Spatial Authentication Using Cell Phones

Spatial Authentication Using Cell Phones

Arjan Durresi (Indiana University-Purdue University Indianapolis, USA)
Copyright: © 2009 |Pages: 10
DOI: 10.4018/978-1-59904-855-0.ch032
OnDemand PDF Download:
$37.50

Abstract

The latest estimates suggest that there are over two billion cell phone users worldwide. The massive worldwide usage has prompted technological advances which have resulted in more features being packed in the same phone. New dual phones are being built which can connect to both the cellular network and other wireless devices. In this chapter we propose to use the omnipresent cell phones and the secure cellular network for access and location control. Using the cellular network adds to the strength of the authentication process and makes the revocation of access for a user easy. Our scheme also provides spatial control of the entity seeking authentication. In a cell phone based authentication system, our scheme provides location based authentication using two different approaches. One approach uses a trusted hardware sensor placed at a location close to the cell phone to validate the presence of the cell phone. Another approach to obtain the desired spatial control is through the use of GPS. The cellular phones would present the authentication server and the cellular network with the GPS coordinates of its current location using a tamper proof GPS module. This approach also prevents wormhole attacks because the cell phone has to provide the same coordinates to both the authentication server and the cellular network.
Chapter Preview
Top

Introduction

Cellular phones are becoming ubiquitous telecommunication devices. These are portable wireless devices and connect to the network through RF communication. Due to their low cost and multitude of features, these phones have been transformed from expensive equipment used for business to a low cost personal item. It is estimated that there are over two billion cell phones worldwide (Cellularonline, 2007). These phones typically have low power transceivers which typically transmit data and voice up to a few miles where the mobile tower (base station) is located. This base station connects the cellular phone to the backbone telephone network. The mobile phones cannot communicate when they are unable to connect to the base station.

The capabilities of these phones have also increased dramatically over the last few years. In addition to the standard telephone features, the phones also Instant Messaging, MMS, Internet access, and so on. More advanced features like music and video streaming, digital camera, and document scanner are being bundled with the cell phone. These features have transformed the cell phone from a simple phone to a digital Swiss army knife.

More advanced features like Bluetooth, IR have been added to allow the cell phone to connect with other devices. Avaya, Motorola, and Proxim are planning to introduce a new class of mobile phones called dual phones (Brewin, 2004; Hochmuth, 2004). These phones will be able to make voice calls over the cellular network and the 802.11a WLAN networks. The advantage of using this phone is that the user can make calls through the WLAN infrastructure when he is able to connect to the WLAN. This would save money because the cell phone user would be able to use the WLAN minutes for free. The companies have also developed the technology to “hand off” calls between the WLAN and cellular network. Cell phones can be developed which are able to connect to both the cellular network and the wireless devices. Such ability could enable them to be used in many applications.

There are many applications in wireless networks where access is granted to a user only when the user is located in certain predefined locations (Hansen & Oleshchuk, 2003; Mavridis, Georgiadis, & Pangalos, 2002; Toye, Sharp, Madhavapeddy, & Scott, 2005). For example, a doctor should be able to access the medical records only when he is located inside the hospital and not in cafeteria. In this scenario the doctor has access to the medical records only when he is located in a safe place like his office and not in a public place like the cafeteria. The server can be certain about the users’ location by using a trusted hardware sensor, which is able to determine if the cell phone is in its communication range. Another approach to be certain of the location of the phone is to have a tamper proof GPS module on the SIM card.

In this chapter we assume the cellular infrastructure to be secure. While we believe that security is always in relative terms and a work in progress, cellular networks are much more secure than the other networks like the internet. Vulnerabilities like GSM cloning are being addressed and the GSM are moving away from security by obscurity. 3GPP, which is the next generation of GSM will be using cryptographic primitives which are based out the existing research literature and open to public scrutiny (GSM cloning, 2007). Besides, we believe that cell phones being a multi-billion dollar industry have the resources to provide stronger guarantees for authentication, confidentiality and privacy if such applications are developed.

Key Terms in this Chapter

Location Authentication: Location authentication is the confirmation about the location of the given object.

Spatial Control: Spatial Control is the probability of obtaining the exact coordinates of a location from GPS.

Radio-Frequency Identification (RFID): Radio-frequency identification is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID tags or transponders.

