A secure user authentication scheme for critical mobile applications

Abstract: Smartphones have facilitated tasks in private and work life for its users. In business, employees often should manage sensitive data that unauthorised people cannot access, so some user authentication is needed to perform. Besides the normal user authentication, some employers give the right to access to the sensitive data only if the employees stay in specific locations. That makes sense for those businesses that have various construction sites and offices that are not necessarily located in the same geographical region. In those companies, the employees must be able to perform their tasks from different locations regardless of the available network infrastructure. To protect the data from intruders, this research presents a secure location-based user authentication scheme for mobile application that works offline. This research considers to enable access to the sensitive data using off-the-shelf mobile devices without adding any extra hardware and with no additional information from a fixed infrastructure. This Thesis firstly describes the architecture and attributes of the proposed solution. Then, the techniques used for the design and functionality of the solution are presented. The results of this study reveal that the proposed solution is more suitable for the applications that is used in outdoor locations. Finally, to alleviate the shortcoming of the presented technique for indoor locations, a new method has been discussed and tested. This report is a final Thesis in collaboration with SAAB. The purpose of this research is to examine the best way to protect sensitive data managed by the employees using their smartphones in different workplaces.