In-region authentication

Abstract

Location information has wide applications in customization and personalization of services, as well as secure authentication and access control. We introduce in-Region Authentication (inRA), a novel type of authentication, that allows a prover to prove to a set of cooperating verifiers that they are in possession of the correct secret key, and are inside a specified (policy) region of arbitrary shape. These requirements naturally arise when a privileged service is offered to registered users within an area. Locating a prover without assuming GPS (Global Positioning System) signal however, incurs error. We discuss the challenge of designing secure protocols that have quantifiable error in this setting, define and formalize correctness and security properties of the protocols, and propose a systematic approach to designing a family of protocols with provable security where error can be flexibly defined and efficiently minimized. We give an instance of this family that requires only two verifiers, prove its security and evaluate its performance in four typical policy regions. Our results show that in all cases false acceptance and false rejection of below 6 % can be achieved. We compare our results with related works, and propose directions for future research.