Top

Published in:

2018 | OriginalPaper | Chapter

In-Region Authentication

Authors : Mamunur Rashid Akand, Reihaneh Safavi-Naini

Published in: Applied Cryptography and Network Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Location information has wide applications in customization and personalization of services, as well as secure authentication and access control. We introduce in-Region Authentication (inRA), a novel type of authentication, that allows a prover to prove to a set of cooperating verifiers that they are in possession of the correct secret key, and are inside a specified (policy) region of arbitrary shape. These requirements naturally arise when a privileged service is offered to registered users within an area. Locating a prover without assuming GPS (Global Positioning System) signal however, incurs error. We discuss the challenge of designing secure protocols that have quantifiable error in this setting, define and formalize correctness and security properties of the protocols, and propose a systematic approach to designing a family of protocols with provable security where error can be flexibly defined and efficiently minimized. We give an instance of this family that requires only two verifiers, prove its security and evaluate its performance in four typical policy regions. Our results show that in all cases false acceptance and false rejection of below \(6\%\) can be achieved. We compare our results with related works, and propose directions for future research.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Almost Tight Multi-Instance Multi-Ciphertext Identity-Based Encryption on Lattices

next chapter Formal Analysis of Distance Bounding with Secure Hardware

A point set corresponding to a geographic area can be constructed using a bitmap image of the area, at the required resolution level. Thus each point corresponds to a geographic square of size u where u is determined by the resolution of the mapping.

\(A\setminus B\) denotes the set of points that are in A and not in B.

We assume verifiers have agreed on the order.

An erasure sequence is a pseudo-random sequence of defined length that is used in secure DLB protocols to prevent the prover from storing malicious codes in device memory to delay their responses. We follow the construction of erasure sequence of [28], which is also explained in the full version of this paper [2].

Here we consider equal weights for FA, FR. Section 6 shows a flexible way to define these errors.

Ahmadi, A., Safavi-Naini, R.: Distance-bounding identifiaction. In: 3rd International Conference on Information Systems Security and Privacy (2017)

Akand, M.R., Safavi-Naini, R.: In-region authentication. Cryptology ePrint Archive, Report 2018/345 (2018). https://eprint.iacr.org/2018/345

Bae, S.E.: Sequential and parallel algorithms for the generalized maximum subarray problem. Ph.D. thesis, University of Canterbury (2007)

Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Secure and lightweight distance-bounding. In: Avoine, G., Kara, O. (eds.) LightSec 2013. LNCS, vol. 8162, pp. 97–113. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40392-7_8CrossRef

Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_30CrossRef

Čapkun, S., Hubaux, J.P.: Secure positioning of wireless devices with application to sensor networks. In: Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 3, pp. 1917–1928. IEEE (2005)

Chandran, N., Goyal, V., Moriarty, R., Ostrovsky, R.: Position based cryptography. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 391–407. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_23CrossRef

Chiang, J.T., Haas, J.J., Hu, Y.: Secure and precise location verification using distance bounding and simultaneous multilateration. In: Proceedings of the 2nd ACM Conference on Wireless Network Security (WiSec 2009). pp. 181–192. ACM, New York (2009)

Desmedt, Y.: Major security problems with the ‘unforgeable’(Feige)-Fiat-Shamir proofs of identity and how to overcome them. In: Proceedings of SECURICOM, vol. 88, pp. 15–17 (1988)

10.

Dürholz, U., Fischlin, M., Kasper, M., Onete, C.: A formal approach to distance-bounding RFID protocols. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 47–62. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24861-0_4CrossRef

11.

Fan, T.-H., Lee, S., Lu, H.-I., Tsou, T.-S., Wang, T.-C., Yao, A.: An optimal algorithm for maximum-sum segment and its application in bioinformatics. In: Ibarra, O.H., Dang, Z. (eds.) CIAA 2003. LNCS, vol. 2759, pp. 251–257. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-45089-0_23CrossRefMATH

12.

Francillon, A., Danev, B., Čapkun, S.: Relay attacks on passive keyless entry and start systems in modern cars. In: NDSS (2011)

13.

Grenander, U.: Pattern Analysis. Applied Mathematical Sciences, vol. 24. Springer, New York (1978). https://doi.org/10.1007/978-1-4684-9354-2CrossRefMATH

14.

Hammad, A., Faith, P.: Location based authentication, US Patent 9,721,250, 1 August 2017

15.

Metz, C.E.: Basic principles of ROC analysis. In: Seminars in Nuclear Medicine, vol. 8, pp. 283–298. Elsevier (1978)CrossRef

16.

Rasmussen, K.B., Castelluccia, C., Heydt-Benjamin, T.S., Čapkun, S.: Proximity-based access control for implantable medical devices. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, Illinois, USA, pp. 410–419, November 2009

17.

Sastry, N., Shankar, U., Wagner, D.: Secure verification of location claims. In: Proceedings of the 2nd ACM Workshop on Wireless Security, pp. 1–10. ACM, New York (2003)

18.

Schwartz, J.: Bing maps tile system. https://msdn.microsoft.com/en-us/library/bb259689.aspx. Accessed 13 Apr 2016

19.

Singelee, D., Preneel, B.: Location verification using secure distance bounding protocols. In: IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, pp. 7-pp. IEEE (2005)

20.

Takaoka, T.: Efficient algorithms for the maximum subarray problem by distance matrix multiplication. Electron. Notes Theor. Comput. Sci. 61, 191–200 (2002)CrossRef

21.

Takaoka, T., Pope, N.K., Voges, K.E.: Algorithms for data mining. In: Business Applications and Computational Intelligence, pp. 291–315. IGI Global (2006)

22.

Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Practical and provably secure distance-bounding. In: Desmedt, Y. (ed.) ISC 2013. LNCS, vol. 7807, pp. 248–258. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-27659-5_18CrossRef

23.

Vora, A., Nesterenko, M.: Secure location verification using radio broadcast. IEEE Trans. Dependable Secur. Comput. 3(4), 377–385 (2006)CrossRef

24.

Warner, J.S., Johnston, R.G.: A simple demonstration that the global positioning system (GPS) is vulnerable to spoofing. J. Secur. Adm. 25(2), 19–27 (2002)

25.

Weddell, S., Langford, B.: Hardware implementation of the maximum subarray algorithm for centroid estimation. In: Proceedings of the Twenty-First Image and Vision Computing Conference New Zealand (IVCNZ 2006), pp. 511–515 (2006)

26.

Wei, Y., Guan, Y.: Lightweight location verification algorithms for wireless sensor networks. IEEE Trans. Parallel Distrib. Syst. 24(5), 938–950 (2013)CrossRef

27.

Yang, R., Xu, Q., Au, M.H., Yu, Z., Wang, H., Zhou, L.: Position based cryptography with location privacy: a step for Fog computing. Future Gener. Comput. Syst. 78, 799–806 (2017)CrossRef

28.

Zheng, X., Safavi-Naini, R., Ahmadi, H.: Distance lower bounding. In: Hui, L.C.K., Qing, S.H., Shi, E., Yiu, S.M. (eds.) ICICS 2014. LNCS, vol. 8958, pp. 89–104. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21966-0_7CrossRef

29.

Zickuhr, K.: Location-Based Services, pp. 679–695. Pew Research (2013)

Title: In-Region Authentication
Authors: Mamunur Rashid Akand
Reihaneh Safavi-Naini
Publisher: Springer International Publishing
Book: Applied Cryptography and Network Security
Print ISBN: 978-3-319-93386-3

Electronic ISBN: 978-3-319-93387-0

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-93387-0_29

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner