Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Comparing and fusing different sensor modalities for relay attack resistance in Zero-Interaction Authentication
AU - Truong, H. T. T.
AU - Gao, Xiang
AU - Shrestha, B.
AU - Saxena, N.
AU - Asokan, N.
AU - Nurmi, P.
PY - 2014/3/24
Y1 - 2014/3/24
N2 - Zero-Interaction Authentication (ZIA) refers to approaches that authenticate a user to a verifier (terminal) without any user interaction. Currently deployed ZIA solutions are predominantly based on the terminal detecting the proximity of the user's personal device, or a security token, by running an authentication protocol over a short-range wireless communication channel. Unfortunately, this simple approach is highly vulnerable to low-cost and practical relay attacks which completely offset the usability benefits of ZIA. The use of contextual information, gathered via on-board sensors, to detect the co-presence of the user and the verifier is a recently proposed mechanism to resist relay attacks. In this paper, we systematically investigate the performance of different sensor modalities for co-presence detection with respect to a standard Dolev-Yao adversary. First, using a common data collection framework run in realistic everyday settings, we compare the performance of four commonly available sensor modalities (WiFi, Bluetooth, GPS, and Audio) in resisting ZIA relay attacks, and find that WiFi is better than the rest. Second, we show that, compared to any single modality, fusing multiple modalities improves resilience against ZIA relay attacks while retaining a high level of usability. Third, we motivate the need for a stronger adversarial model to characterize an attacker who can compromise the integrity of context sensing itself. We show that in the presence of such a powerful attacker, each individual sensor modality offers very low security. Positively, the use of multiple sensor modalities improves security against such an attacker if the attacker cannot compromise multiple modalities simultaneously.
AB - Zero-Interaction Authentication (ZIA) refers to approaches that authenticate a user to a verifier (terminal) without any user interaction. Currently deployed ZIA solutions are predominantly based on the terminal detecting the proximity of the user's personal device, or a security token, by running an authentication protocol over a short-range wireless communication channel. Unfortunately, this simple approach is highly vulnerable to low-cost and practical relay attacks which completely offset the usability benefits of ZIA. The use of contextual information, gathered via on-board sensors, to detect the co-presence of the user and the verifier is a recently proposed mechanism to resist relay attacks. In this paper, we systematically investigate the performance of different sensor modalities for co-presence detection with respect to a standard Dolev-Yao adversary. First, using a common data collection framework run in realistic everyday settings, we compare the performance of four commonly available sensor modalities (WiFi, Bluetooth, GPS, and Audio) in resisting ZIA relay attacks, and find that WiFi is better than the rest. Second, we show that, compared to any single modality, fusing multiple modalities improves resilience against ZIA relay attacks while retaining a high level of usability. Third, we motivate the need for a stronger adversarial model to characterize an attacker who can compromise the integrity of context sensing itself. We show that in the presence of such a powerful attacker, each individual sensor modality offers very low security. Positively, the use of multiple sensor modalities improves security against such an attacker if the attacker cannot compromise multiple modalities simultaneously.
KW - Bluetooth
KW - Global Positioning System
KW - authorisation
KW - computer network security
KW - wireless LAN
KW - Bluetooth modality
KW - Dolev-Yao adversary
KW - GPS modality
KW - Global Positioning Systems
KW - Wi-Fi modality
KW - Wireless Fidelity
KW - ZIA usability benefits
KW - adversarial model
KW - audio modality
KW - authentication protocol
KW - contextual information
KW - data collection framework
KW - relay attack resistance
KW - security token
KW - sensor modalities
KW - short-range wireless communication channel
KW - user authentication
KW - user interaction
KW - zero-interaction authentication
KW - Context
KW - IEEE 802.11 Standards
KW - Performance evaluation
KW - Relays
KW - Sensors
U2 - 10.1109/PerCom.2014.6813957
DO - 10.1109/PerCom.2014.6813957
M3 - Conference contribution/Paper
SP - 163
EP - 171
BT - 2014 IEEE International Conference on Pervasive Computing and Communications (PerCom)
PB - IEEE
ER -