A Location-Based Authentication System Leveraging Smartphones

Albayram, Yusuf; Khan, Mohammad Maifi Hasan; Bamis, Athanasios; Kentros, Sotirios; Nguyen, Nhan; Jiang, Ruhua

doi:10.1109/mdm.2014.16

Cited by 11 publications

(6 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While these and our own exploratory studies [25,21,22] present interesting results, no comprehensive study has been done so far that looked into the strengths and weaknesses of such systems considering different kinds of users, question types, and answer selection schemes (e.g., open-ended vs. multiple choice). Towards that, our work presented in this paper complements these prior efforts that investigated the challenge of designing dynamic security questions using users' smartphone usage behavior data for fallback authentication, and extends prior efforts in several ways as follows.…”

Section: Related Workmentioning

confidence: 97%

“…To address the limitations of static challenge question based schemes, several new approaches have been investigated where challenge questions are not predetermined and are dynamically generated on the fly based on user's recent activities such as online browsing history [15,16], Facebook activity [17], electronic personal history (e.g., personal calendar data) [18,19], email history [20], and users' recent location history [21,22]. Among works that looked into leveraging smartphone usage data and behavior data, Das et al [9] proposed to generate authentication questions from users' day-today activities captured by their smartphones.…”

Section: Related Workmentioning

confidence: 99%

“…A random number of plausible incorrect answers are compiled based on the user's past app usage history that are not . In this paper, we present 15 options to make the answer sufficiently hard to guess [21].…”

Section: Questions Generated Based On Application Usage Datamentioning

confidence: 99%

See 2 more Smart Citations

Evaluating smartphone-based dynamic security questions for fallback authentication: a field study

Albayram

Khan

2016

Hum. Cent. Comput. Inf. Sci.

Self Cite

View full text Add to dashboard Cite

To address the limitations of static challenge question based fallback authentication mechanisms (e.g., easy predictability), recently, smartphone based autobiographical authentication mechanisms have been explored where challenge questions are not predetermined and are instead generated dynamically based on users’ day-to-day activities captured by smartphones. However, as answering different types and styles of questions is likely to require different amounts of cognitive effort and affect users’ performance, a thorough study is required to investigate the effect of type and style of challenge questions and answer selection mechanisms on users’ recall performance and usability of such systems. Towards that, this paper explores seven different types of challenge questions where different types of questions are generated based on users’ smartphone usage data. For evaluation, we conducted a field study for a period of 30 days with 24 participants who were recruited in pairs to simulate different kinds of adversaries (e.g., close friends, significant others). Our findings suggest that the question types do have a significant effect on user performance. Furthermore, to address the variations in users’ accuracy across multiple sessions and question types, we investigate and present a Bayesian classifier based authentication algorithm that can authenticate legitimate users with high accuracy by leveraging individual response patterns.

show abstract

Section: Related Workmentioning

confidence: 97%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Evaluating smartphone-based dynamic security questions for fallback authentication: a field study

Albayram

Khan

2016

Hum. Cent. Comput. Inf. Sci.

Self Cite

View full text Add to dashboard Cite

show abstract

“…To preserve this location data, we can implement LOCATEme over LBS authentication [1]. The device's dummy proof along with nearby devices' proofs, allows the system to calculate the score whether or not to trust the user's location data.…”

Section: International Journal For Research In Applied Science and Engimentioning

confidence: 99%

Locate Me: A Privacy Preserving Pseudonym Generation of Location Proof Updates Through Co-Located Devices

