Proximity-proof

Secure and usable mobile two-factor authentication

Dianqi Han, Yimin Chen, Tao Li, Rui Zhang, Yaochao Zhang, Terri Hedgpeth

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Mobile two-factor authentication (2FA) has become commonplace along with the popularity of mobile devices. Current mobile 2FA solutions all require some form of user effort which may seriously affect the experience of mobile users, especially senior citizens or those with disability such as visually impaired users. In this paper, we propose Proximity- Proof, a secure and usable mobile 2FA system without involving user interactions. Proximity-Proof automatically transmits a user's 2FA response via inaudible OFDM-modulated acoustic signals to the login browser. We propose a novel technique to extract individual speaker and microphone fingerprints of a mobile device to defend against the powerful man-in-the-middle (MiM) attack. In addition, Proximity- Proof explores two-way acoustic ranging to thwart the colocated attack. To the best of our knowledge, Proximity-Proof is the first mobile 2FA scheme resilient to the MiM and colocated attacks.We empirically analyze that Proximity-Proof is at least as secure as existing mobile 2FA solutions while being highly usable. We also prototype Proximity-Proof and confirm its high security, usability, and efficiency through comprehensive user experiments.

Original languageEnglish (US)
Title of host publicationMobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking
PublisherAssociation for Computing Machinery
Pages401-415
Number of pages15
ISBN (Electronic)9781450359030
DOIs
StatePublished - Oct 15 2018
Event24th Annual International Conference on Mobile Computing and Networking, MobiCom 2018 - New Delhi, India
Duration: Oct 29 2018Nov 2 2018

Other

Other24th Annual International Conference on Mobile Computing and Networking, MobiCom 2018
CountryIndia
CityNew Delhi
Period10/29/1811/2/18

Fingerprint

Mobile devices
Authentication
Acoustics
Microphones
Orthogonal frequency division multiplexing
Experiments

Keywords

  • Mobile Security
  • Speaker and Microphone Fingerprinting
  • Two-Factor Authentication
  • Usability

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Software

Cite this

Han, D., Chen, Y., Li, T., Zhang, R., Zhang, Y., & Hedgpeth, T. (2018). Proximity-proof: Secure and usable mobile two-factor authentication. In MobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking (pp. 401-415). Association for Computing Machinery. https://doi.org/10.1145/3241539.3241574

Proximity-proof : Secure and usable mobile two-factor authentication. / Han, Dianqi; Chen, Yimin; Li, Tao; Zhang, Rui; Zhang, Yaochao; Hedgpeth, Terri.

MobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. Association for Computing Machinery, 2018. p. 401-415.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Han, D, Chen, Y, Li, T, Zhang, R, Zhang, Y & Hedgpeth, T 2018, Proximity-proof: Secure and usable mobile two-factor authentication. in MobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. Association for Computing Machinery, pp. 401-415, 24th Annual International Conference on Mobile Computing and Networking, MobiCom 2018, New Delhi, India, 10/29/18. https://doi.org/10.1145/3241539.3241574
Han D, Chen Y, Li T, Zhang R, Zhang Y, Hedgpeth T. Proximity-proof: Secure and usable mobile two-factor authentication. In MobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. Association for Computing Machinery. 2018. p. 401-415 https://doi.org/10.1145/3241539.3241574
Han, Dianqi ; Chen, Yimin ; Li, Tao ; Zhang, Rui ; Zhang, Yaochao ; Hedgpeth, Terri. / Proximity-proof : Secure and usable mobile two-factor authentication. MobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. Association for Computing Machinery, 2018. pp. 401-415
@inproceedings{0a145f4291d04fb399cdc79b0ab4f69b,
title = "Proximity-proof: Secure and usable mobile two-factor authentication",
abstract = "Mobile two-factor authentication (2FA) has become commonplace along with the popularity of mobile devices. Current mobile 2FA solutions all require some form of user effort which may seriously affect the experience of mobile users, especially senior citizens or those with disability such as visually impaired users. In this paper, we propose Proximity- Proof, a secure and usable mobile 2FA system without involving user interactions. Proximity-Proof automatically transmits a user's 2FA response via inaudible OFDM-modulated acoustic signals to the login browser. We propose a novel technique to extract individual speaker and microphone fingerprints of a mobile device to defend against the powerful man-in-the-middle (MiM) attack. In addition, Proximity- Proof explores two-way acoustic ranging to thwart the colocated attack. To the best of our knowledge, Proximity-Proof is the first mobile 2FA scheme resilient to the MiM and colocated attacks.We empirically analyze that Proximity-Proof is at least as secure as existing mobile 2FA solutions while being highly usable. We also prototype Proximity-Proof and confirm its high security, usability, and efficiency through comprehensive user experiments.",
keywords = "Mobile Security, Speaker and Microphone Fingerprinting, Two-Factor Authentication, Usability",
author = "Dianqi Han and Yimin Chen and Tao Li and Rui Zhang and Yaochao Zhang and Terri Hedgpeth",
year = "2018",
month = "10",
day = "15",
doi = "10.1145/3241539.3241574",
language = "English (US)",
pages = "401--415",
booktitle = "MobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking",
publisher = "Association for Computing Machinery",

