Name
Abstract | ||
|---|---|---|
Context-centric sensor-based proximity detection (or, contextual co-presence detection) is a promising approach to defend against
<italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">relay attacks</italic>
in many mobile authentication systems, especially against
<italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">unattended terminals</italic>
(such as cars parked in unmonitored parking lots, remote gas station pumps, or stolen laptops). Prior work demonstrated the effectiveness of a variety of contextual sensor modalities for this purpose, including audio-radio environment (ambient audio, Wi-Fi, Bluetooth, and GPS, and combinations thereof) and physical environment (temperature, humidity, gas, and altitude, and combinations thereof). In this paper, we present a systematic assessment of such co-presence detection in the presence of a strong, context-manipulating attacker against unattended terminals.
<italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">First</italic>
, we show that it is feasible to
<italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">manipulate</italic>
,
<italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">consistently control</italic>
, and
<italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">stabilize</italic>
the readings of different acoustic and physical environment sensors (and even multiple sensors simultaneously) using low-cost, off-the-shelf equipment. Specifically, we show that it is possible to control the temperature using a home-grade hair dryer, affect the gas readings using a smoking cigarette, impact the altitude/pressure with a simple air compressor, or relay audio signals recorded at one end to the other thereby causing both sides to perceive a very similar acoustic environment.
<italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Second</italic>
, based on these capabilities and the strengthened threat model, we show that an attacker who can manipulate the context gains a significant advantage in defeating contextual co-presence detection. For systems that use multiple sensors, we investigate two sensor fusion approaches based on machine learning classification techniques—
<italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">features-fusion</italic>
and
<italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">decisions-fusion</italic>
, and show that both are vulnerable to context manipulation attacks but the latter approach can be more resistant in some cases. We further consider other defensive approaches that may be used to reduce the impact of even such a strong context-manipulating attacker. Our work represents the first concrete step towards analyzing, extending, and systematizing prior work on contextual co-presence detection under a stronger, but realistic adversarial model. |
Year | DOI | Venue |
|---|---|---|
2019 | 10.1109/TMC.2018.2839604 | IEEE Trans. Mob. Comput. |
Keywords | Field | DocType |
Authentication,Relays,Context modeling,Protocols,Temperature sensors,Wireless fidelity | Audio signal,Authentication,Computer science,Threat model,Computer network,Sensor fusion,Context model,Real-time computing,Global Positioning System,Relay,Bluetooth | Journal |
Volume | Issue | ISSN |
18 | 2 | 1536-1233 |
Citations | PageRank | References |
0 | 0.34 | 0 |
Authors | ||
4 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Babins Shrestha | 1 | 83 | 6.83 |
| Nitesh Saxena | 2 | 1204 | 82.45 |
| Hien Thi Thu Truong | 3 | 44 | 6.12 |
| N. Asokan | 4 | 2889 | 211.44 |