"Where are you" based authentication: An improved security protocol using BAN logic

Abdelmajid, Nabih, Hossain, Alamgir, Shepherd, Simon and Khaled, Mahmoud (2008) "Where are you" based authentication: An improved security protocol using BAN logic. In: 7th European Conference on Information Warfare and Security, 30 June- 1 July 2008, Plymouth, UK.

Full text not available from this repository. (Request a copy)


Wider use of on-line transactions has enabled internet identity thieves and computer hackers -someone who breaks computer and network security- to carry out their
work. Authentication currently presents a real challenge for a security specialist people.
Many protocols have been published to solve computer security problems in the last few years. Most of these protocols depend on encryption algorithms. Despite the recent development of strong encryption algorithms, the security problem still exists. Location based authentication has currently become more attractive and efficient than any other strategies. There is a new factor based on user’s position, called “where you are”, in which
the user needs to use specific locations to authenticate him/her. In this paper, an authentication protocol based on location is proposed. In addition to other traditional
factors, this protocol uses user’s position as one of the main factors. It is worth mentioning that the proposed protocol is an improved form of the KERBOROS protocol. The
environment of the protocol consists of a server; S, and two participants; A and B. Communication is performed through message exchange. The main goal of the protocol is
that B needs to be sure that the message is really coming from A. In this process, a number of different factors need to send simultaneously in order to authenticate the user
such as “something you know”; username and password, “where you are” and also coordinates of the GPS location (Global Position System). The two factors are then sent by
“something you have”, over the mobile phone. Simultaneously, these data store in the server, so that server can check whether the received data is correct or not, based on last response. It is worth mentioning that the proposed protocol consists of four messages between the server and participants. A formal analysis tool called BAN (Burrows-Abadi-Needham) Logic is used as a methodology to analyze the protocol. Finally, this study
provides a clear guideline in analyzing and implementing BAN logic based security protocol. The outcome of the investigation is clearly demonstrated that the proposed
protocol has no flaws or vulnerabilities to active attacks.

Item Type: Conference or Workshop Item (Paper)
Additional Information: ISBN:9781906638078 CD
Uncontrolled Keywords: Authentication, BAN logic, GPS
Subjects: G400 Computer Science
G700 Artificial Intelligence
G900 Others in Mathematical and Computing Sciences
Department: Faculties > Engineering and Environment > Computer and Information Sciences
Depositing User: Ay Okpokam
Date Deposited: 09 Dec 2011 12:32
Last Modified: 13 Oct 2019 00:24
URI: http://nrl.northumbria.ac.uk/id/eprint/3959

Actions (login required)

View Item View Item


Downloads per month over past year

View more statistics