CPAL: A Conditional Privacy-Preserving Authentication With Access Linkability for Roaming Service

Lai, Chengzhe; Li, Hui; Liang, Xiaohui; Lu, Rongxing; Zhang, Kuan; Shen, Xuemin

doi:10.1109/jiot.2014.2306673

Cited by 69 publications

(57 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several recent researches have been conducted for the privacy-preserving for the IoT based services [28][29][30][31][32][33][34][35][36]. In order to handle the massive amount of data, the most convincing solution is the federation of the IoT and cloud computing.…”

Section: Privacy-preserving For Iotmentioning

confidence: 99%

“…A lightweight privacy-preserving trust model had been designed for minimizing privacy loss in the presence of untrusted service providers, so that providers can be prevented from disclosing information to third parties for secondary uses [30]. A conditional privacy-preserving authentication with access linkability (CPAL) for roaming service, to provide universal secure roaming service and multilevel privacy preservation [31]. The authors in [32] estimated the cost of breaking public key crypto systems when the adversary is limited by the available resources and time and presentd the trade-off between the processing load for an IoT node versus the desired time span of privacy protection.…”

Section: Privacy-preserving For Iotmentioning

confidence: 99%

See 1 more Smart Citation

Efficient location privacy algorithm for Internet of Things (IoT) services and applications

Sun

Chang

Ramachandran

et al. 2017

Journal of Network and Computer Applications

141

View full text Add to dashboard Cite

Location-based Services (LBS) have become a very important area for research with the rapid development of Internet of Things (IoT) technology and the ubiquitous use of smartphones and social networks in our daily lives. Although users can enjoy a lot of flexibility and conveniences from the LBS with IoT, they may also lose their privacy. Untrusted or malicious LBS servers with all users' information can track users in various ways or release personal data to third parties. In this work, we first analyze the current dummy-location selection (DLS) algorithm-an efficient location privacy preservation approach and design an attack algorithm for DLS (ADLS) for test emerging IoT security. For efficiently preserving user's location privacy, we propose a novel dummy location privacy-preserving (DLP) algorithm by considering both computational costs and various privacy requirements of different users. Extensive simulation experiments have been carried out to evaluate the efficiency of the proposed schemes. Evaluation results show that the ADLS algorithm has a high probability of identifying the user's real location out from chosen dummy locations in the DLS algorithm. Our proposed DLP algorithm has clear advantages over the DLS algorithm in term of lower probability of revealing the user's real location and improved computational cost and efficiency (i.e., time, speed, accuracy, and complexity) while preserve the same privacy level as DLS algorithm.

show abstract

Section: Privacy-preserving For Iotmentioning

confidence: 99%

Section: Privacy-preserving For Iotmentioning

confidence: 99%

Efficient location privacy algorithm for Internet of Things (IoT) services and applications

Sun

Chang

Ramachandran

et al. 2017

Journal of Network and Computer Applications

141

View full text Add to dashboard Cite

show abstract

“…As reported in [3][4][5][6][7][8][9][10][11][12][13], a secure and efficient handover authentication should satisfy the following nine properties: • Subscription validation: An AP must authenticate MNs to ensure their legitimacy. • Server authentication: An MN is sure about the identity of the visited AP.…”

Section: Requirementsmentioning

confidence: 99%

“…Handover authentication has been an active field of research, resulting in many interesting protocols [3][4][5][6][7][8][9][10][11][12][13]. However, as an MN generally has limited power and processing capability, some of the proposed protocols are not suitable for the tight authentication time limit imposed on mobile networks.…”

Section: Existing Protocolsmentioning

confidence: 99%

See 1 more Smart Citation

Handover authentication for mobile networks: security and efficiency aspects

Chan

Guizani

2015

IEEE Network

View full text Add to dashboard Cite

handover authentication protocol enables mobile nodes (e.g., laptop PCs, smartphones, and vehicles) to seamlessly and securely roam over multiple access points [1]. Regardless of the mobile networking technology involved, as shown in Fig. 1, a typical handover authentication scenario involves three parties: mobile nodes (MNs), access points (APs), and the authentication server (AS). Normally, there is an agreement between APs and the AS to support roaming services. An MN first needs to register with the AS, and then can connect to the nearest AP to access its subscribed services while it is moving. When the MN moves from the current AP (e.g., AP1) into a new AP (e.g., AP2), handover authentication should be performed at AP2. Through handover authentication, AP2 authenticates the MN to reject any access request by an unauthorized user. Also, a session key should be established between the MN and AP2 to protect the data subsequently exchanged over the connection.There are two major challenging issues in the design of handover authentication protocols. The first one is efficiency. On one hand, MNs generally have limited processing capability and power. On the other hand, in order to avoid connection disruption due to handover, a tight time limit is usually imposed on the handover process. For example, the IEEE suggests that the handover latency should be kept below 50 ms, of which the authentication process should not take more than 20 ms. Therefore, a handover authentication process is required to be computationally efficient. The second issue is security and privacy. While an authentication scheme aims to check the legitimacy of incoming MNs, it should also be designed to stand against security attacks [2] such as denialof-service (DoS) attacks. For example, if an AP needs to carry out expensive cryptographic operations during the authentication process, adversaries can exhaust its resources by sending it a large number of bogus access requests. Moreover, privacy of MNs should be preserved. Otherwise, their private information disclosed in the handoff process may be exploited by APs.In the literature, a number of handover authentication protocols have been proposed for mobile networks [3][4][5][6][7][8][9][10][11]. However, they do not adequately address the above issues. Recently, a new handover authentication protocol called PairHand [12] has been proposed. It outperforms those protocols in terms of efficiency, security, and privacy. One of the distinguishing features of PairHand is that it only requires two handshakes between an MN and an AP during authentication, and does not involve any certificate as in a traditional public key cryptosystem.In this article, we first discuss the security and efficiency requirements of handover authentication protocols. Then we review the earlier proposed protocols, and discuss how their security weaknesses and efficiency problems are overcome by PairHand. Subsequently, a more novel handover authentication protocol, HashHand, is designed. While preserving the merits of PairHan...

show abstract

References

2018

Internet of Things

View full text Add to dashboard Cite

CPAL: A Conditional Privacy-Preserving Authentication With Access Linkability for Roaming Service

Cited by 69 publications

References 38 publications

Efficient location privacy algorithm for Internet of Things (IoT) services and applications

Efficient location privacy algorithm for Internet of Things (IoT) services and applications

Handover authentication for mobile networks: security and efficiency aspects

References

Contact Info

Product

Resources

About