Proximity-Proof: Secure and Usable Mobile Two-Factor Authentication
Explore the implementation of secure and user-friendly mobile two-factor authentication solutions, adding an extra layer of security to online accounts. Learn about the motivation behind commercial 2FA solutions and the importance of user involvement in enhancing security measures.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Proximity-Proof: Secure and Usable Mobile Two-Factor Authentication Dianqi Han1, Yimin Chen1, Tao Li1, Rui Zhang2, Yanchao Zhang1, Terri Hedgpeth1 1 2 MobiCom 2018
Motivation Commercial mobile two-factor authentication(2FA) solutions
Motivation Commercial mobile two-factor authentication(2FA) solutions Mobile 2FA adds your smartphone or other mobile devices as the second layer of security to your online accounts.
Motivation Commercial mobile 2FA solutions
Motivation Commercial mobile 2FA solutions ID and password password ID and
Motivation Commercial mobile 2FA solutions 2FA challenge
Motivation Commercial mobile 2FA solutions response challenge response
Motivation Commercial mobile 2FA solutions response response response challenge response
Motivation Commercial mobile 2FA solutions
Motivation Commercial mobile 2FA solutions Require user involvement
Motivation Automatic mobile 2FA solutions response response response challenge response
Motivation Automatic mobile 2FA solutions 2FA response challenge
Motivation Automatic mobile 2FA solutions 2FA response challenge
Motivation Automatic mobile 2FA solutions 2FA response challenge
Motivation Co-located Attack Man-in-the-Middle(MiM) Attack
Goals Usableno user involvement Securerobust against potential attacks Deployable easily deployed Compatible integrated into commercial 2FA solutions
Why acoustic channel is vulnerable? Ambiguity of Audio Sources Co-located Attackers
Countermeasures Ambiguity of Audio Sources Co-located Attackers
Countermeasures Ambiguity of Audio Sources Co-located Attackers Device Identification
Countermeasures Ambiguity of Audio Sources Co-located Attackers Device Identification Proximity Verification
Proximity-Proof Device Identification Proximity Verification
Proximity-Proof 2FA Response Transmission Device Identification Proximity Verification
Proximity-Proof 2FA Response Transmission Device Identification Proximity Verification transmit 2FA response via acoustic channels acoustic fingerprint of the phone (audio source) cross-device ranging
2FA Response Transmission (MobiCom 16) OFDM On-Off Keying Reed-Solomon Coding 19.6 19.8 18 18.2 18.4 20 Frequency (KHz)
Acoustic Fingerprint Frequency response curve
Acoustic Fingerprint Frequency response curve
Acoustic Fingerprint Challenge
Acoustic Fingerprint Challenge
Acoustic Fingerprint Challenge
Acoustic Fingerprint Fingerprinting method
Acoustic Fingerprint Fingerprinting method
Acoustic Fingerprint Fingerprinting method
Cross-Device Ranging Beep-Beep [1] no synchronization [1] C. Peng et.al., Sensys, 2007
Proximity-Proof acoustic fingerprint cross-device ranging enrolled phone proximity
Proximity-Proof acoustic fingerprint cross-device ranging enrolled phone proximity possession of enrolled phone
Proximity-Proof acoustic fingerprint cross-device ranging enrolled phone proximity possession of enrolled phone legal user
Evaluation Security MiM attack Co-located attack Usability Latency User experience
Evaluation: Security MiM attack The distance is always larger than our pre-defined threshold ( =0.4); In 100 attempts, no attempt succeeds.
Evaluation: Security Co-located attack For legal login requests, the authentication succeeds for at least 98% of the cases; For co-located attack, almost none of the authentication attempts can succeed.
Evaluation: Usability Latency Duo latency: Duo push, 7.4s; passcode 10.6s; phone call, 30s; Proximity-Proof: The authentication latency is less than 2.5s; Increasing the passcode length does not noticeably increase the authentication latency.
Evaluation: Usability User experience Q1 whether Proximity-Proof is easy to use Q2 whether Proximity-proof is faster than Duo Q3 whether Duo is not user friendly Q4 any obtrusive noise from Proximity-Proof Q5 preference of Proximity-Proof (1. strongly disagree; 2. disagree; 3. neutral; 4. agree; 5. strongly agree.)
Conclusion Proximity-Proof is deployable and compatible; Proximity-Proof is a zero-effort mobile 2FA solution; Proximity-Proof is secure against co-located attack and MiM attack.