TY - GEN
T1 - Proximity-proof
T2 - 24th Annual International Conference on Mobile Computing and Networking, MobiCom 2018
AU - Han, Dianqi
AU - Chen, Yimin
AU - Li, Tao
AU - Zhang, Rui
AU - Zhang, Yaochao
AU - Hedgpeth, Terri
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
Copyright:
Copyright 2019 Elsevier B.V., All rights reserved.
PY - 2018/10/15
Y1 - 2018/10/15
N2 - Mobile two-factor authentication (2FA) has become commonplace along with the popularity of mobile devices. Current mobile 2FA solutions all require some form of user effort which may seriously affect the experience of mobile users, especially senior citizens or those with disability such as visually impaired users. In this paper, we propose Proximity- Proof, a secure and usable mobile 2FA system without involving user interactions. Proximity-Proof automatically transmits a user's 2FA response via inaudible OFDM-modulated acoustic signals to the login browser. We propose a novel technique to extract individual speaker and microphone fingerprints of a mobile device to defend against the powerful man-in-the-middle (MiM) attack. In addition, Proximity- Proof explores two-way acoustic ranging to thwart the colocated attack. To the best of our knowledge, Proximity-Proof is the first mobile 2FA scheme resilient to the MiM and colocated attacks.We empirically analyze that Proximity-Proof is at least as secure as existing mobile 2FA solutions while being highly usable. We also prototype Proximity-Proof and confirm its high security, usability, and efficiency through comprehensive user experiments.
AB - Mobile two-factor authentication (2FA) has become commonplace along with the popularity of mobile devices. Current mobile 2FA solutions all require some form of user effort which may seriously affect the experience of mobile users, especially senior citizens or those with disability such as visually impaired users. In this paper, we propose Proximity- Proof, a secure and usable mobile 2FA system without involving user interactions. Proximity-Proof automatically transmits a user's 2FA response via inaudible OFDM-modulated acoustic signals to the login browser. We propose a novel technique to extract individual speaker and microphone fingerprints of a mobile device to defend against the powerful man-in-the-middle (MiM) attack. In addition, Proximity- Proof explores two-way acoustic ranging to thwart the colocated attack. To the best of our knowledge, Proximity-Proof is the first mobile 2FA scheme resilient to the MiM and colocated attacks.We empirically analyze that Proximity-Proof is at least as secure as existing mobile 2FA solutions while being highly usable. We also prototype Proximity-Proof and confirm its high security, usability, and efficiency through comprehensive user experiments.
KW - Mobile Security
KW - Speaker and Microphone Fingerprinting
KW - Two-Factor Authentication
KW - Usability
UR - http://www.scopus.com/inward/record.url?scp=85056900516&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85056900516&partnerID=8YFLogxK
U2 - 10.1145/3241539.3241574
DO - 10.1145/3241539.3241574
M3 - Conference contribution
AN - SCOPUS:85056900516
T3 - Proceedings of the Annual International Conference on Mobile Computing and Networking, MOBICOM
SP - 401
EP - 415
BT - MobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking
PB - Association for Computing Machinery
Y2 - 29 October 2018 through 2 November 2018
ER -