Using contextual co-presence to strengthen Zero-Interaction Authentication:Design, integration and usability

Truong, Hien Thi Thu and Gao, Xiang and Shrestha, Babins and Saxena, Nitesh and Asokan, N. and Nurmi, Petteri (2015) Using contextual co-presence to strengthen Zero-Interaction Authentication:Design, integration and usability. Pervasive and Mobile Computing, 16 (B). pp. 187-204. ISSN 1574-1192

Full text not available from this repository.

Abstract

Zero-Interaction Authentication (ZIA) refers to approaches that authenticate a user to a verifier (terminal) without any user interaction. Currently deployed ZIA solutions are predominantly based on the terminal detecting the proximity of the user’s personal device, or a security token, by running an authentication protocol over a short-range wireless communication channel. Unfortunately, this simple approach is highly vulnerable to low-cost and practical relay attacks which completely offset the usability benefits of ZIA. The use of contextual information, gathered via on-board sensors, to detect the co-presence of the user and the verifier is a recently proposed mechanism to resist relay attacks. In this paper, we systematically investigate the performance of different sensor modalities for co-presence detection with respect to a standard Dolev–Yao adversary. First, using a common data collection framework run in realistic everyday settings, we compare the performance of four commonly available sensor modalities (WiFi, Bluetooth, GPS, and audio) in resisting ZIA relay attacks, and find that WiFi is better than the rest. Second, we show that, compared to any single modality, fusing multiple modalities improves resilience against ZIA relay attacks while retaining a high level of usability. Third, we motivate the need for a stronger adversarial model to characterize an attacker who can compromise the integrity of context sensing itself. We show that in the presence of such a powerful attacker, each individual sensor modality offers very low security. Positively, the use of multiple sensor modalities improves security against such an attacker if the attacker cannot compromise multiple modalities simultaneously. Finally, based on our analysis, we integrate our contextual co-presence detection system with a real-world ZIA application, BlueProximity [1], so as to enhance its security against relay attacks. We describe the design of the BlueProximity++ application and present results from a small-scale user study that evaluated its effectiveness.

Item Type:
Journal Article
Journal or Publication Title:
Pervasive and Mobile Computing
Additional Information:
Selected Papers from the Twelfth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom 2014)
Uncontrolled Keywords:
/dk/atira/pure/subjectarea/asjc/2600/2604
Subjects:
ID Code:
123742
Deposited By:
Deposited On:
23 Feb 2018 15:14
Refereed?:
Yes
Published?:
Published
Last Modified:
20 May 2020 06:03