Loc-Auth: Location-Enabled Authentication Through Attribute-Based Encryption
This addresses authentication security and user experience for mobile users, though it appears incremental as it builds on existing technologies like Bluetooth beacons and encryption methods.
The paper tackles the problem of cumbersome user authentication by proposing a mobile sign-on scheme that uses location and user attributes as factors, enabling simplified login through Bluetooth Low Energy beacons and Attribute-Based Encryption.
Traditional user authentication involves entering a username and password into a system. Strong authentication security demands, among other requirements, long, frequently hard-to-remember passwords. Two-factor authentication aids in the security, even though, as a side effect, might worsen user experience. We depict a mobile sign-on scheme that benefits from the dynamic relationship between a user's attributes, the service the user wishes to utilize, and location (where the user is, and what services are available there) as an authentication factor. We demonstrate our scheme employing Bluetooth Low Energy beacons for location awareness and the expressiveness of Attribute-Based Encryption to capture and leverage the described relationship. Bluetooth Low Energy beacons broadcast encrypted messages with encoded access policies. Within range of the beacons, a user with appropriate attributes is able to decrypt the broadcast message and obtain parameters that allow the user to perform a short or simplified login.