Wireless Personal Communications

, Volume 108, Issue 3, pp 1841–1868 | Cite as

A Novel Protocol for Security of Location Based Services in Multi-agent Systems

  • Hussam Al-HamadiEmail author
  • Chan Yeob Yeun
  • Mohamed Jamal Zemerly
  • Mahmoud Al-Qutayri
  • Amjad Gawanmeh
  • Yousof Al-Hammadi
  • Ernesto Damiani


Multi-agent systems are automated form of software technology to enhance many applications in our life. However, this technology does not come along with embedded security features which hindering its widespread usage in commercial systems such as those that depend on location-based services. This paper aims to design, develop, test and evaluate an efficient security protocol for the multi-agent system to support the secrecy of user location. At first, we have developed a new architectural approach, inspired by the well-known Kerberos protocol, that can provide a secure service for the end users. It offers the most important security requirements in this field, namely; mutual authentication, confidentiality, integrity, and authorization. The proposed security protocol so-called Multi-Agent Security using Enhanced Kerberos has been verified and validated using a formal verification tool called ProVerif. Also, we provide a comparison with the original Kerberos protocol in terms of efficiency, which tilts the balance to our protocol.


Multi-agent system Communication system security Formal verification 



  1. 1.
    Fazziki, A. E., Benslimane, D., Sadiq, A., Ouarzazi, J., & Sadgal, M. (2017). An agent based traffic regulation system for the roadside air quality control. IEEE Access, 5, 13192–13201.CrossRefGoogle Scholar
  2. 2.
    Cai, Z., Zhang, Y., Wu, M., & Cai, D. (2016). An entropy-robust optimization of mobile commerce system based on multi-agent system. Arabian Journal for Science and Engineering, 41(9), 3703–3715.CrossRefGoogle Scholar
  3. 3.
    Boudriga, N., & Obaidat, M. S. (2004). Intelligent agents on the web: A review. Computing in Science Engineering, 6(4), 35–42.CrossRefGoogle Scholar
  4. 4.
    Martínez, D., Clotet, E., Moreno, J., Tresanchez, M., & Palacín, J. (2016). A proposal of a multi-agent system implementation for the control of an assistant personal robot (pp. 171–179). Cham: Springer.Google Scholar
  5. 5.
    Chaudhari, S. S., & Biradar, R. C. (2016). Traffic and mobility aware resource prediction using cognitive agent in mobile ad hoc networks. Journal of Network and Computer Applications, 72(1), 87–103.CrossRefGoogle Scholar
  6. 6.
    Niu, W., Li, G., Tong, E., Yang, X., Chang, L., Shi, Z., et al. (2014). Interaction relationships of caches in agent-based HD video surveillance: Discovery and utilization. Journal of Network and Computer Applications, 37(1), 155–169.CrossRefGoogle Scholar
  7. 7.
    Metzger, M., & Polakow, G. (2011). A survey on applications of agent technology in industrial process control. IEEE Transactions on Industrial Informatics, 7(4), 570–581.CrossRefGoogle Scholar
  8. 8.
    Jain, C., & Saxena, A. (2016). General study of mobile agent based intrusion detection system (IDS). Journal of Computer and Communications, 4(4), 93–98.CrossRefGoogle Scholar
  9. 9.
    Geetha, G., & Jayakumar, C. (2015). Implementation of trust and reputation management for free-roaming mobile agent security. IEEE Systems Journal, 9(2), 556–566.CrossRefGoogle Scholar
  10. 10.
    Muñoz, A. (2019). A review of security mechanisms for multi-agent systems: Security challenges in multi-agent systems. In Artificial intelligence and security challenges in emerging networks (pp. 38–62). IGI Global.Google Scholar
  11. 11.
    Al-Hamadi, H. M. N., Yeun, C. Y., Zemerly, M. J., & Al-Qutayri, M. (2011). Distributed lightweight Kerberos protocol for mobile agent systems. In IEEE GCC conference and exhibition (pp. 233–236).Google Scholar
  12. 12.
    Al-Hamadi, H. M. N., Yeun, C. Y., Zemerly, M. J., Al-Qutayri, M. A., & Gawanmeh, A. (2011). Formal modeling and verification of DLK protocol. In 2011 International conference for internet technology and secured transactions (pp. 578–583).Google Scholar
