A secure user authentication scheme for critical mobile applications

MälardalensHögskola

AkademinförInnovation,DesignochTeknik

ChaimaaBenTahayektBenTahaiktBachelorThesisDate:2017-01-11CompanyName:SAABCompany’sSupervisor:LeifMagnussonExaminer:MatsBjörkmanSupervisor:MaryamVahabi

2

AbstractSmartphones have facilitated tasks in private andwork life for its users. In business,employeesoftenshouldmanagesensitivedatathatunauthorisedpeoplecannotaccess,so some user authentication is needed to perform. Besides the normal userauthentication,someemployersgivetherighttoaccesstothesensitivedataonlyiftheemployees stay in specific locations. Thatmakes sense for thosebusinesses that havevarious construction sites and offices that are not necessarily located in the samegeographicalregion. In thosecompanies, theemployeesmustbeable toperformtheirtasksfromdifferentlocationsregardlessoftheavailablenetworkinfrastructure.Toprotectthedatafromintruders,thisresearchpresentsasecurelocation-baseduserauthenticationschemeformobileapplicationthatworksoffline.Thisresearchconsiderstoenableaccesstothesensitivedatausingoff-the-shelfmobiledeviceswithoutaddinganyextrahardwareandwithnoadditionalinformationfromafixedinfrastructure.ThisThesis firstlydescribes thearchitectureandattributesof theproposedsolution.Then,thetechniquesusedforthedesignandfunctionalityofthesolutionarepresented.Theresults of this study reveal that the proposed solution is more suitable for theapplicationsthatisusedinoutdoorlocations.Finally,toalleviatetheshortcomingofthepresentedtechniqueforindoorlocations,anewmethodhasbeendiscussedandtested.ThisreportisafinalThesisincollaborationwithSAAB.Thepurposeofthisresearchistoexaminethebestwaytoprotectsensitivedatamanagedbytheemployeesusingtheirsmartphonesindifferentworkplaces.

3

TableofContents1.ListofAbbreviations..................................................................................................................42.Introduction..................................................................................................................................52.1Problemformulation........................................................................................................................52.2Proposedmethod...............................................................................................................................62.3Expectedoutcome..............................................................................................................................6

3.Background...................................................................................................................................73.1LocationBasedServices..................................................................................................................73.2Indoorpositioning...........................................................................................................................11

4.Design..........................................................................................................................................144.1LBCARegistration............................................................................................................................184.1.1Distancecalculationoutdoors...............................................................................................................204.1.2Distancecalculationindoors..................................................................................................................20

4.2LBCAAuthentication.......................................................................................................................214.3LBCADataTransfer.........................................................................................................................214.4Code......................................................................................................................................................22

5.Results........................................................................................................................................235.1TheAccuracyoftheCalculatedDistance.................................................................................235.2IndoorLocations..............................................................................................................................245.3DistanceCalculationUsingStoredLocationinALDB..........................................................26

6.Discussion...................................................................................................................................277.Conclusions................................................................................................................................277.1Futurework.......................................................................................................................................28

References......................................................................................................................................29

4

1.ListofAbbreviationsADS AuthenticationandDataServerALDB ApplicationLocalDatabaseAPI ApplicationProgrammingInterfaceBLE BluetoothLowEnergyCMS ContextMonitorSystemGPS GlobalPositioningSystemGSM GlobalSystemforMobilecommunicationsHLR HomeLocationRegisterHTTPS HypertextTransferProtocolSecureIP InternetProtocolLA LocationAreaLBCA LocationBasedClientApplicationLBS LocationBasedServicesLVLR LocationVisitorLocationRegisterMAC MediaAccessControlMCM MosesConfigurationManagerMH MosesHypervisorMSC MobileSwitchingConnectionsMT MobileTerminalMULE MobileUserLocation-specificEncryptionPCS PersonalCommunicationServicePDA PersonalDigitalAssistantPEM PolicyEnforcementModeREST RepresentationalStateTransferRSSI ReceivedSignalStrengthIndicatorSA ServiceAreaSP SecurityProfileSSID ServiceSetIdentifierSSL SecureSocketLayerTLD TrustedLocationDeviceVLR VisitorLocationRegisterWLAN WirelessLocalAreaNetwork

5

2.IntroductionThewidespreaduseofsmartphonesinrecentdecades,mainlyinpersonaluse,hasledtothegradualdisuseofbasicobjectssuchascalendarsandnotebooks,whicharealreadyincorporated in smartphoneswith other features. Importantly, smartphone usage hasextended even into workplaces. Until recently, employees, who had to perform theirtasks in different places used to write notes on a paper notebook. However,smartphoneshavefacilitatedandimprovedthejobprocess,allowinguserstocompleteseveraltasksindifferentplaces.Inthisway,smartphonesarepowerfultoolstoincreaseproductivityinmanycompanies[1].However, the flexibility of performing tasks from different places with smartphonesposes some issues for the business-critical applications. In this regards, data securityandprivacyaswellasapplicationreliabilityarerelevantinmanycompanies.Infact,bytheemergenceof smartphonesand theirapplicability inworkenvironments, thealertlevel concerning security has increased. Some companies let the access to theinformation only in trusted regions. The trusted region can be a standard officeenvironment (indoor) with other network facilities or a remote location such as aconstruction site without any other fixed infrastructure (mainly outdoor). Thus, asolution that ensures safe and secure data authentication according to the relevantcompany’srequirementsishighlyappealing.Data securitymeans protecting data, such as a database, from destructive forces andfromtheunwantedactionsofunauthorizedusers[2].Reliabilityofaproductorserviceis theprobabilitythatwhenusedincertaincircumstancesandconditions, theproductperforms its function as expected. Safety means that the risk of harm has beeneliminatedorreducedtoacontrollablelevel.To achieve a solution, the following questions should be addressed: 1. How can theaccess to information be given to the user (authentication)? 2. How to allow theauthenticateduseraccessevenwhenthesystemisoffline?

