Proximity-proof: Secure and usable mobile two-factor authentication

Dianqi Han, Yimin Chen, Tao Li, Rui Zhang, Yaochao Zhang, Terri Hedgpeth

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Mobile two-factor authentication (2FA) has become commonplace along with the popularity of mobile devices. Current mobile 2FA solutions all require some form of user effort which may seriously affect the experience of mobile users, especially senior citizens or those with disability such as visually impaired users. In this paper, we propose Proximity- Proof, a secure and usable mobile 2FA system without involving user interactions. Proximity-Proof automatically transmits a user's 2FA response via inaudible OFDM-modulated acoustic signals to the login browser. We propose a novel technique to extract individual speaker and microphone fingerprints of a mobile device to defend against the powerful man-in-the-middle (MiM) attack. In addition, Proximity- Proof explores two-way acoustic ranging to thwart the colocated attack. To the best of our knowledge, Proximity-Proof is the first mobile 2FA scheme resilient to the MiM and colocated attacks.We empirically analyze that Proximity-Proof is at least as secure as existing mobile 2FA solutions while being highly usable. We also prototype Proximity-Proof and confirm its high security, usability, and efficiency through comprehensive user experiments.

    Original languageEnglish (US)
    Title of host publicationMobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking
    PublisherAssociation for Computing Machinery
    Pages401-415
    Number of pages15
    ISBN (Electronic)9781450359030
    DOIs
    StatePublished - Oct 15 2018
    Event24th Annual International Conference on Mobile Computing and Networking, MobiCom 2018 - New Delhi, India
    Duration: Oct 29 2018Nov 2 2018

    Other

    Other24th Annual International Conference on Mobile Computing and Networking, MobiCom 2018
    CountryIndia
    CityNew Delhi
    Period10/29/1811/2/18

    Fingerprint

    Mobile devices
    Authentication
    Acoustics
    Microphones
    Orthogonal frequency division multiplexing
    Experiments

    Keywords

    • Mobile Security
    • Speaker and Microphone Fingerprinting
    • Two-Factor Authentication
    • Usability

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Hardware and Architecture
    • Software

    Cite this

    Han, D., Chen, Y., Li, T., Zhang, R., Zhang, Y., & Hedgpeth, T. (2018). Proximity-proof: Secure and usable mobile two-factor authentication. In MobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking (pp. 401-415). Association for Computing Machinery. https://doi.org/10.1145/3241539.3241574

    Proximity-proof : Secure and usable mobile two-factor authentication. / Han, Dianqi; Chen, Yimin; Li, Tao; Zhang, Rui; Zhang, Yaochao; Hedgpeth, Terri.

    MobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. Association for Computing Machinery, 2018. p. 401-415.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Han, D, Chen, Y, Li, T, Zhang, R, Zhang, Y & Hedgpeth, T 2018, Proximity-proof: Secure and usable mobile two-factor authentication. in MobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. Association for Computing Machinery, pp. 401-415, 24th Annual International Conference on Mobile Computing and Networking, MobiCom 2018, New Delhi, India, 10/29/18. https://doi.org/10.1145/3241539.3241574
    Han D, Chen Y, Li T, Zhang R, Zhang Y, Hedgpeth T. Proximity-proof: Secure and usable mobile two-factor authentication. In MobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. Association for Computing Machinery. 2018. p. 401-415 https://doi.org/10.1145/3241539.3241574
    Han, Dianqi ; Chen, Yimin ; Li, Tao ; Zhang, Rui ; Zhang, Yaochao ; Hedgpeth, Terri. / Proximity-proof : Secure and usable mobile two-factor authentication. MobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. Association for Computing Machinery, 2018. pp. 401-415
    @inproceedings{0a145f4291d04fb399cdc79b0ab4f69b,
    title = "Proximity-proof: Secure and usable mobile two-factor authentication",
    abstract = "Mobile two-factor authentication (2FA) has become commonplace along with the popularity of mobile devices. Current mobile 2FA solutions all require some form of user effort which may seriously affect the experience of mobile users, especially senior citizens or those with disability such as visually impaired users. In this paper, we propose Proximity- Proof, a secure and usable mobile 2FA system without involving user interactions. Proximity-Proof automatically transmits a user's 2FA response via inaudible OFDM-modulated acoustic signals to the login browser. We propose a novel technique to extract individual speaker and microphone fingerprints of a mobile device to defend against the powerful man-in-the-middle (MiM) attack. In addition, Proximity- Proof explores two-way acoustic ranging to thwart the colocated attack. To the best of our knowledge, Proximity-Proof is the first mobile 2FA scheme resilient to the MiM and colocated attacks.We empirically analyze that Proximity-Proof is at least as secure as existing mobile 2FA solutions while being highly usable. We also prototype Proximity-Proof and confirm its high security, usability, and efficiency through comprehensive user experiments.",
    keywords = "Mobile Security, Speaker and Microphone Fingerprinting, Two-Factor Authentication, Usability",
    author = "Dianqi Han and Yimin Chen and Tao Li and Rui Zhang and Yaochao Zhang and Terri Hedgpeth",
    year = "2018",
    month = "10",
    day = "15",
    doi = "10.1145/3241539.3241574",
    language = "English (US)",
    pages = "401--415",
    booktitle = "MobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking",
    publisher = "Association for Computing Machinery",

