IOT: Location-enhanced Authentication using the IoT Because You Cannot Be in Two Places at Once

User location can act as an additional factor of authentication in scenarios where physical presence is required, such as when mak- ing in-person purchases or unlocking a vehicle. This paper pro- poses a novel approach for estimating user location and modeling user movement using the Internet of Things (IoT). Our goal is to utilize its scale and diversity to estimate location more robustly, than solutions based on smartphones alone, and stop adversaries from using compromised user credentials (e.g., stolen keys, pass- words, etc.), when sufficient evidence physically locates them else- where. To locate users, we leverage the increasing number of IoT devices carried and used by them and the smart environments that observe these devices. We also exploit the ability of many IoT de- vices to “sense” the user. To demonstrate our approach, we build a system, called Icelus. Our experiments with it show that it exhibits a smaller false-rejection rate than smartphone-based location-based authentication (LBA) and it rejects attackers with few errors (i.e., false acceptances).

Author(s):

Ioannis Agadakos    
Stevens Institute of Technology
United States

Per Hallgren    
Chalmers University of Technology
Sweden

Dimitrios Damopoulos    
Stevens Institute of Technology
United States

Andrei Sabelfeld    
Chalmers University of Technology
Sweden

Georgios Portokalidis    
Stevens Institute of Technology
United States