2.1ProblemformulationProtectinghighlysensitiveandconfidentialdataiscrucialinmanycompaniesthatworkcloselywithgovernmentandnationalsecurity.Crucially,internalandcustomer-relateddataneithershouldnorcanbeaccessedbyunauthorizedusers.The main problem addressed in this research is how to protect this type of highlysensitivedatafrompotentialintruders.Userauthenticationhasbeeninplacesincethelastdecades [3]. Manycompanieshavestrict regulationonwhere theaccess to thosehighly sensitive data must be given. Typically, upon accessing to the database, theencrypteddatamustbetransferredthroughasecureprivatenetwork.Itisassumedthatthenetwork ishighlysecuredandhence,networksecurity isoutsidethescopeof thisresearch.Themainsub-problemscanbesummarisedasfollows:

1. Whatisthebestapproachforacquiringthelocationoftheuserinanoutdoorandindoorenvironment?

2. Howshouldthelocationinformationbeusedinthealgorithmtoprovidesecuredauthentication?

6

2.2ProposedmethodInordertoprotectsensitivedata,thisresearchwillinvestigateamobilelocation-basedauthenticationscheme, thatenablesaccess toanapplicationbasedon thepresenceoftheuserinspecificgeo-locations.The devised algorithm does not require any information from any wired/wirelessnetworktoenableaccessingtothesensitivedata(i.e.offlinemode)andaimstotransferthedata onlywhen the user stays in trusted locations. Thisway, the systemuses thecompany'ssecuredprivatenetworktosafelysynchronisetheinformationtothecloud.Inordertofindthebestapproach,weneedtoinvestigateallthepossiblemethodsthatcanprovidethelocationinformationoftheusersandthenintegratethatinformationintheauthenticationmechanism.After finding the best suited method to acquire location information, a mobileapplication will be developed to evaluate the precision of the algorithm via a securenetwork. This research work focuses only on iOS systems, developing it using C#programming language instead of iOS native programming language Objective-C orSwift.

2.3Expectedoutcome

The main outcome of this research is to design a secure geo-location user authentication scheme that uses the position of the mobile users to enable accessing to a mobile application. To evaluate the functionality of the devised technique, a working mobile application prototype of the investigated user authentication scheme will be developed and tested for iOS platform.

7

3.BackgroundRecently, thenumberofmobiledeviceswithcapabilities toreceive theuser’spositionusing Global Positioning System (GPS) has gradually increased. GPS is a satellitenavigationsystemthatusesasetofsatellites,whichprovidesanopportunityforanyonewithaGPSreceivertodeterminethedevice’slocation(longitude,latitude,andaltitude)inanyweatherconditionandatanytimefromanywhereontheEarth.Furthermore,GPStechnology enables a new software-level service that uses location data to retrievedifferent features. This service is known as Location-Based Service (LBS) and aims toofferapersonalisedservicetousers,basedonthecurrentpositionofthedevice[4].Inthefollowingsubsection,anumberofrelatedworksthatapplythesametechniquewillbediscussed.

3.1LocationBasedServicesThissectionsummarisessomeoftherelatedworksthatusethelocationinformationtoprovideasetofservices:

• MOSES[1]isaframeworkusedinAndroiddevicesthatwasdevelopedtohandlesensitivedataincompanies.Itsprimarypurposeistocreateasecuredareacalleda Security Profile (SP). An SP contains applications, data, and security policies.ThesecuritypoliciesensureapplicationsbelongingtoanSPcanonlyaccessdatathatareinthesameSP.MOSESConfigurationManager(MCM)isresponsibleforcreatingnewSPandchangingsettingsforexistingSPbyinsertingnewdataandapplications.Thus, it ispossibletopreservedatainformation.InFigure1,threeSPsarerepresented,suchaswork(storesonlydataandappsrelatedtoworkthatthe user cannot modify); private (stores apps and data for private use); anddefault(storesdataandappsthatarestillnotclassified).TheMOSESHypervisor(MH)activatesanddeactivatestheSPs,furtherloadsthesecuritypoliciesoftheSPinthePolicyEnforcementModule(PEM).ThePEMisresponsibleforassuringsecurityineachSP.EverySPhasassociatedacontextinformation(locationandtime),thiscontextisdetectedbyContextMonitorSystem(CMS).

8

Figure1MOSESsystemoverview[1]

• MobileUserLocation-specificEncryption(MULE)[5]encryptsonlysensitive

datastoredonlaptops.MULEencryptsanddecryptssensitivedatawithoutanyeffortfromtheuser.Thereisnoneedtoenterpasswordinordertoaccesstheinformation. Additionally, MULE requires a Trusted Location Device (TLD)installation, which supplies a location-specific message (m) through aconstrainedchanneleachtimeauserconnectstoTLDfordecryption.Figure2illustratestheMULEoperation.ATLDcreatesandreturnsthelocationmmessageevenifauserisnotinatrustedlocation.Oncetheusertriestoaccesssensitive data,MULE automatically decrypts the data ifm is valid. In the casethatm is invalid(theuser isnot inatrusted location)theusermustprovideapassword for decryption. Once the laptop disconnects or ismoved to anotherlocation,thedataareencryptedagain.Aninconveniencerelatedtosecurity,MULEcheckstheconstrainedchannelforatrustedlocationduringdecryptionandencryption.Iftheuserisnotinatrustedlocation, then they must enter a password for decryption. However, thisapproachdoesnotconsiderifamalicioususercanenterthetrustedlocation,allsensitive data can be accessed through a user laptop without any furtherauthentication(nopasswordisneeded).

