| Title | A privacy-enhanced OAuth 2.0 based protocol for Smart City mobile applications |
|---|---|
| ID_Doc | 35962 |
| Authors | Sucasas, V; Mantas, G; Althunibat, S; Oliveira, L; Antonopoulos, A; Otung, I; Rodriguez, J |
| Title | A privacy-enhanced OAuth 2.0 based protocol for Smart City mobile applications |
| Year | 2018 |
| Published | |
| Abstract | In the forthcoming Smart City scenario, Service Providers will require users to authenticate themselves and authorize their mobile applications to access their remote accounts. In this scenario, OAuth 2.0 has been widely adopted as a de facto authentication and authorization protocol. However, the current OAuth 2.0 protocol specification does not consider the user privacy issue and presents several vulnerabilities that can jeopardize users' privacy rights. Therefore, in this paper we propose an OAuth 2.0 based protocol for Smart City mobile applications that addresses the user privacy issue by integrating a pseudonym-based signature scheme and a signature delegation scheme into the OAuth 2.0 protocol flow. The proposed solution allows users to self-generate user-specific and app-specific pseudonyms on-demand and ensure privacy-enhanced user authentication at the Service Provider side. The proposed protocol has been validated with Proverif and its performance has been evaluated in terms of time and space complexity. Results show that the proposed protocol can provide users with efficient and effective means to authenticate towards service providers while preventing user tracking and impersonation from malicious entities located in the network side or in the users' mobile device. (C) 2018 Elsevier Ltd. All rights reserved. |
Similar Articles
| ID | Score | Article |
|---|---|---|
38694
|
Sucasas, V; Mantas, G; Radwan, A; Rodriguez, J An OAuth2-based Protocol with Strong User Privacy Preservation for Smart City Mobile e-Health Apps(2016) | |
| 38683
|
Sucasas, V; Mantas, G; Radwan, A; Rodriguez, J A Lightweight Privacy-Preserving OAuth2-based Protocol for Smart City Mobile Apps(2016) | |
| 45567
|
Papaioannou, M; Ribeiro, JC; Monteiro, V; Sucasas, V; Mantas, G; Rodriguez, J A Privacy-Preserving User Authentication Mechanism for Smart City Mobile Apps(2021) | |
| 44228
|
Oliveira, L; Sucasas, V; Mantas, G; Rodriguez, J Implementation of a Pseudonym-Based Signature Scheme with Bilinear Pairings on Android(2018) | |
| 43466
|
Sucasas, V; Aly, A; Mantas, G; Rodriguez, J; Aaraj, N Secure Multi-Party Computation-Based Privacy-Preserving Authentication for Smart Cities(2023)Ieee Transactions On Cloud Computing, 11, 4 | |
| 38465
|
Sciarretta, G; Carbone, R; Ranise, S A Delegated Authorization Solution for Smart-City Mobile Applications(2016) | |
| 44302
|
Gokul, N; Sankaran, S Identity Based Security Framework For Smart Cities(2020) | |
| 39325
|
Jegadeesan, S; Azees, M; Kumar, PM; Manogaran, G; Chilamkurti, N; Varatharajan, R; Hsu, CH An efficient anonymous mutual authentication technique for providing secure communication in mobile cloud computing for smart city applications(2019) |