An Authentication Scheme Using Locations and OAuth in IoT Environments


  • Jeong-Woo Cho
  • Ki Young Lee



Authentication, IoT, Location, OAuth


Recently, in the IoT environment, along with the emergence of many devices, the necessity of protected networks accessible only to certain users has been coming to the fore. Although network authentication systems can be more easily constructed by applying the OAuth protocol to IoT network environments for authentication, secondary authentication is recognized to be essential in the case of such systems because of the fact that such systems can be easily exposed to attacks when attackers have snatched the relevant token due to the characteristics of OAuth. Authentication through locations has the advantage that the user does not have to enter, remember, or carry any data. In addition, as the IOT advances, many APs are used leading to the improvement of the accuracy of WPS. Using the foregoing, this study is intended to enable user friendly authentication by taking the advantage of OAuth and using secondary authentication through location authentication, which is relatively convenient to users.




[1] Heeman Lee, A design of authentication protocol based on group key for efficient group communication in IoT environment, Master’s Thesis. Soongsil University, Korea, 2015.

[2] Young Kyu Choi, Seon Jeong Kim, and Kang Seok Kim, "An Authentication mechanism for IoT Network based on OAuth Protocol", Korea Computer Congress 2015, vol.2015, No.6, pp.1069-1071, June 2015.

[3] Young Kyu Choi, A user authentication mechanism for IoT network based on OAuth protocol, Master’s Thesis. Ajou University, Korea, 2015.

[4] D. Hardt, The OAuth2.0 Authorization Framework, RFC6749, 2012.

[5] Overview of GPS,

[6] Simone Cirani, Marco Picone, Pietro Gonizzi, Luca Veltri and Gianluigi Ferrari, "IoT-OAS : An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios," IEEE Sensors Journal, vol.15, no.2, February 2015.

[7] Denning, D. E., & MacDoran, P. F., “Location-based authentication: Grounding cyberspace for better security,†Computer Fraud & Security, Vol.1996, No.2, pp.12-16, Feb. 1996.

[8] A. Bose and C. H. Foh, "A Practical Path Loss Model for Indoor WiFi Positioning Enhancement," in IEEE 2007 6th International Conference on Information, Communications & Signal Processing, 2007.

[9] M. McGloin and P. Hunt, OAuth 2.0 Threat Model and Security Considerations, Internet Engineering Task Force (IETF) RFC 6819, 2013.

[10] Y. Feng, and M. Sathiamoorthy,"A security analysis of the OAuth protocol", IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, pp.271-276, 2013.

View Full Article: