User Authentication Protocol Based on the Location Factor for a Mobile Environment

Maciej Bartlomiejczyk,Imed El Fray,Olga Siedlecka-Lamch,Sabina Szymoniak,Miroslaw Kurkowski

doi:10.1109/access.2022.3148537

Abstract

The way the internet is used by billions of users around the world has been revolutionized by mobile devices. The capabilities of smartphones are constantly growing, and the number of services available for mobile devices is also increasing. This undeniable trend makes smartphones terminals for accessing services that process confidential data, which make smartphones priceless targets of cyberattacks. Along with an increasing number of mobile services, the methods of securing the confidentiality, integrity and availability of systems used have also evolved and adapted to the capabilities of a mobile environment. One of the important security services is the user authentication process. This process often implements the postulates of strong authentication, multistage authentication based on factors from the knowledge, position and inherence categories. Unfortunately, the implementation of the factors belonging to these categories is not always possible due to the limitations of smartphones, such as the lack of interfaces for the implementation of biometrics or environmental factors - problems with network or internet access in various countries and regions. Therefore, there is a need to analyse the possibility of implementing a strong authentication process based on additional information about users, e.g., based on location data. The article analyses the requirements for the authentication process and authentication factors. Based on the performed analysis, the criteria that each authentication factor must meet were defined. This article presents a proposal for a user authentication protocol based on the location factor for a mobile environment. The method can be used in the case of problems with the implementation of strong authentication or as an additional authentication factor that increases the security of the user identity confirmation process. The presented protocol has been analysed in terms of performance, security and compliance with the requirements related to the authentication factors.

Highlights

The development of mobile technology has made smartphones terminals that allow the implementation of many key services, such as access to confidential information
Based on this detailed analysis, a user authentication protocol based on location data has been proposed
Its performance was compared to the systems using other factors from the knowledge, possession and inherence categories

Summary

Introduction

The development of mobile technology has made smartphones terminals that allow the implementation of many key services, such as access to confidential information For this reason, the user authentication process must be performed as securely as possible. Secure authentication of user identities is performed using multifactor authentication, a process that requires the use of more than one factor This process can be conducted based on a user's knowledge, something that he possesses or a biometric feature [1]. The definition of the strong authentication process is very similar It consists of confirming a user's identity based on at least two factors belonging to different categories: knowledge, possession, and inherence [2], [3]. The advantages of this method include the simplicity of the implementation of the authentication mechanism [4]–[6]

Objectives

Discussion

Conclusion