Proximity-Proof: Secure and Usable Mobile Two-Factor Authentication

Slide Note
Embed
Share

Explore the implementation of secure and user-friendly mobile two-factor authentication solutions, adding an extra layer of security to online accounts. Learn about the motivation behind commercial 2FA solutions and the importance of user involvement in enhancing security measures.


Uploaded on Nov 12, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Proximity-Proof: Secure and Usable Mobile Two-Factor Authentication Dianqi Han1, Yimin Chen1, Tao Li1, Rui Zhang2, Yanchao Zhang1, Terri Hedgpeth1 1 2 MobiCom 2018

  2. Motivation Commercial mobile two-factor authentication(2FA) solutions

  3. Motivation Commercial mobile two-factor authentication(2FA) solutions Mobile 2FA adds your smartphone or other mobile devices as the second layer of security to your online accounts.

  4. Motivation Commercial mobile 2FA solutions

  5. Motivation Commercial mobile 2FA solutions ID and password password ID and

  6. Motivation Commercial mobile 2FA solutions 2FA challenge

  7. Motivation Commercial mobile 2FA solutions response challenge response

  8. Motivation Commercial mobile 2FA solutions response response response challenge response

  9. Motivation Commercial mobile 2FA solutions

  10. Motivation Commercial mobile 2FA solutions Require user involvement

  11. Motivation Automatic mobile 2FA solutions response response response challenge response

  12. Motivation Automatic mobile 2FA solutions 2FA response challenge

  13. Motivation Automatic mobile 2FA solutions 2FA response challenge

  14. Motivation Automatic mobile 2FA solutions 2FA response challenge

  15. Motivation Co-located Attack Man-in-the-Middle(MiM) Attack

  16. Goals Usableno user involvement Securerobust against potential attacks Deployable easily deployed Compatible integrated into commercial 2FA solutions

  17. Why acoustic channel is vulnerable?

  18. Why acoustic channel is vulnerable? Ambiguity of Audio Sources Co-located Attackers

  19. Countermeasures Ambiguity of Audio Sources Co-located Attackers

  20. Countermeasures Ambiguity of Audio Sources Co-located Attackers Device Identification

  21. Countermeasures Ambiguity of Audio Sources Co-located Attackers Device Identification Proximity Verification

  22. Proximity-Proof Device Identification Proximity Verification

  23. Proximity-Proof 2FA Response Transmission Device Identification Proximity Verification

  24. Proximity-Proof 2FA Response Transmission Device Identification Proximity Verification transmit 2FA response via acoustic channels acoustic fingerprint of the phone (audio source) cross-device ranging

  25. 2FA Response Transmission (MobiCom 16) OFDM On-Off Keying Reed-Solomon Coding 19.6 19.8 18 18.2 18.4 20 Frequency (KHz)

  26. Acoustic Fingerprint Frequency response curve

  27. Acoustic Fingerprint Frequency response curve

  28. Acoustic Fingerprint Challenge

  29. Acoustic Fingerprint Challenge

  30. Acoustic Fingerprint Challenge

  31. Acoustic Fingerprint Fingerprinting method

  32. Acoustic Fingerprint Fingerprinting method

  33. Acoustic Fingerprint Fingerprinting method

  34. Cross-Device Ranging Beep-Beep [1] no synchronization [1] C. Peng et.al., Sensys, 2007

  35. Cross-Device Ranging

  36. Proximity-Proof acoustic fingerprint cross-device ranging enrolled phone proximity

  37. Proximity-Proof acoustic fingerprint cross-device ranging enrolled phone proximity possession of enrolled phone

  38. Proximity-Proof acoustic fingerprint cross-device ranging enrolled phone proximity possession of enrolled phone legal user

  39. Evaluation Security MiM attack Co-located attack Usability Latency User experience

  40. Evaluation: Security MiM attack The distance is always larger than our pre-defined threshold ( =0.4); In 100 attempts, no attempt succeeds.

  41. Evaluation: Security Co-located attack For legal login requests, the authentication succeeds for at least 98% of the cases; For co-located attack, almost none of the authentication attempts can succeed.

  42. Evaluation: Usability Latency Duo latency: Duo push, 7.4s; passcode 10.6s; phone call, 30s; Proximity-Proof: The authentication latency is less than 2.5s; Increasing the passcode length does not noticeably increase the authentication latency.

  43. Evaluation: Usability User experience Q1 whether Proximity-Proof is easy to use Q2 whether Proximity-proof is faster than Duo Q3 whether Duo is not user friendly Q4 any obtrusive noise from Proximity-Proof Q5 preference of Proximity-Proof (1. strongly disagree; 2. disagree; 3. neutral; 4. agree; 5. strongly agree.)

  44. Conclusion Proximity-Proof is deployable and compatible; Proximity-Proof is a zero-effort mobile 2FA solution; Proximity-Proof is secure against co-located attack and MiM attack.

  45. Motivation

Related


More Related Content