Truong, Hien Thi Thu and Gao, Xiang and Shrestha, Babins and Saxena, Nitesh and Asokan, N. and Nurmi, Petteri (2015) Using contextual co-presence to strengthen Zero-Interaction Authentication:Design, integration and usability. Pervasive and Mobile Computing, 16 (B). pp. 187-204. ISSN 1574-1192
Full text not available from this repository.Abstract
Zero-Interaction Authentication (ZIA) refers to approaches that authenticate a user to a verifier (terminal) without any user interaction. Currently deployed ZIA solutions are predominantly based on the terminal detecting the proximity of the user’s personal device, or a security token, by running an authentication protocol over a short-range wireless communication channel. Unfortunately, this simple approach is highly vulnerable to low-cost and practical relay attacks which completely offset the usability benefits of ZIA. The use of contextual information, gathered via on-board sensors, to detect the co-presence of the user and the verifier is a recently proposed mechanism to resist relay attacks. In this paper, we systematically investigate the performance of different sensor modalities for co-presence detection with respect to a standard Dolev–Yao adversary. First, using a common data collection framework run in realistic everyday settings, we compare the performance of four commonly available sensor modalities (WiFi, Bluetooth, GPS, and audio) in resisting ZIA relay attacks, and find that WiFi is better than the rest. Second, we show that, compared to any single modality, fusing multiple modalities improves resilience against ZIA relay attacks while retaining a high level of usability. Third, we motivate the need for a stronger adversarial model to characterize an attacker who can compromise the integrity of context sensing itself. We show that in the presence of such a powerful attacker, each individual sensor modality offers very low security. Positively, the use of multiple sensor modalities improves security against such an attacker if the attacker cannot compromise multiple modalities simultaneously. Finally, based on our analysis, we integrate our contextual co-presence detection system with a real-world ZIA application, BlueProximity [1], so as to enhance its security against relay attacks. We describe the design of the BlueProximity++ application and present results from a small-scale user study that evaluated its effectiveness.