Location-enhanced authentication using the IoT because you cannot be in two places at once
Paper in proceedings, 2016

User location can act as an additional factor of authentication in scenarios where physical presence is required, such as when making in-person purchases or unlocking a vehicle. This paper proposes a novel approach for estimating user location and modeling user movement using the Internet of Things (IoT). Our goal is to utilize its scale and diversity to estimate location more robustly, than solutions based on smartphones alone, and stop adversaries from using compromised user credentials (e.g., stolen keys, passwords, etc.), when sufficient evidence physically locates them elsewhere. To locate users, we leverage the increasing number of IoT devices carried and used by them and the smart environments that observe these devices. We also exploit the ability of many IoT devices to "sense" the user. To demonstrate our approach, we build a system, called Icelus. Our experiments with it show that it exhibits a smaller false-rejection rate than smartphone-based location-based authentication (LBA) and it rejects attackers with few errors (i.e., false acceptances). © 2016 ACM.

Location-based services

Internet of things




I. Agadakos

Stevens Institute of Technology

Per Hallgren

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

D. Damopoulos

Stevens Institute of Technology

Andrei Sabelfeld

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

G. Portokalidis

Stevens Institute of Technology

ACM International Conference Proceeding Series

Vol. 5 251-264

Driving Forces

Sustainable development

Subject Categories

Computer Science





More information