Proximity-Proof: Secure and Usable Mobile Two-Factor Authentication

Explore the implementation of secure and user-friendly mobile two-factor authentication solutions, adding an extra layer of security to online accounts. Learn about the motivation behind commercial 2FA solutions and the importance of user involvement in enhancing security measures.

• Mobile security
• Two-factor authentication
• User involvement
• Online accounts
• Commercial solutions

jazzlynn Follow

Uploaded on Nov 12, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Proximity-Proof: Secure and Usable Mobile Two-Factor Authentication Dianqi Han1, Yimin Chen1, Tao Li1, Rui Zhang2, Yanchao Zhang1, Terri Hedgpeth1 1 2 MobiCom 2018

2. Motivation Commercial mobile two-factor authentication(2FA) solutions

3. Motivation Commercial mobile two-factor authentication(2FA) solutions Mobile 2FA adds your smartphone or other mobile devices as the second layer of security to your online accounts.

4. Motivation Commercial mobile 2FA solutions

5. Motivation Commercial mobile 2FA solutions ID and password password ID and

6. Motivation Commercial mobile 2FA solutions 2FA challenge

7. Motivation Commercial mobile 2FA solutions response challenge response

8. Motivation Commercial mobile 2FA solutions response response response challenge response

9. Motivation Commercial mobile 2FA solutions

10. Motivation Commercial mobile 2FA solutions Require user involvement

11. Motivation Automatic mobile 2FA solutions response response response challenge response

12. Motivation Automatic mobile 2FA solutions 2FA response challenge

13. Motivation Automatic mobile 2FA solutions 2FA response challenge

14. Motivation Automatic mobile 2FA solutions 2FA response challenge

15. Motivation Co-located Attack Man-in-the-Middle(MiM) Attack

16. Goals Usableno user involvement Securerobust against potential attacks Deployable easily deployed Compatible integrated into commercial 2FA solutions

17. Why acoustic channel is vulnerable?

18. Why acoustic channel is vulnerable? Ambiguity of Audio Sources Co-located Attackers

19. Countermeasures Ambiguity of Audio Sources Co-located Attackers

20. Countermeasures Ambiguity of Audio Sources Co-located Attackers Device Identification

21. Countermeasures Ambiguity of Audio Sources Co-located Attackers Device Identification Proximity Verification

22. Proximity-Proof Device Identification Proximity Verification

23. Proximity-Proof 2FA Response Transmission Device Identification Proximity Verification

24. Proximity-Proof 2FA Response Transmission Device Identification Proximity Verification transmit 2FA response via acoustic channels acoustic fingerprint of the phone (audio source) cross-device ranging

25. 2FA Response Transmission (MobiCom 16) OFDM On-Off Keying Reed-Solomon Coding 19.6 19.8 18 18.2 18.4 20 Frequency (KHz)

26. Acoustic Fingerprint Frequency response curve

27. Acoustic Fingerprint Frequency response curve

28. Acoustic Fingerprint Challenge

29. Acoustic Fingerprint Challenge

30. Acoustic Fingerprint Challenge

31. Acoustic Fingerprint Fingerprinting method

32. Acoustic Fingerprint Fingerprinting method

33. Acoustic Fingerprint Fingerprinting method

34. Cross-Device Ranging Beep-Beep [1] no synchronization [1] C. Peng et.al., Sensys, 2007

35. Cross-Device Ranging

36. Proximity-Proof acoustic fingerprint cross-device ranging enrolled phone proximity

37. Proximity-Proof acoustic fingerprint cross-device ranging enrolled phone proximity possession of enrolled phone

38. Proximity-Proof acoustic fingerprint cross-device ranging enrolled phone proximity possession of enrolled phone legal user

39. Evaluation Security MiM attack Co-located attack Usability Latency User experience

40. Evaluation: Security MiM attack The distance is always larger than our pre-defined threshold ( =0.4); In 100 attempts, no attempt succeeds.

41. Evaluation: Security Co-located attack For legal login requests, the authentication succeeds for at least 98% of the cases; For co-located attack, almost none of the authentication attempts can succeed.

42. Evaluation: Usability Latency Duo latency: Duo push, 7.4s; passcode 10.6s; phone call, 30s; Proximity-Proof: The authentication latency is less than 2.5s; Increasing the passcode length does not noticeably increase the authentication latency.

43. Evaluation: Usability User experience Q1 whether Proximity-Proof is easy to use Q2 whether Proximity-proof is faster than Duo Q3 whether Duo is not user friendly Q4 any obtrusive noise from Proximity-Proof Q5 preference of Proximity-Proof (1. strongly disagree; 2. disagree; 3. neutral; 4. agree; 5. strongly agree.)

44. Conclusion Proximity-Proof is deployable and compatible; Proximity-Proof is a zero-effort mobile 2FA solution; Proximity-Proof is secure against co-located attack and MiM attack.

45. Motivation