Global Positioning System (GPS): GPS is a Global Navigation Satellite System. The system uses a constellation of at least 24 medium Earth orbit satellites that transmit precise microwave signals, the system enables a GPS receiver to determine its location, speed/direction, and time.

Wireless Local Area Network (WLAN): WLAN is a wireless local area network, which is the linking of two or more computers without using wires.

Subscriber Identity Module (SIM): A Subscriber Identity Module is a removable smart card for mobile cellular telephony devices such as mobile computers and mobile phones. SIM cards securely store the service-subscriber key (IMSI) used to identify a GSM subscriber. The SIM card allows users to change phones by simply removing the SIM card from one mobile phone and inserting it into another mobile phone or broadband telephony device.

Signal-to-noise ratio (SNR): Signal-to-noise ratio is an electrical engineering concept defined as the ratio of a signal power to the noise power corrupting the signal.

Authentication: Authentication is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true.

Global System for Mobile Communications (GSM): GSM is the most popular standard for mobile phones in the world.

Infrared (IR): Infrared radiation is electromagnetic radiation of a wavelength longer than that of visible light, but shorter than that of radio waves. The uses of infrared include military, such as: target acquisition, surveillance, homing and tracking and non-military, such as thermal efficiency analysis, remote temperature sensing, short-ranged wireless communication, spectroscopy, and weather forecasting

Bluetooth: Bluetooth is an industrial specification for wireless personal area networks (PANs). Bluetooth provides a way to connect and exchange information between devices such as mobile phones, laptops, PCs, printers, digital cameras, and video game consoles over a secure, globally unlicensed short-range radio frequency.

