A location based security framework for authenticating mobile phones

Although the utilisation of location information in mobile network access systems has given rise to a variety of applications and services, it is thought that the underlying service authentication model and the related security can be further enhanced. We propose a hierarchical location and proximity based access framework to services using mobile devices. We then show that it is practically feasible to implement this framework using 'intelligent' mobile agents. We discuss the necessary security mechanisms and security protocols for such a framework and show that our framework is resilient to relay attacks. The developed location aware mobile agent is equipped with accurate source-of-location sensing that operates online and offline.

[1]  Gerhard P. Hancke Practical attacks on proximity identification systems , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[2]  Katsumi Kawano,et al.  A service selection method based on context types for a ubiquitous service system in a public space , 2004, 2004 International Symposium on Applications and the Internet Workshops. 2004 Workshops..

[3]  Andrzej Kulowski Optimization of a point-in-polygon algorithm for computer models of sound field in rooms , 1992 .

[4]  Kenya Nishiki,et al.  Authentication and Access Control Agent Framework for Context-Aware Services , 2005, 2005 Symposium on Applications and the Internet Workshops (SAINT 2005 Workshops).

[5]  Kenneth B. Salomon An efficient point-in-polygon algorithm , 1978 .

[6]  K. Markantonakis,et al.  An Architecture to Support Multiple Subscriber Identity Applications Accessing Multiple Mobile Telecommunication Access Network Systems , 2008, 2008 Third International Conference on Convergence and Hybrid Information Technology.

[7]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[8]  Kwangjo Kim,et al.  Enhancing Privacy and Authentication for Location Based Service using Trusted Authority , 2007 .

[9]  Jakob E. Bardram,et al.  Context-Aware User Authentication - Supporting Proximity-Based Login in Pervasive Computing , 2003, UbiComp.

[10]  Philip Zimmermann,et al.  PGP source code and internals , 1995 .

[11]  Blake Dournaee,et al.  XML Security , 2002 .

[12]  Gerhard P. Hancke,et al.  Confidence in smart token proximity: Relay attacks revisited , 2009, Comput. Secur..

[13]  Thomas C. Hales,et al.  Jordan ’ s Proof of the Jordan Curve Theorem , 2007 .

[14]  L. Schwartz Cours d'analyse , 1963 .

[15]  Mustaque Ahamad,et al.  A context-aware security architecture for emerging applications , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[16]  Gerhard P. Hancke,et al.  Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones , 2010, RFIDSec.

[17]  Eric Haines,et al.  Point in Polygon Strategies , 1994, Graphics Gems.

[18]  Indrakshi Ray,et al.  LRBAC: A Location-Aware Role-Based Access Control Model , 2006, ICISS.

[19]  K. Nishiki,et al.  Authentication and Access Control Agent Framework for Context-Aware Services , 2005 .

[20]  Indrakshi Ray,et al.  Towards a location-based mandatory access control model , 2006, Comput. Secur..

[21]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[22]  Gerhard P. Hancke,et al.  Potential misuse of NFC enabled mobile phones with embedded security elements as contactless attack platforms , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[23]  Chris Wullems,et al.  Enhancing the security of Internet applications using location: a new model for tamper-resistant GSM location , 2003, Proceedings of the Eighth IEEE Symposium on Computers and Communications. ISCC 2003.