    }

    TY - GEN

    T1 - Proximity-proof

    T2 - Secure and usable mobile two-factor authentication

    AU - Han, Dianqi

    AU - Chen, Yimin

    AU - Li, Tao

    AU - Zhang, Rui

    AU - Zhang, Yaochao

    AU - Hedgpeth, Terri

    PY - 2018/10/15

    Y1 - 2018/10/15

    N2 - Mobile two-factor authentication (2FA) has become commonplace along with the popularity of mobile devices. Current mobile 2FA solutions all require some form of user effort which may seriously affect the experience of mobile users, especially senior citizens or those with disability such as visually impaired users. In this paper, we propose Proximity- Proof, a secure and usable mobile 2FA system without involving user interactions. Proximity-Proof automatically transmits a user's 2FA response via inaudible OFDM-modulated acoustic signals to the login browser. We propose a novel technique to extract individual speaker and microphone fingerprints of a mobile device to defend against the powerful man-in-the-middle (MiM) attack. In addition, Proximity- Proof explores two-way acoustic ranging to thwart the colocated attack. To the best of our knowledge, Proximity-Proof is the first mobile 2FA scheme resilient to the MiM and colocated attacks.We empirically analyze that Proximity-Proof is at least as secure as existing mobile 2FA solutions while being highly usable. We also prototype Proximity-Proof and confirm its high security, usability, and efficiency through comprehensive user experiments.

    AB - Mobile two-factor authentication (2FA) has become commonplace along with the popularity of mobile devices. Current mobile 2FA solutions all require some form of user effort which may seriously affect the experience of mobile users, especially senior citizens or those with disability such as visually impaired users. In this paper, we propose Proximity- Proof, a secure and usable mobile 2FA system without involving user interactions. Proximity-Proof automatically transmits a user's 2FA response via inaudible OFDM-modulated acoustic signals to the login browser. We propose a novel technique to extract individual speaker and microphone fingerprints of a mobile device to defend against the powerful man-in-the-middle (MiM) attack. In addition, Proximity- Proof explores two-way acoustic ranging to thwart the colocated attack. To the best of our knowledge, Proximity-Proof is the first mobile 2FA scheme resilient to the MiM and colocated attacks.We empirically analyze that Proximity-Proof is at least as secure as existing mobile 2FA solutions while being highly usable. We also prototype Proximity-Proof and confirm its high security, usability, and efficiency through comprehensive user experiments.

    KW - Mobile Security

    KW - Speaker and Microphone Fingerprinting

    KW - Two-Factor Authentication

    KW - Usability

    UR - http://www.scopus.com/inward/record.url?scp=85056900516&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85056900516&partnerID=8YFLogxK

    U2 - 10.1145/3241539.3241574

    DO - 10.1145/3241539.3241574

    M3 - Conference contribution

    SP - 401

    EP - 415

    BT - MobiCom 2018 - Proceedings of the 24th Annual International Conference on Mobile Computing and Networking

    PB - Association for Computing Machinery

    ER -