for location based service using asymmetric cryptography scheme. Wirel Pers Commun 84(2):1487–1508

    Article  Google Scholar 

  21. Abdalla M, Fouque PA, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: International workshop on public key cryptography, pp 65–84

  22. Lee CC, Hwang MS, Liao IE (2006) Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE Trans Ind Electron 53(5):1683–1687

    Article  Google Scholar 

  23. Wu CC, Lee WB, Tsaur WJ (2008) A secure authentication scheme with anonymity for wireless communications. IEEE Commun Lett 12(10):722–723

    Article  Google Scholar 

  24. Baza MI, Fouda MM, Eldien AST, Mansour HA (2015) An efficient distributed approach for key management in microgrids. In: 2015 11Th international computer engineering conference (ICENCO). IEEE, pp 19–24

  25. Zhou S, Zhang Z, Luo Z, Wong EC (2010) A lightweight anti-desynchronization RFID authentication protocol. Inf Syst Front 12(5):521–528

    Article  Google Scholar 

  26. Wen F, Susilo W, Yang G (2013) A secure and effective anonymous user authentication scheme for roaming service in global mobility networks. Wirel Person Commun 73(3):993–1004

    Article  Google Scholar 

  27. Gope P, Hwang T (2015) Enhanced secure mutual authentication and key agreement scheme preserving user anonymity in global mobile networks. Wirel Pers Commun 82(4):2231–2245

    Article  Google Scholar 

  28. Zhang G, Fan D, Zhang Y, Li X, Liu X (2015) A privacy preserving authentication scheme for roaming services in global mobility networks. Secur Commun Netw 8(16):2850–2859

    Article  Google Scholar 

  29. Wu F, Xu L, Kumari S, Li X, Khan MK, Das AK (2016) An enhanced mutual authentication and key agreement scheme for mobile user roaming service in global mobility networks. Ann Telecommun 72(3-4):131–144

    Article  Google Scholar 

  30. Abbasinezhad-Mood D, Nikooghadam M (2018) Efficient anonymous passwordauthenticated key exchange protocol to read isolated smart meters by utilization of extended chebyshev chaotic maps. IEEE Trans Ind Inf 14(11):4815–4828

    Google Scholar 

  31. Rogaway P, Shrimpton T (2004) Cryptographic hash-function basics: definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: International workshop on fast software encryption, pp 371–388

  32. Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48(177):203–209

    Article  MathSciNet  Google Scholar 

  33. Armando A, Basin D, Boichut Y, Chevalier Y, Compagna L, Cuellar J, Drielsma PH, Heam PC, Kouchnarenko O, Mantovani J et al (2005) The AVISPA tool for the automated validation of internet security protocols and applications. In: International conference on computer aided verification, pp 281–285

  34. Team T et al (2006) Avispa v1. 1 user manual. Information society technologies programme, http://avispa-project.org

  35. Von Oheimb D (2005) The high-level protocol specification language HLPSL developed in the EU project avispa. In: Proceedings of APPSEM 2005 workshop, pp 1–17

  36. Basin D, Modersheim S, Vigano L (2005) Ofmc: a symbolic model checker for security protocols. Int J Inf Secur 4(3):181–208

    Article  Google Scholar 

  37. Turuani M (2006) The cl-atse protocol analyser. In: International conference on rewriting techniques and applications, pp 277–286

  38. Kilinc HH, Yanik T (2013) A survey of sip authentication and key agreement schemes. IEEE Commun Surv Tutorials 16(2):1005–1023

    Article  Google Scholar 

  39. Ying B, Nayak A (2017) Anonymous and lightweight authentication for secure vehicular networks. IEEE Trans Veh Technol 66(12):10626–10636

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science & Engineering, Indian Institute of Technology (Indian School of Mines), Dhanbad, India

    Prasanta Kumar Roy & Ansuman Bhattacharya

Authors
  1. Prasanta Kumar Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ansuman Bhattacharya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Prasanta Kumar Roy.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Roy, P.K., Bhattacharya, A. Desynchronization resistant privacy preserving user authentication protocol for location based services. Peer-to-Peer Netw. Appl. 14, 3619–3633 (2021). https://doi.org/10.1007/s12083-021-01194-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-021-01194-3

Keywords

Search

Navigation