  13. 13.
    Al-Hamadi, H. M. N., Yeun, C. Y., Zemerly, M. J., Al-Qutayri, M. A., & Gawanmeh, A. (2013). Verifying mutual authentication for the DLK protocol using ProVerif tool. International Journal for Information Security Research, 3(1), 256–265.CrossRefGoogle Scholar
  14. 14.
    Subburaj, V. H., & Urban, J. E. (2019). Specifying security requirements in multi-agent systems using the descartes-agent specification language and AUML. In E. Ziemba (Ed.), Information technology for management: Emerging research and applications (pp. 93–111). Cham: Springer.CrossRefGoogle Scholar
  15. 15.
    Subburaj, V. H., & Urban, J. E. (2018). Applying formal methods to specify security requirements in multi-agent systems. In 2018 Federated conference on computer science and information systems (FedCSIS) (pp. 707–714). IEEE.Google Scholar
  16. 16.
    Board, F. (2018). The current set of standard FIPA specifications. Accessed 1 Aug 2018.
  17. 17.
    Bellifemine, F., Trucco, T., Giovanni, C., & Rimassa, G. (2010). JADE programmer’s guide. Accessed 1 Aug 2018.
  18. 18.
    Thielscher, M. (2005). Flux: A logic programming method for reasoning agents. Theory and Practice of Logic Programming, 5, 533–565.zbMATHCrossRefGoogle Scholar
  19. 19.
    Winikoff, M. (2005). Jack™ intelligent agents: An industrial strength platform (pp. 175–193). Boston, MA: Springer.Google Scholar
  20. 20.
    Dastani, M., van Riemsdijk, M. B., Dignum, F., & Meyer, J.-J. C. (2004). A programming language for cognitive agents goal directed 3APL. In M. M. Dastani, J. Dix, & A. El Fallah-Seghrouchni (Eds.), Programming multi-agent systems (pp. 111–130). Berlin: Springer.CrossRefGoogle Scholar
  21. 21.
    Bordini, R. H., & Hübner, J. F. (2006). BDI agent programming in agentspeak using Jason, ser. CLIMA’05 (pp. 143–164). Berlin: Springer.zbMATHGoogle Scholar
  22. 22.
    Rinard, M. C., Scales, D. J., & Lam, M. S. (1993). JADE: A high-level, machine-independent language for parallel programming. Computer, 26(6), 28–38.CrossRefGoogle Scholar
  23. 23.
    Fotiou, N., Machas, A., Polyzos, G. C., & Xylomenos, G. (2015). Access control as a service for the cloud. Journal of Internet Services and Applications, 6(1), 11.CrossRefGoogle Scholar
  24. 24.
    Blanchet, B., Cheval, V., Smyth, B. & Sylvestre, M. (2017). ProVerif 1.97: Automatic cryptographic protocol verifier, user manual and tutorial. Accessed 1 Aug 2018.
  25. 25.
    Backes, M., Maffei, M., & Unruh, D. (2008). Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In 2008 IEEE symposium on security and privacy (sp 2008) (pp. 202–215).Google Scholar
  26. 26.
    Jiang, Q., Zeadally, S., Ma, J., & He, D. (2017). Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks. IEEE Access, 5, 3376–3392.CrossRefGoogle Scholar
  27. 27.
    Al-Hamadi, H., Gawanmeh, A., Baek, J., & Al-Qutayri, M. (2017). Lightweight security protocol for ECG bio-sensors. Wireless Personal Communications, 95(4), 5097–5120.CrossRefGoogle Scholar
  28. 28.
    Blanchet, B. (2014). Automatic verification of security protocols in the symbolic model: The verifier ProVerif (pp. 54–87). Cham: Springer.zbMATHGoogle Scholar
  29. 29.
    Needham, R. M., & Schroeder, M. D. (1978). Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12), 993–999.zbMATHCrossRefGoogle Scholar
  30. 30.
    Woo, T. Y. C., & Lam, S. S. (1992). Authentication for distributed systems. Computer, 25(1), 39–52.CrossRefGoogle Scholar
  31. 31.
    Bansal, C., Bhargavan, K., & Maffeis, S. (2012). Discovering concrete attacks on website authorization by formal analysis. In 2012 IEEE 25th computer security foundations symposium (pp. 247–262).Google Scholar
  32. 32.
    Leiba, B. (2012). Oauth web authorization protocol. IEEE Internet Computing, 16(1), 74–77.CrossRefGoogle Scholar
  33. 33.
    Abadi, M., & Needham, R. (1994). Prudent engineering practice for cryptographic protocols. In IEEE computer society symposium on research in security and privacy (pp. 122–136).Google Scholar
  34. 34.
