Abstract
The latest estimates suggest that there are over two billion cell phone users worldwide. The massive worldwide usage has prompted technological advances which have resulted in more features being packed in the same phone. New dual phones are being built which can connect to both the cellular network and other wireless devices. In this chapter we propose to use the omnipresent cell phones and the secure cellular network for access and location control. Using the cellular network adds to the strength of the authentication process and makes the revocation of access for a user easy. Our scheme also provides spatial control of the entity seeking authentication. In a cell phone based authentication system, our scheme provides location based authentication using two different approaches. One approach uses a trusted hardware sensor placed at a location close to the cell phone to validate the presence of the cell phone. Another approach to obtain the desired spatial control is through the use of GPS. The cellular phones would present the authentication server and the cellular network with the GPS coordinates of its current location using a tamper proof GPS module. This approach also prevents wormhole attacks because the cell phone has to provide the same coordinates to both the authentication server and the cellular network.
TopIntroduction
Cellular phones are becoming ubiquitous telecommunication devices. These are portable wireless devices and connect to the network through RF communication. Due to their low cost and multitude of features, these phones have been transformed from expensive equipment used for business to a low cost personal item. It is estimated that there are over two billion cell phones worldwide (Cellularonline, 2007). These phones typically have low power transceivers which typically transmit data and voice up to a few miles where the mobile tower (base station) is located. This base station connects the cellular phone to the backbone telephone network. The mobile phones cannot communicate when they are unable to connect to the base station.
The capabilities of these phones have also increased dramatically over the last few years. In addition to the standard telephone features, the phones also Instant Messaging, MMS, Internet access, and so on. More advanced features like music and video streaming, digital camera, and document scanner are being bundled with the cell phone. These features have transformed the cell phone from a simple phone to a digital Swiss army knife.
More advanced features like Bluetooth, IR have been added to allow the cell phone to connect with other devices. Avaya, Motorola, and Proxim are planning to introduce a new class of mobile phones called dual phones (Brewin, 2004; Hochmuth, 2004). These phones will be able to make voice calls over the cellular network and the 802.11a WLAN networks. The advantage of using this phone is that the user can make calls through the WLAN infrastructure when he is able to connect to the WLAN. This would save money because the cell phone user would be able to use the WLAN minutes for free. The companies have also developed the technology to “hand off” calls between the WLAN and cellular network. Cell phones can be developed which are able to connect to both the cellular network and the wireless devices. Such ability could enable them to be used in many applications.
There are many applications in wireless networks where access is granted to a user only when the user is located in certain predefined locations (Hansen & Oleshchuk, 2003; Mavridis, Georgiadis, & Pangalos, 2002; Toye, Sharp, Madhavapeddy, & Scott, 2005). For example, a doctor should be able to access the medical records only when he is located inside the hospital and not in cafeteria. In this scenario the doctor has access to the medical records only when he is located in a safe place like his office and not in a public place like the cafeteria. The server can be certain about the users’ location by using a trusted hardware sensor, which is able to determine if the cell phone is in its communication range. Another approach to be certain of the location of the phone is to have a tamper proof GPS module on the SIM card.
In this chapter we assume the cellular infrastructure to be secure. While we believe that security is always in relative terms and a work in progress, cellular networks are much more secure than the other networks like the internet. Vulnerabilities like GSM cloning are being addressed and the GSM are moving away from security by obscurity. 3GPP, which is the next generation of GSM will be using cryptographic primitives which are based out the existing research literature and open to public scrutiny (GSM cloning, 2007). Besides, we believe that cell phones being a multi-billion dollar industry have the resources to provide stronger guarantees for authentication, confidentiality and privacy if such applications are developed.
Key Terms in this Chapter
Location Authentication: Location authentication is the confirmation about the location of the given object.
Spatial Control: Spatial Control is the probability of obtaining the exact coordinates of a location from GPS.
Radio-Frequency Identification (RFID): Radio-frequency identification is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID tags or transponders.
Global Positioning System (GPS): GPS is a Global Navigation Satellite System. The system uses a constellation of at least 24 medium Earth orbit satellites that transmit precise microwave signals, the system enables a GPS receiver to determine its location, speed/direction, and time.
Wireless Local Area Network (WLAN): WLAN is a wireless local area network, which is the linking of two or more computers without using wires.
Subscriber Identity Module (SIM): A Subscriber Identity Module is a removable smart card for mobile cellular telephony devices such as mobile computers and mobile phones. SIM cards securely store the service-subscriber key (IMSI) used to identify a GSM subscriber. The SIM card allows users to change phones by simply removing the SIM card from one mobile phone and inserting it into another mobile phone or broadband telephony device.
Signal-to-noise ratio (SNR): Signal-to-noise ratio is an electrical engineering concept defined as the ratio of a signal power to the noise power corrupting the signal.
Authentication: Authentication is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true.
Global System for Mobile Communications (GSM): GSM is the most popular standard for mobile phones in the world.
Infrared (IR): Infrared radiation is electromagnetic radiation of a wavelength longer than that of visible light, but shorter than that of radio waves. The uses of infrared include military, such as: target acquisition, surveillance, homing and tracking and non-military, such as thermal efficiency analysis, remote temperature sensing, short-ranged wireless communication, spectroscopy, and weather forecasting
Bluetooth: Bluetooth is an industrial specification for wireless personal area networks (PANs). Bluetooth provides a way to connect and exchange information between devices such as mobile phones, laptops, PCs, printers, digital cameras, and video game consoles over a secure, globally unlicensed short-range radio frequency.