9

Figure2.OperationofMULE[5]

• Tseng.Chetal.[6]studiedalocationmanagementschemewithawirelesslocalareanetwork(WLAN)positioningalgorithm.Thisworkdescribesaprocessthatsupplies location information from a hierarchical location database to mobileusers and LBS providers. This location management scheme acquires thelocation of a mobile terminal (MT) by integrating the WLAN with PersonalCommunicationService(PCS)networks.PCSisasetofwirelessmobileserviceswith advanced coverage that distributes services at amore personal level [7].The location management system in PCS occurs between the Home LocationRegister (HLR) and the Visitor Location Register (VLR) server [6]. Figure 3depictstheintegratedlocationmanagementsystem:

o TheMTmust update its location information to VLR and the VLR then

forwardsorreceivesMTupdatestoorfromtheHLR.Further,HLRsendslocationcancellationtotheVLR.

o TheHLR connects to oneormoreMobile SwitchingConnections (MSC)assigningitaVLR.EachMSCorVLRcontrolsaServiceArea(SA),whichiscomposedofseveralLocationAreas(LA).

o TheSAprovideslocationinformationtotheVLRorMSC.o A WLAN can provide more precise location information than the PCS

networksandthisinformationisinsteadsavedinaLocalVisitorLocationRegister(LVLR)server,whichincludesauserID,amediaaccesscontrol(MAC)andaninternetprotocol(IP)address.

10

Figure3.LocationManagementSystem

TheGEO-RBAC[8]model is employedbyuserswith a location-aware terminalthatrequeststheinformationservicessuppliedbyanapplicationserver.InGEO-RBAC, spatial features are used to represent objects, user locations, andgeographicallylimitedroles.Figure4presentsaGEO-RBACexampleconcept.Inthisexample,tworolesareabletoaccessanapplicationusingGEO-RBACintwodifferentplaces.Arolemayhaveaccesstomorethanoneplacebutnottoalltheinformation.Rolesareactivatedbasedonthepositioninformationobtainedfromtheuser’sGPS[8].

Figure4.GEO-RBACModel

• Liao.H,etal.[9]haveproposedalocation-dependentdataencryptionapproachformobile information systemby using a Personal Digital Assistant (PDA). Inthis scenario, two phases are required: (i) registration and (ii) operation. Theregistration phase involves themobile client and information server receivingthe same series of a session key during a registration phase under a securechannel.Whereas theoperationphasestartswhen themobile client isoutside

11

the secured channel; transmitting coordinates (collected from the GPS) and aspecific session key to the server before receiving or sending a message.Subsequently, the server returns an encryptedmessage using the coordinates(latitudeandlongitude)andspecificsessionkey.TheclientcanonlydecryptorencryptthemessagewhentheGPScoordinatesthataresentmatchwithallowedcoordinates. The specific keyused for encryption anddecryption expires aftereachsession.ThesephasesaredepictedinascenarioprovidedinFigure5.

Figure5.Theproposalscenario[9]

• Zhang.Fetal. [10]proposedalocation-basedauthenticationandauthorizationusingsmartphonestodetectandsendtheuser’slocationtoaserver.Theserverthen verifies the location to allow authentication and authorisation to specificservices.

• Albayram.Y et al. [11] investigated a location-based authentication to createauthenticationquestionsbasedonauser’slocationstrackedbysmartphones.Inthebackground,anapplicationcollectsthelocationsofauserandsendsittoaserver.When the user authenticates, the server generates challenge questionsbasedonallthelocationinformationstored.Anexamplequestioncouldbe:Howmanyplacesdidyouvisityesterday?Onlytheuserwhoownsthesmartphonesshouldbeabletoanswerthequestionandiftheycannot,theyaretreatedasanunauthorizeduser.

3.2IndoorpositioningInmostof theaforementionedworks, theLocation information fed into thealgorithmthrough GPS [8-11]. Many researches have demonstrated that GPS does not workproperly indoors.Consequently, these findings led to several studies regarding indoorpositioning,forexample:

• Choi. M et al. [12] uses Bluetooth Low energy (BLE) Beacon technology tolocalisemobiledevices.Here,adigitalcontentmanagerinitiatesandbroadcastsaBLEbeaconsignaltodetermineifauserisnearapredefinedlocation.

• Tseng.Cetal.[6]developedasignal-basedpositioningalgorithmbasedonWLANreceivedsignalstrength indication(RSSI).APDAwithwirelessantenna isusedforRSSImeasurementandthesignalstrengthsarecollectedatalltrainingpointsforeachaccesspointandrecordedinadatabase.Thenthedistancebetweentwoneighbouringtrainingpointsprovidesanaccurateposition.

12

• Hintze.D et al. [13-14] relied on Global System for Mobile communication (GSM) cell and WLAN access point MAC addresses for location-related signals. The mobile devices with the wireless fidelity (Wi-Fi) enabled scan for Wi-Fi access points within range. A list of access points is stored each described by its MAC address, service set identifier (SSID), RSSI. Using multiple signals in range, a location can be triangulated. This information is combined with location determined by GSM cell. The GSM cell obtains the location based on the signal strength from various cell towers, the mobile device can calculate its location by estimating how far the mobile device is from each cell tower.

• Albayram.Yetal.[11]usedanindoorWLANfingerprintingmethodfortrackinguser locations. Intermittently, amobile application collected the beacons of allnearbyWLANaccesspointand theapplicationstoredaWLAN fingerprintwithrelevantinformation(timestamps)fromthepreviousbeacons.

• Faragher.R et al. [15] demonstrated that BLE beacons are better for indoorpositioningincombinationofBluetoothtechnology.

Table2.Descriptionofpreviousstudies,withsimilarfindingstothisresearch

Table 2 describes how previous studies, which presented similar problem to thisresearch,have solved location-basedauthentication. Such services canbeapplied in aprofessional environment, that deals with user authentication problem for theapplicationsinwhichtheemployeesshouldworkindifferentplaces.

Study Problem Solution Advantages/Disadvantages

[9] How to encryptor decrypt datain a mobiledevice outsidesecurednetwork?

Each time the userneeds to decrypt orencrypt, the devicesendsGPScoordinateswith a specific key toanexternalserver

Advantages: works in indoors,because with network connectionalongwithGPS, itcanreceivedevicecoordinates.Disadvantages: Always needs anetworkconnectiontoconnecttotheserver.

[10] How to allowusers access tospecific servicesdepending ontheirlocation?

Sends locationinformation from GPStoaserver.

Advantages: the application isaccessible in both outdoor andindoorenvironments.Disadvantages:Asabove,anetworkconnectionisalwaysneeded.

[11] How to createquestion basedon the user’strackedlocationsbyGPS?

Tracks the location inthe background andsendsinformationtoaserver. It uses WLANfingerprintingindoors.

Advantages: the application isaccessibleoutdoorsandindoors.Disadvantages:Asabove,anetworkconnection is needed. But evenWLANaccesspoints.

[12] How to knowusers are near aspecified areausing BLEBeacon?

Using smart mobiledevices, checks theBLE beacon’s signalforpresenceofusers.

Advantages: the application isaccessibleoutdoorsandindoors.Disadvantages: BLE beacon areneededinordertolocatethedevices.

13

As described and shown in Table 2, all the mentioned works [9-12] use additionalhardwaresuchasBLEbeaconemitter,WLANaccesspointsormore information frominfrastructure, like GSM cell, in order to get the accurate location information. In thisThesis,noadditionalhardwareratherthanaconventionalsmartphoneshouldbeused.

14

4.DesignAccording to thecompanyrequirement, it isassumedthatnoextrahardwaremustbeused,andthesolutionmustnotrelyonanyothertechnology,suchascellular,Wi-Fi,etc.networks. Consequently, the GPS information from users’ smartphones in an offlinemode is left as the onlymean to provide the location information. Subsequently, theobtainedlocationinformationmustbeintegratedintheauthenticationalgorithm.

Figure6.Architectureofthesystem

The architecture of the GPS-based solution is illustrated in Figure 6. It involvessmartphones with built-in GPS which is running a specific iOS application. Theapplicationneedstoknowthelocationinformation, inordertobeabletoaccesstoitscontent. The information from GPS enables the application to calculate the distancesbetweenuser’s locationandtheallowed locations. If theuser’sposition is ina trustedregion, themobileapplication isaccessiblebytheuser. Incasetheuser is in themainoffice,themobileapplicationisalsoabletocommunicatewithanexternalserverviathededicatednetworkconnection.Thelocation-basedsolutionconsistsofthreerelevantcomponents:A. Location-BasedClientapplication(LBCA):

A mobile application running on user’s smartphone that collects locationsinformation such as latitude, longitude, and name. These details are collectedfrom both the GPS and Application Local Database (ALDB). The type of storedinformationinALDBisexplainedinpartB.ThisinformationallowsordeniestheusertoaccessLBCAcontent.Further,iftheuserlocatesinatrustedlocationfordatatransmission,itispossibletosendandreceivedatatoandfromtheserver.Figure8illustrateshowthiscommunicationprocessoperates.

15

B. ApplicationLocationdatabase(ALDB):A local database (located in the mobile device), that stores four importantinformationfieldsoftheLBCAmobileapplication,whichare:

1. Authorised location information: contains authorised location coordinates,latitudeandlongitudedetails,andname.

2. Locations updates information: stores location information collected in thebackground.

3. User information: consists of a user’s credentials, username and password,and email address. These credentials are used for logging-in to themobileapplication.

4. Datastorage: containsdata received from the server and introducedby theuser in the LBCA. These data are categorized as sensitive data, that is,informationthatmustbeprotectedfromunauthorisedusersaccess.

C. AuthenticationandDataserver(ADS):Acloudserver[16]thatprovidesauthenticationserviceforagroupofusersandviawhichauthenticateduserscanreceiveandsenddatatotheserver.

Figure7.Thesystemcomponents.

Figure 7 shows the main components of the system. The LBCA mobile applicationcommunicateswiththeclouddatabase,ADS,usingasecurenetworkconnectiontosendand receive data. The application communicates internally with the local data base,ALDB, to store data received from the ADS and also data introduced by the user,togetherwiththeuser’slocationinformation.TheADS,acloudserverisinitialisedandupdatedbysystemadministrators.

16

Figure8.Systemoperationwhenauserrunsthemobileapplication.

17

Figure9.Thesetupphase,administratorfunctionality.

TheadministratorfunctionalityisdepictedinFigure9.AdministratorsareresponsibletoregisteralltheuserswithauthorizationtodownloadanduploaddatafromADS(1),aswellastoaddandupdatedata(2).OnceauserisloggedinLBCA,andifbeinginthemain office, the user can send and receive data from ADS (3). To proceed with thetransmission, the usermust connect to ADS (4-5), transmitting the data (6-7). Theseusersareascribedwithseveraltrustedlocations,whichareappliedtowardsLBCAandADSauthentication.TheADSkeeps informationabout a groupofusers andeachuserhasanassignedlistofauthorisedlocations,similarto[10].

Figure10.Usersetupsystemoperation.

18

Besides,eachusermustsetuptheLBCAforthefirsttimeandregistertothesystem.Thesetupmustbedoneonthemainoffice,inordertohaveasecurenetworkconnection.Asshown in Figure 10, the user must register for login and authorised locations to theALDB (1-3). Since each user has its own trusted locations assigned in ADS, theauthorised locationsmustbe contrastedwithADS (4-7)before adding them toALDB.Finally,thematchingADSlocationsmustbeaddedtoALDB(8).

Figure11.Userfunctionality(inthemainoffice).

Subsequentlytothesetupphase,eachuserhasseveraltrustedlocationsstoredinALDB.Figure11reflectsthewholeuserfunctionality.Thoselocationshavetobecheckedeachtime theuserhas to log in theLBCA(1-3).Onceuser logs in,data informationcanbeadded and updated (4). Supposing that user is still in the main office, the user canreceiveandsenddatafromADS(4-6).Intheproposedsystem,threetechniquesareused,asfollows:LBCAregistration,LBCAAuthentication,andLBCADataTransfer.

