Proximity-proof: Secure and usable mobile two-factor authentication

Dianqi Han, Yimin Chen, Tao Li, Rui Zhang, Yaochao Zhang, Terri Hedgpeth

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

Mobile two-factor authentication (2FA) has become commonplace along with the popularity of mobile devices. Current mobile 2FA solutions all require some form of user effort which may seriously affect the experience of mobile users, especially senior citizens or those with disability such as visually impaired users. In this paper, we propose Proximity- Proof, a secure and usable mobile 2FA system without involving user interactions. Proximity-Proof automatically transmits a user's 2FA response via inaudible OFDM-modulated acoustic signals to the login browser. We propose a novel technique to extract individual speaker and microphone fingerprints of a mobile device to defend against the powerful man-in-the-middle (MiM) attack. In addition, Proximity- Proof explores two-way acoustic ranging to thwart the colocated attack. To the best of our knowledge, Proximity-Proof is the first mobile 2FA scheme resilient to the MiM and colocated attacks.We empirically analyze that Proximity-Proof is at least as secure as existing mobile 2FA solutions while being highly usable. We also prototype Proximity-Proof and confirm its high security, usability, and efficiency through comprehensive user experiments.

Original languageEnglish (US)
Title of host publicationMobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking
PublisherAssociation for Computing Machinery
Pages401-415
Number of pages15
ISBN (Electronic)9781450359030
DOIs
StatePublished - Oct 15 2018
Event24th Annual International Conference on Mobile Computing and Networking, MobiCom 2018 - New Delhi, India
Duration: Oct 29 2018Nov 2 2018

Other

Other24th Annual International Conference on Mobile Computing and Networking, MobiCom 2018
CountryIndia
CityNew Delhi
Period10/29/1811/2/18

Keywords

  • Mobile Security
  • Speaker and Microphone Fingerprinting
  • Two-Factor Authentication
  • Usability

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Software

Fingerprint Dive into the research topics of 'Proximity-proof: Secure and usable mobile two-factor authentication'. Together they form a unique fingerprint.

  • Cite this

    Han, D., Chen, Y., Li, T., Zhang, R., Zhang, Y., & Hedgpeth, T. (2018). Proximity-proof: Secure and usable mobile two-factor authentication. In MobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking (pp. 401-415). Association for Computing Machinery. https://doi.org/10.1145/3241539.3241574