International Journal of Scientific & Engineering Research, Volume 5, Issue 9, September-2014 60
ISSN 2229-5518
Access to Geo-Fenced resources from registered locations
Anusha Salam, MTech Scholar in CSIS,ICET,Enakulam,Kerala,India,PH-8547838721,E-mail:anusalam90@gmail.com, Arunkumar M, Assistant Professor, Dept of CSE,ICET,Ernakulam,Kerala,India,PH-9961967044,E-mail:arunpvmn@gmail.com.
Index Terms— Authentication, Authorization, Geofencing, Location based authentication,Lcation based authorization.
—————————— ——————————
Geo-fencing means setting boundaries. The applications which uses geo-fencing include child location services, telematics, location specific advertisements etc. Usually the geo-fence is set with the help of Global Positioning System (GPS) or Radio Frequency Identification (RFID) or Google Earth or web based maps. Most of the applications check fencing criteria either entering or leaving the fence to send alerts. This can be used as an authentication criterion while the person is within the defined fence.
While defining fence for accessing resources in a company, there comes an issue that staff will be able to access such resources only from company. In such cases it will disrupt the workflow of passionate people who also work from home. To enable access to geo-fenced resources from home, home locations have to be preregistered and limited accesses have to be provided.
Access from registered locations can be done with the concept of location based authentication and authorization since here also it is the location criteria along with some credentials provided by user authenticate and authorize staff. Location is used as a factor for authentication using Smartphone. Along with geo-fencing location from location sources such as IP address, Wi-Fi BSSID along with GPS can also be used for authentication and providing security.
New generation IT professionals are more passionate in their work .Most of them too work from home. The proposed idea guarantees access of such geo-fenced resources at registered home locations of users. Moreover in the current scenario each of these workers is not benefited for their extra effort at home. The proposed idea can identify such passionate people and reward them as per their true effort. True effort is no longer hidden.
Some of the existing geo-fencing applications are discussed in [9],[10],[11],[12]. Location based authentication was first introduced to improve network security using a special GPS sensor in [1].Access granted within specific locations was earlier done by identifying overlapping region of multiple access points in LAAC [2].Websites using location information from mobile phone was used in e-learning environment[3].The studies show that GPS and WLAN has an accuracy of below
300 m[4].Combining authentication mechanisms can improve both reliability and security [5 ].Location aware services using Smartphone are introduced[ 6].Location based authentication and authorization is discussed in [7].Location based authentication as a new approach for information security is discussed in [8].
The rest of the paper is organized as follows. A novel architecture for authenticating client and location based access in section 3.1.Section 3.2 describe the messages used for communication in detail. Section 3.3 describe the implementation details. The experimental set up is covered in section 3.4. The idea is concluded in section 4. The main advantage of this approach is that it can be easily integrated into the existing system for improving security. The approach is inexpensive and feasible as no new hardware is needed as a company usually have Wi-Fi and network connection.
3 METHODOLOGY
The scenario is as shown in Fig. 1.Here user have full access to resources when inside company and partial access from home. Whether the staff is inside the company is identified by making use of information such as GPS, Wi-Fi BSSID and IP address retrieved dynamically from the mobile application of
IJSER © 2014 http://www.ijser.org
International Journal of Scientific & Engineering Research, Volume 5, Issue 9, September-2014 61
ISSN 2229-5518
Partial Access
Full Access
Home 1
Home 2
Partial Access
Partial Access
Company
Home n
Fig.1 Scenario staff during each session and comparing with corresponding details of the company. The staff is identified when they are accessing from home by comparing GPS latitude and longitude retrieved from mobile phone with the registered home location with company’s administrator.
The architecture comprises of a web portal to access the resources (a software) and a mobile application. User have to login to the portal first(primary authentication).
Web portal
2. Authentication Request
On getting an OTP from web portal user have to proceed via mobile application (secondary location based authentication). Web server verifies the information obtained and provide the access result which will be displayed in the interface of web portal. The architecture is as shown in Fig. 2.