4.1LBCARegistrationTo preserve mobile application privacy, users must register for access to the mobileapplication.Registrationmustalwaysoccurinasecurelocationsuchasamainoffice.Themainofficeshouldprovideasecurenetworkconnectivity.Registrationtakesplaceonceandtherearetwowaysforthistoproceed:

• The user provides their username, password, and email address forregistration.ThesecredentialsarespecificforthisapplicationandarestoredintheALDB.

• SinceLBCA is implementedonan iOSplatform, it ispossible touseApple’s‘TouchID’ technology for identification. ‘TouchID’ is a fingerprint

19

authenticationthatisusedtosecureorunlockadeviceandcanbeusedasaproofofidentity[17].Fingerprintregistrationisprocessedfromthedevice’ssettings. In addition, if the user chooses TouchID as a registrationmethodinstead of a previous option for authentication to the LBCA, the usermustalsoprovideausernameandemailinformation.Inthiscase,TouchIDstorestheusernameandemailaddressinanALDBasauthenticationcredentials.

The registration information is then added into the user information section in theALDB.Assoonastheregistrationprocessiscompletedthesameuserhastoregisteritslocations(seeFigure10).The primary issue investigated in the present study is how to acquire an accuratelocation that provides access to the application without using a network connection.Additionally,applicationaccessislimitedtoonlyallowedlocations.Asdiscussedpreviously,alocationregistrationmustbeconductedbytheuser.Locationinformation isdivided into two types, staticanddynamicsimilar to [10],and involvesfive parameters, latitude, longitude, range of location, location name, and timestamp.TheaccuracyrangeisautomaticallysetbyLBCA.Theaccuracyrangeisconsideredfortwo reasons: (i) to compensate the inaccuracy of the built-in GPS device and (ii) toconsidertheareaoftrustedlocation.In thisstudy,static locationsarestored inanALDB.Static locationscanbeaddedandremoved by the user. It is important to mention that these static locations must becontrastedwiththeADSbeforeaddingthemtoALDB.Thestaticlocationcollectionproceedsasfollows:

• Exactvaluesoflatitude,longitude,andlocationnameareintroduced.• Inthecaseofauserknowingonlytheaddressofalocation,theLBCAcanaccess

geographical location information such as latitude and longitude details. Thisapproach uses a public application programming interface (API) [18], in thisstudyGoogleMapsAPIisused.

Inaddition,amainoffice’slocationwasprovidedtotheALDB.Dynamic location information is obtained from a smartphone’s built-in GPS and isupdatedinthebackgroundeachtimetheusermoves.Thedynamiclocationsupdatedinthe background are stored temporally in theALDB alongwith a timestamp.Once theusersuccessfullylogsin,alldynamiclocationsstoredpreviouslyareremoved.The application system continues to update location information in the background.WhenauserlogsintotheLBCA,tworequirementsarecheckedatsametime,theuser’scredentialsandthedistancefromthepermittedarea.Ifauserislocatedinapermittedarea,LBCAcontentbecomesaccessible.Thedistancebetween static anddynamic is calculatedusing theGreatCircleDistancealgorithm[19].ThisalgorithmcalculatestheshortestdistancebetweentwopointsovertheEarth’ssurfacefollowingtheHaversineformula[20]andusestheEarth’sradiusof6371km.TheGreatCircleDistancealgorithmiscomputedbasedonthefollowingformulas:

20

h=sin²(Δφ/2)+cosφ1*cosφ2⋅*sin²(Δλ/2)(1)

c = 2 * 𝑡𝑎𝑛$%(√𝑎, √(1 − 𝑎)) (2)

d=R*c(3)

where,disthedistancebetweentwolocations(φ1,λ1),(φ2,λ2);andφislatitudeandλislongitude.RisEarth’sradius(6371km).The obtained distance can be represented as a straight line between the two points,ignoringanyhills.Therefore,thisdistancediffersfromthedistancecalculatedbythosethatuseroads.

4.1.1DistancecalculationoutdoorsIn outdoor locations, GPS is typically accessible, thus access to the LBCA is calculatedusingthelatitudeandlongitudeofeachpositionasfollows:

1. ReceivecurrentlocationfromGPS.2. ReceivealistofallowedlocationsfromALDB.3. Calculatedistancebetweeneachallowedlocationandcurrentlocation.4. Determineifthecalculateddistanceisintheaccuracyrange(5Km).5. Withsuccess,return‘TRUE’tothesystemandstopcalculatingdistance,otherwise,

continuescalculatinguntilthesystemreachesthelastallowedlocation.

4.1.2DistancecalculationindoorsAs previous studies showed [21-23], GPS did not work adequately in indoorenvironments. Using smartphones, GPS works indoors only in combination with anetwork connection (eitherWLAN or 3G/4G, the third generation of wirelessmobiletelecommunicationstechnology).Thisproblemdefinitelycanaffectthefunctionalityofthe system. In order to improve the functionality, an extension has been developed.Accordingly,ifauserwantstoaccessLBCAindoorsandGPSisunreachable,thesystemuses the last stored location that has been saved automatically in the background todetermineifthedeviceisintheaccuracyrange.Incase,theuserbeinginthetrustedlocation,theLBCAusesthelocation’stimestamptostart a timer. This timer closes this application after 45 minutes fromwhen the lastlocationwascollected.For example, if the GPS running in the background collected the last location at10h23m53s,andtheuseraccessedtheapplicationat10h45m23s, theusercanstillusethe application for23m30s. Once the time finishes, the user is logged out and is thenunabletoaccessthelocationagainuntilaGPSsignalisaccessedagain.

