A Location-Based Authentication System Leveraging Smartphones

This paper investigates a location-based authentication system where authentication questions are generated based on users´ locations tracked by smartphones. More specifically, the system builds a location profile for a user based on periodically logged Wi-Fi access point beacons over time, and leverages this location profile to generate authentication questions. To evaluate the various aspects of this location-based authentication approach, we deployed the application on users´ smartphones and conducted a real-life study for one month with 14 users. To simulate various kinds of adversaries (e.g., Naive vs. Knowledgeable), in our study, we recruited volunteers in pairs (e.g., Friends), in addition to single participants. Over the course of the experiment, each user is periodically presented with two sets of authentication questions. The first set is generated based on a user´s own data. The second set is generated based on a randomly selected user´s data. Additionally, in cases of paired participants, each user is presented with a third set of questions which is generated based on the user´s friend´s data. In each case, three different kinds of questions of varying difficulty levels are generated and presented to the user. Finally, we present a Bayesian classifier based authentication algorithm that can authenticate legitimate users with high accuracy by leveraging individual response patterns. We also discuss various aspects of location-based authentication mechanisms based on our findings in this paper.