User here is the staffs who want to access the management software in web portal. Web Portal provide the GUI of software where staff have to login. User’s phone holds the mobile application through which authorization takes place. Server contain the database for storage and web service for authenticating ,authorizing and verifying information retrieved from user’s desktop and mobile transparently.
1. Authentication input
User
4. Authorization input
3. OTP
7. Access Result
5. Authorization
Request
6. Authorization Result
Server
The architecture comprises of the following messages:
User’s Phone
Fig.2.Architecture
session and is displayed on GUI of web portal.
IJSER © 2014 http://www.ijser.org
International Journal of Scientific & Engineering Research, Volume 5, Issue 9, September-2014 62
ISSN 2229-5518
• All communications are signed and encrypted using RSA PKCS. It makes use of the concept of public key encryption. RSA PKCS include signing (Private key) and verification (Public Key), encoding and decoding, encryption (Public key) and decryption (Private key).These three steps make the communication more secure.
3.3.1 WEB
Login by using username and password through web portal. An OTP will then be displayed on portal after authentication. User will then be instructed to proceed via mobile.
3.3.2 MOBILE
Enter username and password. On successful login user is asked to enter OTP displayed on portal in mobile API. Meanwhile in background, information such as IP address, BSSID of Wi-Fi, latitude and longitude is retrieved and placed in object of Shared Preference.
1. IP address:
Public IP address of the device( mobile phone) is obtained by including link http://ip-api.com/json in HttpGet() as shown in Fig.3
HttpGet httpget = new HttpGet("http://ip-api.com/json");
2. WiFi BSSID:
BSSID of WiFi in mobile phone is obtained with the help of WiFi Manager system by invoking the command getSystemService(WIFI_SERVICE) as shown in Fig.4.
WifiManager
wifiManager=(W ifiManager)getSystemService(WIFI_SERVICE);
WifiInfo wifiInfo = wifiManager.getConnectionInfo();
wifibssid=wifiInfo.getBSSID();
Fig. 4.
3. Latitude and Longitude:
gps = new GPSTracker();
if(gps.canGetLocation()){
double latitude = gps.getLatitude();
double longitude= gps.getLongitude(); lat_str=String.valueOf(latitude); lon_str=String.valueOf(longitude);
}
Fig.5.
On submitting OTP all information retrieved gets signed and encrypted using RSA PKCS algorithm and passed to web service for further process.
3.3.3 WEB SERVICE
Verify username and password passed from mobile phone. After decrypting, the received parameters are verified. If parameters are properly received then an authorization successful notification is send to mobile.
3.3.4 WEB
After successful authorization from mobile phone public IP address of the device running web portal is obtained by using curl as shown in Fig.5.
$url="http://ip-api.com/json";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
curl_close($ch);
$comp_ip=$result;
Fig. 3.
The value returned will be JSON. Example
:{"status":"success","country":"India","countryCode":"IN","regio
n":"13","regionName":"Kerala","city":"Thrissur","zip":"","lat":"1
0.5167","lon":"76.2167","timezone":"Asia/Kolkata","isp":"BSNL",
"org":"BSNL","as":"AS9829 National Internet
Backbone","query":"117.216.85.89"}.
Fig. 6.
On clicking OK button of the web portal interface obtained after login, verification occurs. If no parameters are received from mobile , user is instructed to reauthenticate from mobile via web portal. If retrieved latitude and longitude fall in the range of 2 kms from registered home location, then partial view of the software is the access result. If retrieved latitude and longitude fall in range of 5 kms from company’s location provided the IP and BSSID obtained also matches the corresponding known values, then full view of the software is the access result.
IJSER © 2014 http://www.ijser.org
International Journal of Scientific & Engineering Research, Volume 5, Issue 9, September-2014 63
ISSN 2229-5518
Here range (say d) is introduced for ensuring location accuracy. This is done by using Haversine formula as shown in Fig.6.
earth_radius = 6371 km; diffLat = deg2rad(CL – FL); diffLon = deg2rad($CLo - $FLo); o = sin2($diffLat/2) +
cos(deg2rad(FL)*cos(deg2rad(CL)* sin2(diffLon/2);
g = 2 * asin(sqrt(o)); d= earth_radius * g; CL/Lo:CurrentLatitude/Longitude
FL/FLo:FixedLatitude/Longitude(Home/Company)
Fig. 7.