21

4.2LBCAAuthenticationToprotect sensitivedata, LBCAuses twoauthentication techniques, one for accessingthe LBCA application and another for the ADS server. LBCA access is granted eitherthroughfingerprintingorbyreceivingcredentials(e.g.usernameandpassword),whichdependsontheuser’schoiceduringregistration.AuthenticationforADSisdisplayedonthe screenafter themobileapplication isaccessed,andonly if theuser is in themainoffice.Then,itbeginsdatareceptionandtransmission.The user should register with their full name, username, and password. This serverstoresauthorisedusernamesforregistering.AsillustratedinFigure12.A,iftheuserisauthorised,theregistrationisacceptedandtheservercreatesaone-timerandomaccesscode (token) associated with the registered user (1-3). This code is storedsimultaneouslywithusernameandpasswordcredentials(4-5).Then,asrepresentedinFigure12.B,each time theuserrequiresaccess to theserver toeitherreceiveorsenddata, login is required (1-2). If credentials are correct, the server uses the token forreceivingandsendingdata(3-6).

Figure12.RegistrationandAuthenticationinADSfromLBCA.Theusermustbeinthemainofficeandlogged

intotheLBCAsystem.

4.3LBCADataTransfer

The data transfer is conducted through Hypertext Transfer Protocol Secure (HTTPS)[23], using a Representational State Transfer (REST) web services [24]. Duringtransmission,dataareencryptedbyaSecureSocketsLayer(SSL)anddecryptedat itsreception. SSL uses a symmetric encryption using the same key code to encrypt anddecryptthedata.Thekeyisgeneratedforeachconnection.Theclientside(inthiscase,themobileapplication)createsarandomkeytobeusedforencryptionanddecryption.ThiskeyissentwithinformationtotheADSserver.

22

Data received from theADSserver saves intoadata storagesection in theALDB.TheuserupdatesreceiveddataandstoresitbacktotheALDB.Oncetheuserisintherightlocation,theycansenddatabacktotheADS.Withsuccessfultransmission,datacanberemovedfromtheALDB.AllinformationstoredintheALDBisalsoencryptedusingsymmetricencryption.Eachtime the data are encrypted, the LBCA system generates a key for decryption.Importantly,datacanonlybedecryptedbythesameuserwhoencryptedit.Because this application requires high security, even the data stored in theALDB areencrypted. This encryption is implemented to prevent access to the data through theAppStore, the application for accessing Apple devices. The AppStore can access anapplication’s file system, thus making it possible to also access local databaseinformation.

4.4Code

Generally,iOSapplicationsareimplementedwithanativeprogramminglanguage,Swiftor Objective-C, and in Apple’s development environment [25]. However, now it ispossibletoimplementnativeiOSapplicationsusingotherprogramminglanguagesanddevelopmentenvironments.The present research was implemented using C# and Xamarin Studio as thedevelopment environment [26]. This approach was selected for three reasons, asfollows:

• Toexperimenthoweffective,itistoimplementnativeusingC#andXamarin.ByusingXamarinforiOSapplications,thedevelopercancombinefeaturesfromC#andiOSfeatures.

• Forsimplicity.ItislikelytobeeasierinthefuturetomigratethiscodetoAndroidandWindowsphoneoperatingsystemusingXamarin.

• Xamarin enables the .NETFrameworkdevelopment on iOSdevices that donotnativelysupportitviaObjective-CorSwift.

23

5.ResultsToanalyse sustainabilityusingamobile location-basedapplicationwithoutanetworkconnection, two important issues were evaluated, (i) the accuracy of the calculateddistance forenabling theaccess toLBCAand(ii) the functionalityof thealgorithmforoutdoorandindoorlocationdetection.The testswereperformedusing themobileapplicationdeveloped in twodifferent iOShardwaredevices,aniPhone5sandaniPadAir.Bothdevicesusedthelatestoperatingsystem,iOS10.Nonetworkconnectionwasrequired.For the evaluation, different authorised indoor and outdoor locations were chosen,Indoorlocationsmaterialswerecork,brickorstone,andwood.The tests ran10 times ineach locationandGPSon thedevicewasused todetermineuserposition.

5.1TheAccuracyoftheCalculatedDistanceDuetotherangeaccuracyontheapplicationbeingsetto5Km,thetestswereconductedin a range from 0Km (exact position) up to 5Km. The analysis demonstrated thepercentageofsuccessratestoaccesstheapplication.Resultsrevealthatthesuccessratewashigherwhenreachingtheexactlocations(seeTable1).In thisevaluationaccuracyrange isset to5Kmaccording toSaabcompany.However,thiscanbechangedeasilyaccordingtothecompany’srequirement.

Table 1. The rate of successful access to the application according to the user distance from the trustedregion.Results show that from 0 to almost 3.5Km, the application was always accessible,althoughby increasing thedistance fromthe trusted location(3.5Km<d<5Km)access

Loc.Info-----------Dist. Fromexactloc.(d)

Locationarea1 Locationarea2 Locationarea3iPhone5s

iPadAir iPhone5s iPadAir iPhone5s iPadAir

0<d<3.5km

approx.

100% 100% 100% 100% 100% 100%

3.5<d<5km

approx.

72% 71% 69%

70%

71% 72%

5km 45%

40%

48%

52%

58%

45%

>5km 0% 0% 0% 0% 0% 0%

24

wasnotalwayssuccessful.Attheexactborderoftheacceptableaccuracyrange(5Km)thesuccessfulaccessratefellto50%.Thereasonisthatthedistancecalculationswerenotalwaysthesameduetothe inaccuracyofGPSreadings inthedistancecalculation.ThealgorithmcalculatesdistancesovertheEarth’ssurface,whichistheaerialdistance,(seeSectionLBCARegistration),and it isdifferent fromroaddistance.Since the inputfromGPScanbedifferentateachtime,thealgorithmmayletaccesstotheapplicationornot. For example with the selected accuracy range of 5Km, it is observed that thecalculated distance is changing around 5±05 Km. As expected, the application wasinaccessibleatadistancefartherthan5Km.