    Bellovin, S. M., & Merritt, M. (1992). Encrypted key exchange: Password-based protocols secure against dictionary attacks. In IEEE computer society symposium on research in security and privacy (pp. 72–84).Google Scholar
  35. 35.
    Bellovin, S. M., & Merritt, M. (1993). Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise. In Proceedings of the 1st ACM conference on computer and communications security, ser. CCS ’93 (pp. 244–250). New York, NY: ACM.Google Scholar
  36. 36.
    Raji, F., & Ladani, B. T. (2010). Anonymity and security for autonomous mobile agents. IET Information Security, 4(4), 397–410.CrossRefGoogle Scholar
  37. 37.
    Kuo, W.-C., Wei, H.-J., & Cheng, J.-C. (2014). An efficient and secure anonymous mobility network authentication scheme. Journal of Information Security and Applications, 19(1), 18–24.CrossRefGoogle Scholar
  38. 38.
    Calvaresi, D., Appoggetti, K., Lustrissimi, L., Marinoni, M., Sernani, P., Dragoni, A. F., & Schumacher, M. (2018). Multi-agent systems’ negotiation protocols for cyber-physical systems: Results from a systematic literature review. In ICAART (1) (pp. 224–235).Google Scholar
  39. 39.
    Fong, C.-H., Parr, G., & Morrow, P. (2011). Security schemes for a mobile agent based network and system management framework. JJournal of Network and Systems Management, 19(2), 230–256.CrossRefGoogle Scholar
  40. 40.
    Venkatesan, S., Chellappan, C., Vengattaraman, T., Dhavachelvan, P., & Vaish, A. (2010). Advanced mobile agent security models for code integrity and malicious availability check. Journal of Network and Computer Applications, 33(6), 661–671.CrossRefGoogle Scholar
  41. 41.
    Garrigues, C., Migas, N., Buchanan, W., Robles, S., & Borrell, J. (2009). Protecting mobile agents from external replay attacks. Journal of Systems and Software, 82(2), 197–206.CrossRefGoogle Scholar
  42. 42.
    Dhanalakshmi, K., & Nawaz, G. K. (2012). Matrix hop mobile agent (MHMA) system for e-service applications. Procedia Engineering, 30(Supplement C), 1171–1178.CrossRefGoogle Scholar
  43. 43.
    Albelaihy, A., & Cazalas, J. (2017). A survey of the current trends of privacy techniques employed in protecting the location privacy of users in LBSs. In 2017 2nd international conference on anti-cyber crimes (ICACC) (pp. 19–24).Google Scholar
  44. 44.
    Niu, B., Li, Q., Zhu, X., & Li, H. (2014). A fine-grained spatial cloaking scheme for privacy-aware users in location-based services. In 2014 23rd international conference on computer Communication and networks (ICCCN) (pp. 1–8).Google Scholar
  45. 45.
    Chen, J., He, K., Yuan, Q., Chen, M., Du, R., & Xiang, Y. (2018). Blind filtering at third parties: An efficient privacy-preserving framework for location-based services. IEEE Transactions on Mobile Computing, 17(11), 2524–2535.CrossRefGoogle Scholar
  46. 46.
    Ghaffari, M., Ghadiri, N., Manshaei, M. H., & Lahijani, M. S. (2017). \(p^4qs\): A peer-to-peer privacy preserving query service for location-based mobile applications. IEEE Transactions on Vehicular Technology, 66(10), 9458–9469.CrossRefGoogle Scholar
  47. 47.
    Pfitzmann, B., & Waidner, M. (2003). Analysis of liberty single-sign-on with enabled clients. IEEE Internet Computing, 7(6), 38–44.CrossRefGoogle Scholar
  48. 48.
    Bellovin, S. M., & Merritt, M. (1990). Limitations of the Kerberos authentication system. ACM SIGCOMM Computer Communication Review, 20(5), 119–132.CrossRefGoogle Scholar
  49. 49.
    Sulaiman, R., Huang, X., & Sharma, D. (2009). E-health services with secure mobile agent. In 2009 seventh annual communication networks and services research conference (pp. 270–277).Google Scholar
  50. 50.
    Srivastava, S., & Nandi, G. (2014). Self-reliant mobile code: A new direction of agent security. Journal of Network and Computer Applications, 37, 62–75.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Center for Cyber-Physical SystemsKhalifa UniversityAbu DhabiUAE
  2. 2.Department of Electrical and Computer EngineeringKhalifa UniversityAbu DhabiUAE

Personalised recommendations