Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(157.31KB)
This is an Open Access publication published under CSC-OpenAccess Policy.
Publications from CSC-OpenAccess Library are being accessed from over 74 countries worldwide.
Using Geographical Location as an Authentication Factor to Enhance mCommerce Applications on Smartphones
Torben Kuseler, Ihsan Alshahib Lami
Pages - 277 - 287     |    Revised - 15-07-2012     |    Published - 10-08-2012
Volume - 6   Issue - 4    |    Publication Date - August 2012  Table of Contents
MORE INFORMATION
KEYWORDS
Authentication, Location, mCommerce Applications, Security, Smartphone
ABSTRACT
Smartphones are increasingly used to perform mCommerce applications whilst on the move. 50% of all Smartphone owners in the U.S. used their Smartphone for banking transactions in the first quarter of 2011. This is an increase of nearly 100% compared to the year before. Current techniques used to remotely authenticate the client to the service provider in an mCommerce application are based on “static” authentication factors like passwords or tokens. The fact that the client is on the move, whilst using these mCommerce applications is not considered or used to enhance the authentication security. This paper is concerned with including client’s geographical location as an important authentication factor to enhance security of mCommerce applications, especially those requiring robust client authentication. Techniques to integrate location as an authentication factor as well as techniques to generation location-based cryptographic keys are reviewed and discussed. This paper further outlines restrictions of location as an authentication factor and gives recommendations about correct usage of client’s location information for mCommerce application’s authentication on Smartphones.
CITED BY (7)  
1 Khadka, I. The accuracy of location services and the potential impact on the admissibility of GPS Based evidence in court cases.
2 Dhondge, K., Choi, B. Y., Song, S., & Park, H. (2014, August). Optical Wireless authentication for smart devices using an onboard ambient light sensor. In Computer Communication and Networks (ICCCN), 2014 23rd International Conference on (pp. 1-8). IEEE.
3 Xiong, J., Xiong, J., & Claramunt, C. (2014, November). A spatial entropy-based approach to improve mobile risk-based authentication. In Proceedings of the 1st ACM SIGSPATIAL International Workshop on Privacy in Geographic Information Collection and Analysis (p. 3). ACM.
4 vongsingthong, s., & boonkrong, s. (2014). a survey on smartphone authentication. walailak journal of science and technology (wjst), 12(1), 1-19.
5 Young stars, & Peng Xinguang. (2014) A lightweight one-time password authentication scheme. Small Computer Systems, 35 (008), 1808-1811.
6 Kuseler, T., Lami, I. A., & Al-Assam, H. (2013, May). Location-assured, multifactor authentication on smartphones via LTE communication. In SPIE Defense, Security, and Sensing (pp. 87550B-87550B). International Society for Optics and Photonics.
7 Al-Assam, H., Lami, I. A., & Kuseler, T. (2013). Integrating Cancellable Biometrics with Geographical Location for Effective Unattended Authentication of Users of Mobile Devices. Journal of Communications, 8(11).
1 Google Scholar 
2 CiteSeerX 
3 refSeek 
4 TechRepublic 
5 Scribd 
6 SlideShare 
7 PdfSR 
1 Frank Diekmann, "Survey: Mobile Bankers Double Over Last Year." Credit Union Journal, vol. 15, no. 18, pp. 19-19, May 2011.
2 Security's Role in Deploying Transaction-Enabled Mobile Applications, Aug 2010.
3 G. Sun, J. Chen, W. Guo, and K.J.R. Liu, "Signal processing techniques in networkaided positioning: a survey of state-of-the-art positioning designs." IEEE Signal Processing Magazine, vol. 22, no. 4, pp. 12-23, 2005.
4 U.S. Government,“Official U.S. Government information about the Global Positioning System (GPS) and related topics.”Internet: www.gps.gov, Apr. 20, 2012 [May 15, 2012].
5 Paul A. Zandbergen, "Accuracy of iPhone Locations: A Comparison of Assisted GPS, WiFi and Cellular Positioning." Transactions in GIS, vol. 13, no. s1, pp. 5-25, 2009.
