Cryptanalysis of a Centralized Location-Sharing Scheme for Mobile Online Social Networks

In recent past, due to extensive development of mobile Internet and GPS technology, mobile online social networks (mOSNs) have gained more popularity over traditional online social networks (OSNs). mOSN provides supports to various day-to-day online social network operations like establishing friend relationship, providing location-based services, location sharing among friends, etc. Very recently, in 2018, Xiao et al. proposed a centralized location-sharing scheme where social network server and location-based server are integrated into a single entity (future generation computer systems). In this paper, we analyze that though the scheme of Xi Xiao et al. is efficient and incurs lesser communication and storage cost compared to existing schemes, it has several security weaknesses. As, for example, it cannot resist man-in-the-middle attack and replay attack. Moreover, due to incorrect strategy in location updates phase, user suffers from denial-of-service attack querying friend’s location phase. The cryptanalysis of the scheme of Xi Xiao et al. shows that it is not suitable for practical applications. We verify the attack on the protocol using widely accepted ProVerif and AVISPA simulation tools. Finally, we hint at some possible improvements that can be adopted by their scheme to make it more secured against various possible known attacks.