Loc-Auth: Location-Enabled Authentication Through Attribute-Based Encryption

TL;DR

Loc-Auth introduces a location-aware authentication scheme using Attribute-Based Encryption and Bluetooth Low Energy beacons, enabling simplified login based on user attributes and location, enhancing security and user experience.

Contribution

The paper presents a novel location-enabled authentication method combining attribute-based encryption with BLE beacons for dynamic, context-aware access control.

Findings

Demonstrated feasibility of location-based attribute decryption

Achieved simplified login process leveraging user attributes and location

Enhanced security through context-aware access policies

Abstract

Traditional user authentication involves entering a username and password into a system. Strong authentication security demands, among other requirements, long, frequently hard-to-remember passwords. Two-factor authentication aids in the security, even though, as a side effect, might worsen user experience. We depict a mobile sign-on scheme that benefits from the dynamic relationship between a user's attributes, the service the user wishes to utilize, and location (where the user is, and what services are available there) as an authentication factor. We demonstrate our scheme employing Bluetooth Low Energy beacons for location awareness and the expressiveness of Attribute-Based Encryption to capture and leverage the described relationship. Bluetooth Low Energy beacons broadcast encrypted messages with encoded access policies. Within range of the beacons, a user with appropriate attributes is able to decrypt the broadcast message and obtain parameters that allow the user to perform a short or simplified login.