Home > Research > Publications & Outputs > Using contextual co-presence to strengthen Zero...

Research

Links

Text available via DOI:

Keywords

View graph of relations

Using contextual co-presence to strengthen Zero-Interaction Authentication: Design, integration and usability

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Published
  • Hien Thi Thu Truong
  • Xiang Gao
  • Babins Shrestha
  • Nitesh Saxena
  • N. Asokan
  • Petteri Nurmi
Close
More...
<mark>Journal publication date</mark>01/2015
<mark>Journal</mark>Pervasive and Mobile Computing
Issue numberB
Volume16
Number of pages18
Pages (from-to)187-204
Publication StatusPublished
Early online date29/10/14
<mark>Original language</mark>English

Abstract

Zero-Interaction Authentication (ZIA) refers to approaches that authenticate a user to a verifier (terminal) without any user interaction. Currently deployed ZIA solutions are predominantly based on the terminal detecting the proximity of the user’s personal device, or a security token, by running an authentication protocol over a short-range wireless communication channel. Unfortunately, this simple approach is highly vulnerable to low-cost and practical relay attacks which completely offset the usability benefits of ZIA. The use of contextual information, gathered via on-board sensors, to detect the co-presence of the user and the verifier is a recently proposed mechanism to resist relay attacks.

In this paper, we systematically investigate the performance of different sensor modalities for co-presence detection with respect to a standard Dolev–Yao adversary. First, using a common data collection framework run in realistic everyday settings, we compare the performance of four commonly available sensor modalities (WiFi, Bluetooth, GPS, and audio) in resisting ZIA relay attacks, and find that WiFi is better than the rest. Second, we show that, compared to any single modality, fusing multiple modalities improves resilience against ZIA relay attacks while retaining a high level of usability. Third, we motivate the need for a stronger adversarial model to characterize an attacker who can compromise the integrity of context sensing itself. We show that in the presence of such a powerful attacker, each individual sensor modality offers very low security. Positively, the use of multiple sensor modalities improves security against such an attacker if the attacker cannot compromise multiple modalities simultaneously.

Finally, based on our analysis, we integrate our contextual co-presence detection system with a real-world ZIA application, BlueProximity [1], so as to enhance its security against relay attacks. We describe the design of the BlueProximity++ application and present results from a small-scale user study that evaluated its effectiveness.

Bibliographic note

Selected Papers from the Twelfth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom 2014)