An Anonymous Authentication Protocol for Privacy Protection in Location Based Services

Privacy protection is particularly challenging in location based services (LBS). On one hand, service providers want to authenticate legitimate users. On the other hand, mobile users would prefer not to expose any information which enables anyone, including service providers, to get some clue regarding their whereabouts. To resolve this dilemma, we propose an anonymous authentication protocol to protect mobile users' privacy during the interactions between users and service providers in LBS. In this protocol, the service providers use blind signature to generate an authorized anonymous ID for the user, and then the user uses ring signature to mix the anonymous ID into a group of authorized IDs. We formally verify the correctness of the authentication and key establishment procedure in the protocol. In some practical situations, our protocol provides an efficient mechanism for balancing users' need for high-quality information services against their need for privacy protection.