}

TY - GEN

T1 - Proximity-proof

T2 - Secure and usable mobile two-factor authentication

AU - Han, Dianqi

AU - Chen, Yimin

AU - Li, Tao

AU - Zhang, Rui

AU - Zhang, Yaochao

AU - Hedgpeth, Terri

PY - 2018/10/15

Y1 - 2018/10/15

N2 - Mobile two-factor authentication (2FA) has become commonplace along with the popularity of mobile devices. Current mobile 2FA solutions all require some form of user effort which may seriously affect the experience of mobile users, especially senior citizens or those with disability such as visually impaired users. In this paper, we propose Proximity- Proof, a secure and usable mobile 2FA system without involving user interactions. Proximity-Proof automatically transmits a user's 2FA response via inaudible OFDM-modulated acoustic signals to the login browser. We propose a novel technique to extract individual speaker and microphone fingerprints of a mobile device to defend against the powerful man-in-the-middle (MiM) attack. In addition, Proximity- Proof explores two-way acoustic ranging to thwart the colocated attack. To the best of our knowledge, Proximity-Proof is the first mobile 2FA scheme resilient to the MiM and colocated attacks.We empirically analyze that Proximity-Proof is at least as secure as existing mobile 2FA solutions while being highly usable. We also prototype Proximity-Proof and confirm its high security, usability, and efficiency through comprehensive user experiments.

AB - Mobile two-factor authentication (2FA) has become commonplace along with the popularity of mobile devices. Current mobile 2FA solutions all require some form of user effort which may seriously affect the experience of mobile users, especially senior citizens or those with disability such as visually impaired users. In this paper, we propose Proximity- Proof, a secure and usable mobile 2FA system without involving user interactions. Proximity-Proof automatically transmits a user's 2FA response via inaudible OFDM-modulated acoustic signals to the login browser. We propose a novel technique to extract individual speaker and microphone fingerprints of a mobile device to defend against the powerful man-in-the-middle (MiM) attack. In addition, Proximity- Proof explores two-way acoustic ranging to thwart the colocated attack. To the best of our knowledge, Proximity-Proof is the first mobile 2FA scheme resilient to the MiM and colocated attacks.We empirically analyze that Proximity-Proof is at least as secure as existing mobile 2FA solutions while being highly usable. We also prototype Proximity-Proof and confirm its high security, usability, and efficiency through comprehensive user experiments.

KW - Mobile Security

KW - Speaker and Microphone Fingerprinting

KW - Two-Factor Authentication

KW - Usability

UR - http://www.scopus.com/inward/record.url?scp=85056900516&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85056900516&partnerID=8YFLogxK

U2 - 10.1145/3241539.3241574

DO - 10.1145/3241539.3241574

M3 - Conference contribution

SP - 401

EP - 415

BT - MobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking

PB - Association for Computing Machinery

ER -