5.2IndoorLocationsAsdescribedinSection3.2,manyresearchworksshowthatGPShasapoorfunctionalityfor indoor scenarios. To examine the functionality of the proposed algorithm, severaltests have been conducted in different indoor environments. As expected, the testresults revealed that GPS is not very reliable to provide the best functionality of thealgorithm. The success rate for indoor scenario highly depends on the size of thebuilding,theproximityoftheneighbouringbuildings,thebuildingmaterial(e.g.wideornarrowstonewallsorwoodwithcorkwalls),andthedistancefromthewindows.Itisgoodtomentionthat,innewsmartphones,GPScanworkwiththehelpofnetworkconnection (Wi-Fi/Cellular), but according to the company’s requirement, in thisresearch,usingunsecurednetworkconnectionisnotacceptable.Fortheindoortest,twotypesofbuildingswereconsidered:

1. BuildingType1: represents buildings that had narrowwalls andwere builtwithmaterialspreviouslymentionedsuchasstoneorwoodwithcork.Thesebuildings were separated at least 25 metres from other buildings.Furthermore,theirlocationwasnotinaparticularlypopulatedarea.

2. BuildingType2:unliketype1,thesebuildingshadwidewallsbutwerebuiltwith the samematerials. In this case, these buildings were separated by amaximumof15metresfromotherbuildings.

A)Indoorlocation1(fifthfloor) B)Indoorlocation2(secondfloor)

25

C)Indoorlocation3(secondfloor) D)Indoorlocation4(firstfloor)

Figure13. ApplicationaccesstotheGPSsignal.AandBbelongstotype1,while,CandDbelongstotype2buildings.

As depicted in the Figure 13, in indoor locations A and B (Type 1 buildings) thesmartphone’s built-in GPS signalwas reachable by LBCA applicationmore frequently.When thedistance fromwindowsreached5metres, thesignal reachabilitydecreased.Aftertwelvemetres,thesignalwascompletelyunreachable.IncontrastinlocationsCandD(Type2Buildings),theGPSsignalwasonlyreachableifthedevicewasvery close to thewindowsorbalconies.Although reachabilitywasnotalwaysenabled.

26

Figure14.Mobileapplicationaccessibilityindoors.

As it is shown in Figure 14, it can be observed that access to themobile applicationincreases as device moves closer to the “outside”, that is, the window or balcony.AccessibilityinType1buildingstendedtobemaintaineduntil8to11metresfromtheoutside,whileinType2buildingsaccessibilitywasmaintaineduntilonly3to5metres.And this further proves that GPS cannot provide the acceptable functionality of theproposed algorithm. To improve this shortcoming, an extension technique has beendevised to ease theaccess to theapplicationwhen theuser is inside thebuildingandGPSsignaliseitherpoororunavailable.

5.3DistanceCalculationUsingStoredLocationinALDBTo enable user access to the mobile application for indoor scenarios a method isimplementedforcalculatingdistanceusingthelastlocationinformationstoredinALDB.Accordingtothenewextension,atthepresenceoftheGPSsignal,theapplicationshouldreadthelocationoftheGPStogetherwiththetimethatcollectstheGPSinformationandsave them in ALDB data base. The application will use the latest stored locationinformationinordertocomputethedistance,whentheGPSsignalisnotavailable.Thisaccesshoweverislimited.Thelocationinformationisonlyvalidforagivenperiodoftime,afterthattimelimit,thelocationinformationstoredinALDBcannotbeusedfordistance calculation.To access the application, a fresh location reading is needed thatmustbedonebythebuilt-inGPS.

0

10

20

30

40

50

60

70

80

90

100

0-3 3-5 5-8 8-11 11-13 13-15 >15

PercentageSuccess%

Distancefromwindowsorbalconiesinmeters

MobileApplicationAccessibility

BuildingsType1

BuildingsType2

27

6.DiscussionFromtheresultsobtainedinthisresearch,itcanbestatedthatallowingaccessibilitytoamobile application using only GPS location information and internal data storage ispossible. However, this solution demonstrates that the accessibility does not alwayshappenespeciallywhentheuserisinsideabuildingandalsoattheborderofaccuracyrange(5km).ItalsohasbeenshownthatGPSreachabilityisextremelypoorforusingitindoor.Somecases theGPScanstillprovideagoodapproximationof theuser location,but it isnotpossible toknowhowaccurate theGPScanwork indifferentbuildings(seeFigure13and14).AnextensionfortheproposedalgorithmwaspartlysolvedtheproblemofunavailableGPS signal. This solution calculates distances using the last stored location and limitsaccesstothemobileapplicationforagivenperiodoftime.Althoughtheextensionisnotabletocompletelysolvetheproblem,itstillprovidessomeflexibilityforthecasewherehigh security issues prohibit accessing to the network. This solution is implementedbecause,LBCA’suserscanonlyaccessnetworkinthemainofficeandthusnonetwork-basedsolutioncanbeintegrated.

7.ConclusionsThis Thesis presented the best way to protect sensitive data stored in a mobileapplication in offline mode. To do so, a mobile application was implemented foracquiring location information using only a smartphone without the need of anyexternalhardware.Todemonstratethefeasibilityofthemobileapplication,severaltestswereperformedinoutdoorandindoorlocations.Asexpected,theapplicationwasnotworkingproperlyatindoor locations. Therefore, enhancing the solution to protect data and, at the sametime,workingindoorswasexpected.After implementing an extension, it was possible to improve the functionality of thealgorithmbutanimportantthingtoconcludeisthattheindoorlocationissuemightnotbe solved using only a smartphone. Some other technology must be integrated tocompletetheworkasBLEbeaconemitter,Wi-Fiand3G/4G.FromTable2, it canbededuced that the significant differencebetween theproposedsolutiononthispaper,andthepreviouslystudiesistheonlyuseofthesmartphoneanditsbuilt-inGPS.