Deepan¹

2017

IJRASET

View full text Add to dashboard Cite

Today's location-sensitive service relies on user's mobile device to determine its location and send the location to the application. This approach allows the user to cheat by having his/her device transmit a fake location, which might enable the user to access a restricted resource erroneously or provide false identity. To address this issue, we propose a far better system, more efficient than A Privacy-Preserving LocAtion proof Updating System(APPLAUS) in which co-located Bluetooth enabled mobile devices mutually generate location proofs, and update to a location proof server. Periodically changed pseudonyms are used by the mobile devices to protect source location privacy from each other, and from the untrusted location proof server in the proposed system. Extensive experimental results show that our proposed scheme (LOCATEme), besides providing location proofs effectively, can efficiently preserve the source location privacy. Pseudonyms are objects that consists of Bluetooth MAC, latitudes, longitudes, timestamp, key and they don't have any specific meaning. Pseudonym objects are uploaded to the server at a particular interval of time period with a session_id that can be used to track what time the user has requested for location proofs which avoid pseudonym object clashes and mismatches. This will be helpful to identify whether the user's location is highly accurate, reliable and trustworthy. The project is set up such that whenever it is used in the device, the bluetooth gets synced up with nearby devices, letting it get the MAC address alone of the bluetooth device just in case to give the user an identity that is totally unique. This helps in distinguishing users so that they can be used for location proof submissions. The nearby device will send proof for the user's device when the server sends an acknowledgement that their device is prone to proof submissions. The process of sensing nearby co-located devices through bluetooth allows automatic submissions of location proof updates without the need of the user to do the work manually. I.INTRODUCTION With the pervasiveness of smart phones, Location Based Services (LBS) have received considerable attention and become more popular and vital recently. However, the use of LBS also poses a potential threat to user's location privacy. In this project, we present an efficient and privacy-preserving location-based query solution, called APPLAUS and LOCATEme. Specifically, to achieve privacy-preserving spatial range query, we propose the first predicate-only encryption scheme for inner product range (Pseudonym object PO), which can be used to detect whether a position is within a given circular area in a privacy-preserving way. To reduce query latency, we further design a privacy-preserving index structure in LOCATEme. Detailed security analysis confirms the security properties of LOCATEme. In particular, for a mobile LBS user using an Android phone, around 1.9 s is needed to generate a query, and it also only requires a commodity workstation. Today's lo...

show abstract

“…By analyzing frequently visited locations of users in the past 6 months, for example, the validation of the current access location can be judged and a digital signature can be provided based on the result . Similarly, in Reference, the BSSID (Wi‐Fi MAC address) and RSSI (recovered Wi‐Fi signal strength) are recorded while users log into Wi‐Fi access points. This location profile is leveraged to generate an authentication questionnaire.…”

Section: Introductionmentioning

confidence: 99%

Peer‐assisted location authentication and access control for wireless networks

Yuan

Maple

et al. 2018

Internet Technology Letters

View full text Add to dashboard Cite

Funding InformationEngineering and Physical Reseach Council (EPSRC) PETRAS IoT Hub, EP/N02298X/1. This paper presents the development and implementation of a location-based, lightweight peer-assisted authentication scheme for use in wireless networks. The notion of peer-assisted authentication is based upon some target user equipment-(UE) seeking authentication and access to a network based upon its physical location. The target UE seeks authentication through the UE of peers in the same network. Compared with previous work, the approach in this paper does not rely on any cryptographic proofs from a central authentication infrastructure, thus avoiding complex infrastructure management. However, the peer-assisted authentication consumes network channel resources which will impact on network performance. In this paper, we also present an access control algorithm for balancing the location authentication, network quality of service (QoS), network capacity and time delay. The results demonstrate that peer-assisted authentication considering location authentication and system QoS through dynamic access control strategies can be effectively and efficiently implemented in a number of use cases. KEYWORDSaccess control, location authentication, quality of service, wireless networks INTRODUCTIONDriven by the proliferation of Wi-Fi hotspots and femtocells in public places, location-based services (LBSs) have experienced a surge in development in recent years. 1 In LBS systems, users can request a location-dependent service from LBS providers. However, to ensure appropriate use, and assist in the security, of these services, authentication is important. Once mobile users are authenticated, it is possible to grant specific access permissions, such as multimedia-based tourism and nearby marketing. Related workThere has been increased interest in LBS systems recently. To identify the location of a mobile user, one of the main methods employed is based on the visiting history of user equipments (UEs). By analyzing frequently visited locations of users in the past 6 months, for example, the validation of the current access location can be judged and a digital signature can be provided based on the result. 2 Similarly, in Reference, 3 the BSSID (Wi-Fi MAC address) and RSSI (recovered Wi-Fi signal strength) are recorded while users log into Wi-Fi access points. This location profile is leveraged to generate an authentication questionnaire. The questions concern information about the user's location, such as recently visited places and the order they visited. However, using such a location authentication architecture, a trusted infrastructure is required to achieve a relatively high degree of confidence by using cryptographic protocols. This necessarily increases the complexity of authentication. In this paper, we present a peer-to-peer authentication system which does not require a central infrastructure but is still able to provide efficient authentication.The authentication approach in this paper is based on the trusted locations...

show abstract

A Location-Based Authentication System Leveraging Smartphones

Cited by 11 publications

References 13 publications

Evaluating smartphone-based dynamic security questions for fallback authentication: a field study

Evaluating smartphone-based dynamic security questions for fallback authentication: a field study

Locate Me: A Privacy Preserving Pseudonym Generation of Location Proof Updates Through Co-Located Devices

Peer‐assisted location authentication and access control for wireless networks

Contact Info

Product

Resources

About