Wider use of on-line transactions has enabled internet identity thieves and computer hackers -someone who breaks computer and network security- to carry out their work. Authentication currently presents a real challenge for a security specialist people. Many protocols have been published to solve computer security problems in the last few years. Most of these protocols depend on encryption algorithms. Despite the recent development of strong encryption algorithms, the security problem still exists. Location based authentication has currently become more attractive and efficient than any other strategies. There is a new factor based on user’s position, called “where you are”, in which the user needs to use specific locations to authenticate him/her. In this paper, an authentication protocol based on location is proposed. In addition to other traditional factors, this protocol uses user’s position as one of the main factors. It is worth mentioning that the proposed protocol is an improved form of the KERBOROS protocol. The environment of the protocol consists of a server; S, and two participants; A and B. Communication is performed through message exchange. The main goal of the protocol is that B needs to be sure that the message is really coming from A. In this process, a number of different factors need to send simultaneously in order to authenticate the user such as “something you know”; username and password, “where you are” and also coordinates of the GPS location (Global Position System). The two factors are then sent by “something you have”, over the mobile phone. Simultaneously, these data store in the server, so that server can check whether the received data is correct or not, based on last response. It is worth mentioning that the proposed protocol consists of four messages between the server and participants. A formal analysis tool called BAN (Burrows-Abadi-Needham) Logic is used as a methodology to analyze the protocol. Finally, this study provides a clear guideline in analyzing and implementing BAN logic based security protocol. The outcome of the investigation is clearly demonstrated that the proposed protocol has no flaws or vulnerabilities to active attacks.
|Publication status||Published - 2008|
|Event||7th European Conference on Information Warfare and Security - Plymouth, UK|
Duration: 1 Jan 2008 → …
|Conference||7th European Conference on Information Warfare and Security|
|Period||1/01/08 → …|