The experiment was done designing software for project management in companies. This software enable administrator to divide a project into tasks, allotting tasks to staff, monitor staffs, projects and tasks progress. Through this staff can know his assigned tasks, his co-worker in project, files related to project, upload his homework to get rewards. Based on location, GUI of the software changes limiting access. Moreover Staff get an increment if he took extra time at home to do the work assigned.
The new generation IT professionals are very passionate in working. People willing to work from home are increasing day by day limited by the geo-fenced software. Moreover people who took extra time at home are not getting any rewards in the present system .The proposed idea overcome such limitations. It gave way to creation of more passionate professionals.
Here public IP and BSSID are provided by trusted entities. So there is no issue of spoofing. Even GPS values obtained from IPhones cannot be spoofed. But there is an issue of spoofing GPS values in Android phones. Here security lies in the fact that staff is also a trusted entity who declare that application won’t be misused. So future work is to ensure no spoofing of location in Android phones as well.
Our sincere thanks to all who helped in developing this concept that include mainly Mr. Rineez Ahmed N, CTO of
Livares Technologies Private Limited and Mr. Manoj ,Software Developer of Aiko InfoTech and Mr. Jinav Shah, Software Engineer at Indus.
REFERENCES
[1] Denning D and Macdoran P, “Location-based Authentication: Grounding Cyberspace for better Security ,” Computer Fraud and Security, pp. 12–16, 1996.
[2] YounSun Gho, L. Bao, M.T. Goodrich, "LAAC: A Location-Aware Access Control Protocol," Mobiquitous, Third Annual International Conference on Mobile and Ubiquitous Systems, Networking, and Services, pp.1-7, 2006.
[3] Takamizawa, H. & Kaijiri, K., “A Web Authentication System using Location Information from Mobile Telephones,” Proceedings of the IASTED International Conference Web-based Education (WBE 2009)
[4] S. von Watzdorf and F. Michahelles, “Accuracy of positioning data on smartphones,” pp. 1–4,2010
[5] Robert W. Reeder and Stuart Schechter,” When the Password Doesn’t work: Secondary Authentication for Websites”, IEEE Usability of Security,pp-43-49,2011
[6] Ananya S and Venkatalakshmi B,” Location based Intelligent Mobile organizer”,IEEE,pp-488-491,2011
[7] Feng Zhang,Aron Kondoro,and Sead Muttic,” Location-based Authentication and Authorization Using Smart Phones,” IEEE 11th International Conference on TrustCom, pp. 1285–1292, 2012.
[8] Shraddha D. Ghogare,Swati P.jadhav,Ankita R.Chadha and Hima C.
Patil,” Location Based Authentication: A New Approach towards
Providing Security,”IJSRP,vol.2,no.4,2012.
[9] Salem M and Deva B, “3rd Party geolocation messaging: A Positioning Enabled Middleware for Realizing Context-Aware Polling,” IEEE International Conference(Mobilware), pp. 100-109, 2013.
[10] Prabhakaran K, Kumar N.R,Puniha G and Asmi S,“A novel approach of geofencing and geotagging system based sea border identification using embedded system,” International Conference ICCTET, pp. 338–
341, 2013.
[11] Cardone G, Cirri A , Coradi A and Foshini L, “Crowd sensing in Urban Areas for City-Scale Mass Gathering Management: Geofencing and Activity Recognition,” IEEE Sensors Journal , vol. PP, no. 99, 2013.
[12] Tarnauca B, Puiu D,Nechifo S, and Comnac V, “Using Complex
Event Processing for implementing a geofencing,” IEEE
11thInternational Symbosium on SISY ,pp. 391-396, 2013.
IJSER © 2014 http://www.ijser.org