Abstract
In recent past, due to extensive development of mobile Internet and GPS technology, mobile online social networks (mOSNs) have gained more popularity over traditional online social networks (OSNs). mOSN provides supports to various day-to-day online social network operations like establishing friend relationship, providing location-based services, location sharing among friends, etc. Very recently, in 2018, Xiao et al. proposed a centralized location-sharing scheme where social network server and location-based server are integrated into a single entity (future generation computer systems). In this paper, we analyze that though the scheme of Xi Xiao et al. is efficient and incurs lesser communication and storage cost compared to existing schemes, it has several security weaknesses. As, for example, it cannot resist man-in-the-middle attack and replay attack. Moreover, due to incorrect strategy in location updates phase, user suffers from denial-of-service attack querying friend’s location phase. The cryptanalysis of the scheme of Xi Xiao et al. shows that it is not suitable for practical applications. We verify the attack on the protocol using widely accepted ProVerif and AVISPA simulation tools. Finally, we hint at some possible improvements that can be adopted by their scheme to make it more secured against various possible known attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Xiao, X., Chen, C., Sangaiah, A.K., Huc, G., Ye, R., Jiang, Y.: A centralized privacy-preserving location-sharing system for mobile online social networks. Future Generation Computer Systems 86(1), 863–872 (2018)
Jiang, R., Lu, R., Choo, K.: Achieving high performance and privacy-preserving query over encrypted multidimensional big metering data. Future Generation Computer Systems 78(1), 392–401 (2018)
Ju, X., Shin, K.: Location privacy protection for smartphone users using quadtree entropy maps. Journal of Information Privacy and Security 11(2), 62–79 (2015)
Sweeney, L.: k-anonymity: A model for protecting privacy. IEEE Security and Privacy Magazine 10(5), 1–14 (2002)
Ouyang Y., Le Z., Xu Y., Triandopoulos N., ZhangS., Ford J., MakeDon F., Providing Anonymity in Wireless Sensor Networks, in: IEEE International Conference on Pervasive Services, ICPS, pp. 145-148 (2007)
Chen Z., Hu X., Ju X., Ju X., Shin K., LISA: Location information scrambler for privacy protection on smartphone, in: IEEE Communications and Network Security, CNS, pp. 296-304 (2013)
Rass S., Wigoutschnigg R., Schartner P., Doubly-anonymous crowds: Using secret-sharing to achieve sender-and receiver-anonymity, J. Wirel. Mob. Netw., Ubiquitous Comput., Dependable Appl., 2(4), 27-41 (2011)
Cox, L.P., Dalton, A., Marupadi, V.: Smokescreen: Flexible privacy controls for presence-sharing, ACM Proceedings of the 5th International Conference on Mobile Systems, pp. 233–245. Applications and Services, ACM (2007)
Wei W., Xu F., Li Q., MobiShare: Flexible privacy-preserving location sharing in mobile online social networks, IEEE INFOCOM, pp. 2616-2620, (2012)
Li J. W., Li J., Chen X. F., Liu Z. L., Jia C. F., MobiShare+: Security improved system for location sharing in mobile online social networks. Journal of Internet Services Information Security, (JISIS), 4(1), 25-36 (2014)
Shen, N., Yang, J., Yuan, K., Fu, C., Jia, C.: An efficient and privacy-preserving location sharing mechanism. Computer Standards & Interfaces 44(1), 102–109 (2016)
Liu, Z., Luo, D., Li, J., Jin, L., Chen, X., Jia, C.: N-Mobishare: new privacy-preserving location-sharing system for mobile online social networks. International Journal of Computer Mathematics 93(2), 384–400 (2016)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)
Roy S., Chatterjee S., Das A. K., Chattopadhyay S., Kumari S., Jo. M., Chaotic Map-based Anonymous User Authentication Scheme with User Biometrics and Fuzzy Extractor for Crowdsourcing Internet of Things, IEEE Internet of Things Journal, 5(4), 2884-2895, (2018)
Roy S., Chatterjee S., Das A. K., Chattopadhyay S., Kumar, Vasilakos A. V., On the Design of Provably Secure Lightweight Remote User Authentication Scheme for Mobile Cloud Computing Services, IEEE Access, 5(1), 25808-25825, (2017)
Abadi M., Blanchet B., and Comon-Lundh H., Models and Proofs of Protocol Security: A Progress Report. In 21st International Conference on Computer Aided Verification (CAV’09), pp. 35-49, Grenoble, France, (2009)
AVISPA, “Automated Validation of Internet Security Protocols and Applications,” http://www.avispa-project.org/. Accessed on November 2019
von Oheimb, D.: The high-level protocol specification language hlpsl developed in the eu project avispa, in Proceedings of 3rd APPSEM II Workshop on Applied Semantics (APPSEM 2005), pp. 1–17. Frauenchiemsee, Germany (2005)
Basin D., Modersheim S., Vigano L., OFMC: A symbolic model checker for security protocols International Journal of Information Security, 4(3), 181-208, (2005)
AVISPA, SPAN, the Security Protocol ANimator for AVISPA, http://www.avispa-project.org/. Accessed on November 2019
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Bhattacharya, M., Roy, S., Banerjee, S., Chattopadhyay, S. (2021). Cryptanalysis of a Centralized Location-Sharing Scheme for Mobile Online Social Networks. In: Chaki, R., Cortesi, A., Saeed, K., Chaki, N. (eds) Advanced Computing and Systems for Security. Advances in Intelligent Systems and Computing, vol 1178. Springer, Singapore. https://doi.org/10.1007/978-981-15-5747-7_2
Download citation
DOI: https://doi.org/10.1007/978-981-15-5747-7_2
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-5746-0
Online ISBN: 978-981-15-5747-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)