Complete Chapter List

Search this Book:
Reset
Editorial Advisory Board
Table of Contents
Preface
Jatinder N. D. Gupta, Sushil Sharma
Acknowledgment
Jatinder N. D. Gupta, Sushil Sharma
Chapter 1
Xin Luo, Qinyu Liao
In computer virology, advanced encryption algorithms, on the bright side, can be utilized to effectively protect valuable information assets of... Sample PDF
Ransomware: A New Cyber Hijacking Threat to Enterprises
$37.50
Chapter 2
Joon S. Park
E-commerce has grown immensely with the increase in activity on the Internet, and this increase in activity, while immeasurable, has also presented... Sample PDF
E-Commerce: The Benefits, Security Risks, and Countermeasures
$37.50
Chapter 3
Pamela Ajoku
Even though weapons and money are considered important factors for running a modern world, at the end of the day, it is all about controlling and... Sample PDF
Information Warfare: Survival of the Fittest
$37.50
Chapter 4
Gaeil An, Joon S. Park
In this chapter, we discuss the evolution of the enterprise security federation, including why the framework should be evolved and how it has been... Sample PDF
Evolution of Enterprise Security Federation
$37.50
Chapter 5
Roy Ng
The hypergrowth of computing and communications technologies increases security vulnerabilities to organizations. The lack of resources training... Sample PDF
A Holistic Approach to Information Security Assurance and Risk Management in an Enterprise
$37.50
Chapter 6
John D’Arcy, Anat Hovav
A number of academic studies that focus on various aspects of information security management (ISM) have emerged in recent years. This body of work... Sample PDF
An Integrative Framework for the Study of Information Security Management Research
$37.50
Chapter 7
Aditya Ponnam
Organizations worldwide recognize the importance of a comprehensive, continuously evolving risk assessment process, built around a solid risk... Sample PDF
Information Systems Risk Management: An Audit and Control Approach
$37.50
Chapter 8
Udaya Kiran Tupakula
In this chapter we discuss Distributed Denial of Service (DDoS) attacks in networks such as the Internet, which have become significantly prevalent... Sample PDF
Distributed Denial of Service Attacks in Networks
$37.50
Chapter 9
Andy Luse
This chapter describes various firewall conventions, and how these technologies operate when deployed on a corporate network. Terms associated with... Sample PDF
Firewalls as Continuing Solutions for Network Security
$37.50
Chapter 10
Jamie Twycross
The immune system provides a rich metaphor for computer security: anomaly detection that works in nature should work for machines. However, early... Sample PDF
An Immune-Inspired Approach to Anomaly Detection
$37.50
Chapter 11
Wasim A. Al-Hamdani
This chapter introduces cryptography from information security phase rather than from deep mathematical and theoretical aspects, along with... Sample PDF
Cryptography for Information Security
$37.50
Chapter 12
Carlo Belletini
The chapter introduces and describes representative defense mechanisms to protect from both basic and advanced exploitation of low-level coding... Sample PDF
Memory Corruption Attacks, Defenses, and Evasions
$37.50
Chapter 13
Dalila Boughaci, Brahim Oubeka, Abdelkader Aissioui, Habiba Drias, Belaïd Benhamou
This chapter presents the design and the implementation of a decentralized firewall. The latter uses autonomous agents to coordinately control the... Sample PDF
Design and Implementation of a Distributed Firewall
$37.50
Chapter 14
Tom Coffey
This chapter concerns the correct and reliable design of modern security protocols. It discusses the importance of formal verification of security... Sample PDF
A Formal Verification Centred Development Process for Security Protocols
$37.50
Chapter 15
Ahsan Habib
This chapter develops a distributed monitoring scheme that uses edge-to-edge measurements to identify congested links and capture the misbehaving... Sample PDF
Edge-to-Edge Network Monitoring to Detect Service Violations and DoS Attacks
$37.50
Chapter 16
Doug White, Alan Rea
Hard disk wipes are a crucial component of computing security. However, more often than not, hard drives are not adequately processed before either... Sample PDF
A "One-Pass" Methodology for Sensitive Data Disk Wipes
$37.50
Chapter 17
Lijun Liao
This chapter deals with the issues concerning e-mail communication security. We analyze the most popular security mechanisms and standards related... Sample PDF
Securing E-Mail Communication with XML Technology
$37.50
Chapter 18
Li Yang, Raimund K. Ege, Lin Luo
This chapter describes our approach to handle security in a complex Distributed Virtual Environment (DVE). The modules of such an environment all... Sample PDF
Aspect-Oriented Analysis of Security in Distributed Virtual Environment
$37.50
Chapter 19
Information Availability  (pages 230-239)
Deepak Khazanchi
This chapter describes the concept of information availability (IAV) which is considered an important element of information security. IAV is... Sample PDF
Information Availability
$37.50
Chapter 20
Siraj Ahmed Shaikh
The purpose of this chapter is to introduce the reader to the research area of formal analysis of authentication protocols. It briefly introduces... Sample PDF
Formal Analysis and Design of Authentication Protocols
$37.50
Chapter 21
Rajeev R. Raje, Alex Crespi, Omkar J. Tilak, Andrew M. Olson
Component-based software development offers a promising technique for creating distributed systems. It does require a framework for specifying... Sample PDF
Access Control Frameworks for a Distributed System
$37.50
Chapter 22
Manish Gupta, JinKyu Lee, H. R. Rao
The Internet has emerged as the dominant medium in enabling banking transactions. Adoption of e-banking has witnessed an unprecedented increase over... Sample PDF
Implications of FFIEC Guidance on Authentication in Electronic Banking
$37.50
Chapter 23
Sue Conger
Historically, companies have automated a security model that analogizes the concept of a “guardian” who monitors incoming and outgoing activities... Sample PDF
Disruptive Technology Impacts on Security