28

7.1FutureworkThisresearchisintendedtobeusedinbothoutdoorsandindoorslocation.Toachievethebestresultsforboth,theindoorlocationmustbeimproved.Usingextrahardware,like Bluetooth beaconing can be another way to improve the functionality of theproposed algorithm. In case of using the network connectivity, the main issue is toinvestigatemore on the network security for the application that needs high level ofdataprotection.

29

References

1. Russello,Giovanni,etal. "MOSES:supportingoperationmodesonsmartphones."Proceedings of the 17th ACM symposium on Access Control Models andTechnologies,2012.

2. Summers, G. Data and databases. In: Koehne, H Developing Databases withAccess:NelsonAustraliaPtyLimited.p4-5,2004.

3. Chien,Hung-Yu,andChe-HaoChen."Aremoteauthenticationschemepreservinguser anonymity." 19th International Conference on Advanced InformationNetworking and Applications (AINA'05) Volume 1 (AINA papers). Vol. 2. IEEE,2005.

4. Pingley,Aniket, et al. "Acontext-aware scheme forprivacy-preserving location-basedservices."ComputerNetworks56.11,pp.2551-2568,2012.

5. Studer, Ahren, and Adrian Perrig. "Mobile user location-specific encryption(MULE): using your office as your password." Proceedings of the third ACMconferenceonWirelessnetworksecurity.ACM,2010.

6. Tseng, Chih-Hsiung, and Sheng-Tzong Cheng. "Location management schemewithWLANpositioning algorithm for integratedwireless networks." ComputerCommunications31.18,pp.4304-4311,2008.

7. Cheng, Hui, et al. "A review of personal communications services." YoungComputer Scientists, 2008. ICYCS 2008. The 9th International Conference for.IEEE,2008.

8. Bertino,E.,Catania,B.,Damiani,M.L.,&Perlasca,P.GEO-RBAC:aspatiallyawareRBAC.InProceedingsofthetenthACMsymposiumonAccesscontrolmodelsandtechnologies,pp.29-37,2005.

9. Liao. Hsien-Chou, et al. "A location-dependent data encryption approach forenhancing mobile information system security." The 9th InternationalConferenceonAdvancedCommunicationTechnology.Vol.1.IEEE,2007.

10. FengZhang,AronKondoro,andSeadMuftic."Location-basedauthenticationandauthorization using smart phones." 2012IEEE11thInternationalConferenceonTrust,SecurityandPrivacyinComputingandCommunications.IEEE,2012.

11. Albayram. Y, et al. "A location-based authentication system leveragingsmartphones." 2014 IEEE 15th International Conference on Mobile DataManagement.Vol.1.IEEE,2014.

12. Choi.M, et al. "Location based authentication scheme using BLE for highperformancedigitalcontentmanagementsystem."Neurocomputing209:pp.25-38,2016

13. Hintze,Daniel,etal."Location-basedriskassessmentformobileauthentication."Proceedings of the 2016 ACM International Joint Conference on Pervasive andUbiquitousComputing:Adjunct.ACM,2016.

14. Hintze,Daniel,etal."Mobiledeviceusagecharacteristics:Theeffectofcontextandformfactoronlockedandunlockedusage."Proceedingsofthe12thInternationalConferenceonAdvancesinMobileComputingandMultimedia.ACM,2014.

30

15. FaragherRamseyandRobertHarle."Locationfingerprintingwithbluetoothlowenergy beacons." IEEE Journal on Selected Areas in Communications 33.11: pp.2418-2428,2015.

16. Mell,Peter,andTimGrance."TheNISTdefinitionofcloudcomputing."(2011).17. Al-Daraiseh,AhmadA.,etal."Effectivenessofiphone’stouchid:Ksacasestudy."

EditorialPreface6.1,2015.18. Monperrus,Martin,etal."Whatshoulddevelopersbeawareof?Anempirical

studyonthedirectivesofAPIdocumentation."EmpiricalSoftwareEngineering17.6:pp.703-737,(2012).

19. Kifana,BennyDwi,andMamanAbdurohman."GreatCircleDistanceMethodeforImproving Operational Control System Based on GPS Tracking System."InternationalJournalonComputerScienceandEngineering(IJCSE)4.04:pp.647-662,2012.

20. Chopde, Nitin R., and M. Nichat. "Landmark based shortest path detection byusingA*andHaversine formula." InternationalJournalofInnovativeResearchinComputerandCommunicationEngineering1.2:pp.298-302,2013.

21. Ahmed, M., and T. Hegazy. "Comparison among indoor location-basedtechnologiesforconstructionandinfrastructureapplications."CSCE2008AnnualConference,Québec,Que.,Canada.2008.

22. Hightower,G.Borriello,Locationsystemsforubiquitouscomputing,Computer34(8)pp.57–66,2001.

23. H.M.Khoury,V.R.Kamat,Evaluationofpositiontrackingtechnologiesforuserlo-calization in indoor construction environments,Automation inConstruction18(4)pp.444–457,2009.

24. Friedman,Batya,etal."Users'conceptionsofwebsecurity:acomparativestudy."CHI'02extendedabstractsonHumanfactorsincomputingsystems.ACM,2002.

25. Bülthoff,Frederik,andMariaMaleshkova."RESTfulorRESTless–CurrentStateofToday’s Top Web APIs." European Semantic Web Conference. SpringerInternationalPublishing,2014.

26. Gonzalez-Sanchez, Javier, and Maria Elena Chavez-Echeagaray. "iPhoneapplication development." Proceedings of the ACM international conferencecompaniononObjectorientedprogrammingsystemslanguagesandapplicationscompanion.ACM,2010.

27. Hermes,Dan."MobileDevelopmentUsingXamarin."XamarinMobileApplicationDevelopment.Apress,2015.1-8.

28. Kohli,Sanjai,andStevenChen."GPScarnavigationsystem."U.S.PatentNo.6,041,280.21Mar.2000.