Advertisement

In-Region Authentication

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10892)

Abstract

Location information has wide applications in customization and personalization of services, as well as secure authentication and access control. We introduce in-Region Authentication (inRA), a novel type of authentication, that allows a prover to prove to a set of cooperating verifiers that they are in possession of the correct secret key, and are inside a specified (policy) region of arbitrary shape. These requirements naturally arise when a privileged service is offered to registered users within an area. Locating a prover without assuming GPS (Global Positioning System) signal however, incurs error. We discuss the challenge of designing secure protocols that have quantifiable error in this setting, define and formalize correctness and security properties of the protocols, and propose a systematic approach to designing a family of protocols with provable security where error can be flexibly defined and efficiently minimized. We give an instance of this family that requires only two verifiers, prove its security and evaluate its performance in four typical policy regions. Our results show that in all cases false acceptance and false rejection of below \(6\%\) can be achieved. We compare our results with related works, and propose directions for future research.

Keywords

In-region Distance bounding Authentication 

References

  1. 1.
    Ahmadi, A., Safavi-Naini, R.: Distance-bounding identifiaction. In: 3rd International Conference on Information Systems Security and Privacy (2017)Google Scholar
  2. 2.
    Akand, M.R., Safavi-Naini, R.: In-region authentication. Cryptology ePrint Archive, Report 2018/345 (2018). https://eprint.iacr.org/2018/345
  3. 3.
    Bae, S.E.: Sequential and parallel algorithms for the generalized maximum subarray problem. Ph.D. thesis, University of Canterbury (2007)Google Scholar
  4. 4.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Secure and lightweight distance-bounding. In: Avoine, G., Kara, O. (eds.) LightSec 2013. LNCS, vol. 8162, pp. 97–113. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40392-7_8CrossRefGoogle Scholar
  5. 5.
    Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48285-7_30CrossRefGoogle Scholar
  6. 6.
    Čapkun, S., Hubaux, J.P.: Secure positioning of wireless devices with application to sensor networks. In: Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 3, pp. 1917–1928. IEEE (2005)Google Scholar
  7. 7.
    Chandran, N., Goyal, V., Moriarty, R., Ostrovsky, R.: Position based cryptography. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 391–407. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03356-8_23CrossRefGoogle Scholar
  8. 8.
    Chiang, J.T., Haas, J.J., Hu, Y.: Secure and precise location verification using distance bounding and simultaneous multilateration. In: Proceedings of the 2nd ACM Conference on Wireless Network Security (WiSec 2009). pp. 181–192. ACM, New York (2009)Google Scholar
  9. 9.
    Desmedt, Y.: Major security problems with the ‘unforgeable’(Feige)-Fiat-Shamir proofs of identity and how to overcome them. In: Proceedings of SECURICOM, vol. 88, pp. 15–17 (1988)Google Scholar
  10. 10.
    Dürholz, U., Fischlin, M., Kasper, M., Onete, C.: A formal approach to distance-bounding RFID protocols. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 47–62. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-24861-0_4CrossRefGoogle Scholar
  11. 11.
    Fan, T.-H., Lee, S., Lu, H.-I., Tsou, T.-S., Wang, T.-C., Yao, A.: An optimal algorithm for maximum-sum segment and its application in bioinformatics. In: Ibarra, O.H., Dang, Z. (eds.) CIAA 2003. LNCS, vol. 2759, pp. 251–257. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-45089-0_23CrossRefMATHGoogle Scholar
  12. 12.
    Francillon, A., Danev, B., Čapkun, S.: Relay attacks on passive keyless entry and start systems in modern cars. In: NDSS (2011)Google Scholar
  13. 13.
    Grenander, U.: Pattern Analysis. Applied Mathematical Sciences, vol. 24. Springer, New York (1978).  https://doi.org/10.1007/978-1-4684-9354-2CrossRefMATHGoogle Scholar
  14. 14.
    Hammad, A., Faith, P.: Location based authentication, US Patent 9,721,250, 1 August 2017Google Scholar
  15. 15.
    Metz, C.E.: Basic principles of ROC analysis. In: Seminars in Nuclear Medicine, vol. 8, pp. 283–298. Elsevier (1978)CrossRefGoogle Scholar
  16. 16.
    Rasmussen, K.B., Castelluccia, C., Heydt-Benjamin, T.S., Čapkun, S.: Proximity-based access control for implantable medical devices. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, Illinois, USA, pp. 410–419, November 2009Google Scholar
  17. 17.
    Sastry, N., Shankar, U., Wagner, D.: Secure verification of location claims. In: Proceedings of the 2nd ACM Workshop on Wireless Security, pp. 1–10. ACM, New York (2003)Google Scholar
  18. 18.
    Schwartz, J.: Bing maps tile system. https://msdn.microsoft.com/en-us/library/bb259689.aspx. Accessed 13 Apr 2016
  19. 19.
    Singelee, D., Preneel, B.: Location verification using secure distance bounding protocols. In: IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, pp. 7-pp. IEEE (2005)Google Scholar
  20. 20.
    Takaoka, T.: Efficient algorithms for the maximum subarray problem by distance matrix multiplication. Electron. Notes Theor. Comput. Sci. 61, 191–200 (2002)CrossRefGoogle Scholar
  21. 21.
    Takaoka, T., Pope, N.K., Voges, K.E.: Algorithms for data mining. In: Business Applications and Computational Intelligence, pp. 291–315. IGI Global (2006)Google Scholar
  22. 22.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Practical and provably secure distance-bounding. In: Desmedt, Y. (ed.) ISC 2013. LNCS, vol. 7807, pp. 248–258. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-27659-5_18CrossRefGoogle Scholar
  23. 23.
    Vora, A., Nesterenko, M.: Secure location verification using radio broadcast. IEEE Trans. Dependable Secur. Comput. 3(4), 377–385 (2006)CrossRefGoogle Scholar
  24. 24.
    Warner, J.S., Johnston, R.G.: A simple demonstration that the global positioning system (GPS) is vulnerable to spoofing. J. Secur. Adm. 25(2), 19–27 (2002)Google Scholar
  25. 25.
    Weddell, S., Langford, B.: Hardware implementation of the maximum subarray algorithm for centroid estimation. In: Proceedings of the Twenty-First Image and Vision Computing Conference New Zealand (IVCNZ 2006), pp. 511–515 (2006)Google Scholar
  26. 26.
    Wei, Y., Guan, Y.: Lightweight location verification algorithms for wireless sensor networks. IEEE Trans. Parallel Distrib. Syst. 24(5), 938–950 (2013)CrossRefGoogle Scholar
  27. 27.
    Yang, R., Xu, Q., Au, M.H., Yu, Z., Wang, H., Zhou, L.: Position based cryptography with location privacy: a step for Fog computing. Future Gener. Comput. Syst. 78, 799–806 (2017)CrossRefGoogle Scholar
  28. 28.
    Zheng, X., Safavi-Naini, R., Ahmadi, H.: Distance lower bounding. In: Hui, L.C.K., Qing, S.H., Shi, E., Yiu, S.M. (eds.) ICICS 2014. LNCS, vol. 8958, pp. 89–104. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-21966-0_7CrossRefGoogle Scholar
  29. 29.
    Zickuhr, K.: Location-Based Services, pp. 679–695. Pew Research (2013)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.University of CalgaryCalgaryCanada

Personalised recommendations