$37.50
Chapter 24
Sushma Mishra
Internal auditing has become increasingly important in current business environments. In this era of the Sarbanes- Oxley Act and other similar... Sample PDF
Internal Auditing for Information Assurance
$37.50
Chapter 25
William H. Friedman
This chapter is management oriented. It first proposes a general theoretical context for IT disasters within the wider class of all types of... Sample PDF
IT Continuity in the Face of Mishaps
$37.50
Chapter 26
Yvette Ghormley
This chapter describes the tools that businesses can use to create a Business Continuity and Disaster Recovery Plan. Utilizing business modeling... Sample PDF
Business Continuity and Disaster Recovery Plans
$37.50
Chapter 27
Yvette Ghormley
The number and severity of attacks on computer and information systems in the last two decades has steadily risen and mandates the use of security... Sample PDF
Security Policies and Procedures
$37.50
Chapter 28
Arjmand Samuel
This chapter outlines the overall access control policy engineering framework in general and discusses the subject of validation of access control... Sample PDF
Enterprise Access Control Policy Engineering Framework
$37.50
Chapter 29
Sushil K. Sharma, Jatinder N.D. Gupta
The purpose of the information security policy is to establish an organization-wide approach to prescribe mechanisms that help identify and prevent... Sample PDF
Information Security Policies: Precepts and Practices
$37.50
Chapter 30
Paul D. Witman
This chapter provides a set of guidelines to assist information assurance and security researchers in creating, negotiating, and reviewing... Sample PDF
A Guide to Non-Disclosure Agreements for Researchers
$37.50
Chapter 31
Omkar J. Tilak
Software realization of a large-scale Distributed Computing System (DCS) is achieved through the Componentbased Software Development (CBSD)... Sample PDF
Assurance for Temporal Compatibility Using Contracts
$37.50
Chapter 32
Arjan Durresi
The latest estimates suggest that there are over two billion cell phone users worldwide. The massive worldwide usage has prompted technological... Sample PDF
Spatial Authentication Using Cell Phones
$37.50
Chapter 33
Sushil K. Sharma, Jatinder N.D. Gupta, Ajay K. Gupta
The ability to perform E-Commerce over the Internet has become the driver of the new digital economy. As it has opened up opportunities for... Sample PDF
Plugging Security Holes in Online Environment
$37.50
Chapter 34
Erik Graham, Paul John Steinbart
This chapter presents a step-by-step approach to improving the security of wireless networks. It describes the basic threats to achieving the... Sample PDF
Six Keys to Improving Wireless Security
$37.50
Chapter 35
Robert W. Proctor, E. Eugene Schultz, Kim-Phuong L. Vu
Many measures that enhance information security and privacy exist. Because these measures involve humans in various ways, their effectiveness... Sample PDF
Human Factors in Information Security and Privacy
$37.50
Chapter 36
Wm. Arthur Conklin
Software defects lead to security vulnerabilities, which cost businesses millions of dollars each year and threaten the security of both individuals... Sample PDF
Threat Modeling and Secure Software Engineering Process
$37.50
Chapter 37
Christopher M. Botelho, Joseph A. Cazier
The threat of social engineering attacks is prevalent in today’s society. Even with the pervasiveness of mass media’s coverage of hackers and... Sample PDF
Guarding Corporate Data from Social Engineering Attacks
$37.50
Chapter 38
Tom Clark
Data storage is playing an increasingly visible role in securing application data in the data center. Today virtually all large enterprises and... Sample PDF
Data Security for Storage Area Networks
$37.50
Chapter 39
Edgar Weippl
This chapter outlines advanced options for security training. It builds on previous publications (Weippl 2005, 2006) and expands them by including... Sample PDF
Security Awareness: Virtual Environments and E-Learning
$37.50
Chapter 40
Manish Gupta
Enterprises are increasingly interested in new and cost effective technologies to leverage existing investments in IT and extend capabilities to... Sample PDF
Security-Efficient Identity Management Using Service Provisioning (Markup Language)
$37.50
Chapter 41
Dwayne Stevens, David T. Green
Voice over Internet Protocol (VoIP) networks signal an evolution in telecommunications that is accelerating the convergence of the Internet and the... Sample PDF
A Strategy for Enterprise VoIP Security
$37.50
Chapter 42
Jose M. Torres
This chapter presents an Information Systems Security Management Framework (ISSMF) which encapsulates eleven Critical Success Factors (CSFs) along... Sample PDF
Critical Success Factors and Indicators to Improve Information Systems Security Management Actions
$37.50
Chapter 43
Rebecca H. Rutherfoord
This chapter will deal with issues of privacy, societal, and ethical concerns in enterprise security. Security for a company is defined as... Sample PDF
Privacy, Societal, and Ethical Concerns in Security
$37.50
Chapter 44
Rodolfo Villarroel, Eduardo Fernández-Medina, Juan Trujillo, Mario Piattini
This chapter presents an approach for designing secure Data Warehouses (DWs) that accomplish the conceptual modeling of secure DWs independently... Sample PDF
An MDA Compliant Approach for Designing Secure Data Warehouses
$37.50
Chapter 45
Hai Wang
This chapter introduces the survivability evaluation, especially on the corresponding evaluation criteria and modeling techniques. The content of... Sample PDF
Survivability Evaluation Modeling Techniques and Measures
$37.50
Chapter 46
Art Taylor
With the rise of the Internet, computer systems appear to be more vulnerable than ever from security attacks. Much attention has been focused on the... Sample PDF
The Last Line of Defense: A Comparison of Windows and Linux Authentication and Authorization Features
$37.50
Chapter 47
M. Pradhan
Information Technology can be used at all levels to counter attack bioterrorism. This article gives an overview of use of Information Technology for... Sample PDF
Bioterrorism and Biosecurity
$37.50
About the Contributors