User Authentication Protocol Based on the Location Factor for a Mobile Environment

The way the internet is used by billions of users around the world has been revolutionized by mobile devices. The capabilities of smartphones are constantly growing, and the number of services available for mobile devices is also increasing. This undeniable trend makes smartphones terminals for accessing services that process confidential data, which make smartphones priceless targets of cyberattacks. Along with an increasing number of mobile services, the methods of securing the confidentiality, integrity and availability of systems used have also evolved and adapted to the capabilities of a mobile environment. One of the important security services is the user authentication process. This process often implements the postulates of strong authentication, multistage authentication based on factors from the knowledge, position and inherence categories. Unfortunately, the implementation of the factors belonging to these categories is not always possible due to the limitations of smartphones, such as the lack of interfaces for the implementation of biometrics or environmental factors - problems with network or internet access in various countries and regions. Therefore, there is a need to analyse the possibility of implementing a strong authentication process based on additional information about users, e.g., based on location data. The article analyses the requirements for the authentication process and authentication factors. Based on the performed analysis, the criteria that each authentication factor must meet were defined. This article presents a proposal for a user authentication protocol based on the location factor for a mobile environment. The method can be used in the case of problems with the implementation of strong authentication or as an additional authentication factor that increases the security of the user identity confirmation process. The presented protocol has been analysed in terms of performance, security and compliance with the requirements related to the authentication factors.