6 Skyhook, “Skyhook.”Internet: www.skyhookwireless.com, [May 15, 2012].
7 Axel Kuepper. Location-Based Services: Fundamentals and Operation. Wiley Online Library, Oct. 2005.
8 TruePosition, U-TDOA: Enabling New Location-Based Safety and Security Solutions, Oct. 2008.
9 S.Z. Li and A.K. Jain.Encyclopedia of Biometrics. US, Springer US, 2009.
10 D. Denning and P. MacDoran, "Location-Based Authentication: GroundingCyperspace for Better Security." Computer Fraud and Security Bulletin, Feb. 1996.
11 A.I.G.T. Ferreres, B.R. Alvarez, and A.R. Garnacho, "Guaranteeing the authenticity of location information." IEEE Pervasive Computing, pp. 72-80, 2008.
12 S. Lo, D.S. De Lorenzo, P.K. Enge, D. Akos, and P. Bradley, "Signal authentication-a secure civil gnss for today." inside GNSS, vol. 4, no. 5, pp. 30-39, 2009.
13 G. Becker, S. Lo, D. De Lorenzo, P. Enge, and C. Paar, "Secure Location Verification." Data and Applications Security and Privacy XXIV, 2010, pp. 366-373.
14 A. Haeberlen et al., "Practical robust localization over large-scale 802.11 wireless networks." in Proceedings of the 10th annual international conference on Mobile computing and networking, ACM, 2004, pp. 70-84.
15 S. Saroiu and A. Wolman, "Enabling new mobile applications with location proofs." Proceedings of the 10th workshop on Mobile Computing Systems and Applications, New York, USA, 2009, pp. 3:1--3:6.
16 W. Luo and U. Hengartner, "VeriPlace: a privacy-aware location proof architecture." Proceedings of the 18th SIGSPATIAL International Conference on Advances in Geographic Information Systems, ACM, 2010, pp. 23-32.
17 Z. Zhu and G. Cao, "Applaus: A privacy-preserving location proof updating system for location-based services." INFOCOM, 2011 Proceedings IEEE, 2011, pp. 1889-1897.
18 V. Lenders, E. Koukoumidis, P. Zhang, and M. Martonosi, "Location-based trust for mobile user-generated content: applications, challenges and implementations." Proceedings of the 9th workshop on Mobile computing systems and applications, ACM, 2008, pp. 60-64.
19 L. Scott and D.E. Denning, "A location based encryption technique and some of its applications." in ION National Technical Meeting, vol. 2003, 2003, pp. 730-740.
20 A. Al-Fuqaha and O. Al-Ibrahim, "Geo-encryption protocol for mobile networks," Computer Communications, vol. 30, no. 11-12, pp. 2510-2517, 2007.
21 G. Yan and S. Olariu, "An efficient geographic location-based security mechanism for vehicular adhoc networks." IEEE 6th International Conference on Mobile Adhoc and Sensor Systems, MASS'09, 2009, pp. 804-809.
22 G. Yan, J. Lin, D.B. Rawat, and W. Yang, "A Geographic Location-Based Security Mechanism for Intelligent Vehicular Networks." Intelligent Computing and Information Science, pp. 693-698, 2011.
23 W.B. Hsieh and J.S. Leu, "Design of a time and location based One-Time Password authentication scheme." Wireless Communications and Mobile Computing Conference (IWCMC), 7th International, IEEE, 2011, pp. 201-206.
24 H.C. Liao and Y.H. Chao, "A new data encryption algorithm based on the location of mobile users." Information Technology Journal, vol. 7, no. 1, pp. 63-69, 2008.
25 L. Scott and D.E. Denning, "Location Based Encryption & Its Role In Digital Cinema Distribution." Tech. rep. 2003.
26 Ihsan A. Lami, Torben Kuseler, Hisham Al-Assam, and Sabah Jassim, "LocBiometrics: Mobile phone based multifactor biometric authentication with time and location assurance," Proc. 18th Telecommunications Forum, IEEE Telfor, Nov. 2010.
27 Torben Kuseler, Hisham Al-Assam, Sabah Jassim, and Ihsan A. Lami, "Privacy preserving, real-time and location secured biometrics for mCommerce authentication," SPIE Mobile Multimedia/Image Processing, Security, and Applications 2011, vol. 8063, Apr. 2011.
Mr. Torben Kuseler
The University of Buckingham - United Kingdom
torben.kuseler@buckingham.ac.uk
Dr. Ihsan Alshahib Lami
The University of Buckingham - United Kingdom