Location-enhanced authentication using the IoT because you cannot be in two places at once

Ioannis Agadakos, Per Hallgren, Dimitrios Damopoulos, Andrei Sabelfeld, Georgios Portokalidis

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

24 Scopus citations

Abstract

User location can act as an additional factor of authentication in scenarios where physical presence is required, such as when making in-person purchases or unlocking a vehicle. This paper proposes a novel approach for estimating user location and modeling user movement using the Internet of Things (IoT). Our goal is to utilize its scale and diversity to estimate location more robustly, than solutions based on smartphones alone, and stop adversaries from using compromised user credentials (e.g., stolen keys, passwords, etc.), when sufficient evidence physically locates them elsewhere. To locate users, we leverage the increasing number of IoT devices carried and used by them and the smart environments that observe these devices. We also exploit the ability of many IoT devices to "sense" the user. To demonstrate our approach, we build a system, called Icelus. Our experiments with it show that it exhibits a smaller false-rejection rate than smartphone-based location-based authentication (LBA) and it rejects attackers with few errors (i.e., false acceptances).

Original languageEnglish
Title of host publicationProceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016
Pages251-264
Number of pages14
ISBN (Electronic)9781450347716
DOIs
StatePublished - 5 Dec 2016
Event32nd Annual Computer Security Applications Conference, ACSAC 2016 - Los Angeles, United States
Duration: 5 Dec 20169 Dec 2016

Publication series

NameACM International Conference Proceeding Series
Volume5-9-December-2016

Conference

Conference32nd Annual Computer Security Applications Conference, ACSAC 2016
Country/TerritoryUnited States
CityLos Angeles
Period5/12/169/12/16

Keywords

  • Authentication
  • Internet of things
  • Location-based services
  • Trust

Fingerprint

Dive into the research topics of 'Location-enhanced authentication using the IoT because you cannot be in two places at once'. Together they form a unique fingerprint.

Cite this