dLocAuth: a dynamic multifactor authentication scheme for mCommerce applications using independent location-based obfuscation

Torben Kuseler; Ihsan A. Lami

doi:10.1117/12.918130

8 May 2012 dLocAuth: a dynamic multifactor authentication scheme for mCommerce applications using independent location-based obfuscation

Torben Kuseler, Ihsan A. Lami

Author Affiliations +

Proceedings Volume 8406, Mobile Multimedia/Image Processing, Security, and Applications 2012; 840605 (2012) https://doi.org/10.1117/12.918130
Event: SPIE Defense, Security, and Sensing, 2012, Baltimore, Maryland, United States

Abstract

This paper proposes a new technique to obfuscate an authentication-challenge program (named LocProg) using randomly generated data together with a client's current location in real-time. LocProg can be used to enable any handsetapplication on mobile-devices (e.g. mCommerce on Smartphones) that requires authentication with a remote authenticator (e.g. bank). The motivation of this novel technique is to a) enhance the security against replay attacks, which is currently based on using real-time nonce(s), and b) add a new security factor, which is location verified by two independent sources, to challenge / response methods for authentication. To assure a secure-live transaction, thus reducing the possibility of replay and other remote attacks, the authors have devised a novel technique to obtain the client's location from two independent sources of GPS on the client's side and the cellular network on authenticator's side. The algorithm of LocProg is based on obfuscating "random elements plus a client's data" with a location-based key, generated on the bank side. LocProg is then sent to the client and is designed so it will automatically integrate into the target application on the client's handset. The client can then de-obfuscate LocProg if s/he is within a certain range around the location calculated by the bank and if the correct personal data is supplied. LocProg also has features to protect against trial/error attacks. Analysis of LocAuth's security (trust, threat and system models) and trials based on a prototype implementation (on Android platform) prove the viability and novelty of LocAuth.

Citation Download Citation

Torben Kuseler and Ihsan A. Lami "dLocAuth: a dynamic multifactor authentication scheme for mCommerce applications using independent location-based obfuscation", Proc. SPIE 8406, Mobile Multimedia/Image Processing, Security, and Applications 2012, 840605 (8 May 2012); https://doi.org/10.1117/12.918130

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
9 PAGES

DOWNLOAD PAPER SAVE TO MY LIBRARY

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Molybdenum

Global Positioning System

Biometrics

Computer security

Receivers

Prototyping

Photovoltaics

Show All Keywords

Keywords/Phrases

Search In:

Publication Years