Location-Enhanced Authenticated Key Exchange

TL;DR

LOCATHE is a versatile protocol that enhances secure key exchange by integrating location, user attributes, and multiple authentication factors, ensuring privacy, forward secrecy, and multi-party control.

Contribution

It introduces a flexible, multi-factor, location-aware key exchange protocol utilizing attribute-based encryption for multi-provider control and privacy-preserving authentication.

Findings

Achieves forward secrecy with ephemeral keys.

Ensures security with zero-knowledge password proofs.

Supports privacy-preserving attribute-based authentication.

Abstract

We introduce LOCATHE (Location-Enhanced Authenticated Key Exchange), a generic protocol that pools location, user attributes, access policy and desired services into a multi-factor authentication, allowing two peers to establish a secure, encrypted session and perform mutual authentication with pre-shared keys, passwords and other authentication factors. LOCATHE contributes to: (1) forward secrecy through ephemeral session keys; (2) security through zero-knowledge password proofs (ZKPP), such that no passwords can be learned from the exchange; (3) the ability to use not only location, but also multiple authentication factors from a user to a service; (4) providing a two-tiered privacy authentication scheme, in which a user may be authenticated either based on her attributes (hiding her unique identification), or with a full individual authentication; (5) employing the expressiveness and flexibility of Decentralized or Multi-Authority Ciphertext-Policy Attribute-Based Encryption, allowing multiple service providers to control their respective key generation and attributes.