Secure Access Control for Location-Based Applications in WLAN Systems

Location-based service provisioning is of great interests to wireless Internet service providers (WISPs) to deliver attractive value-added services, such as service advertisements, product marketing, to the special network users according to their geographic coordinates, along with Internet access benefits. It is usually the case that the basic location information is derived from direct interactions between the infrastructure network and the wireless mobile devices. Unfortunately, the Internet access service easily becomes the target of free-riders and attackers by exploiting the location authentication protocols, and collusively forging their location claims. We propose a location authentication and authorization protocol, LBAC (location-based network access control), to securely authenticate the location claims of mobile wireless users, and to securely distribute the shared keys for data encryption purposes. In LBAC, location areas are defined by the shared points of multiple wireless access points. The fact that a mobile node is located at certain places is authenticated by the mobile node collecting all the key information from the corresponding access points. Using Diffie-Hellman algorithm, LBAC authenticates location claims, and derives the keys for each mobile node and access point pair. LBAC eliminates the dependence on global positioning system (GPS) or ultrasonic devices in order to localize the mobile devices. We enumerate possible attacks to the system and analyze their countermeasures. The computational, communicational and the memory requirement are also evaluated