UAB - The University of Alabama at Birmingham

Contextual Security

Zero-Interaction Authentication (ZIA) refers to approaches that authenticate a user to a verifier (terminal) without any user interaction. Currently deployed ZIA solutions are predominantly based on the terminal detecting the proximity of the user’s personal device, or a security token, by running an authentication protocol over a short-range wireless communication channel. Unfortunately, this simple approach is highly vulnerable to low-cost and practical relay attacks which completely offset the usability benefits of ZIA. The use of contextual information, gathered via on-board sensors, to detect the co-presence of the user and the verifier is a recently proposed mechanism to resist relay attacks.

Zero Interaction Authentication (Benign Scenario)

Figure 1: Zero Interaction Authentication (Benign Scenario)

 

As a case in point, we systematically investigate the performance of different sensor modalities for co-presence detection with respect to a standard Dolev-Yao adversary. We compare the performance of four commonly available sensor modalities (Wi-Fi, Bluetooth, GPS, and Audio) in resisting ZIA relay attacks. Further, we compare four new ambient environment sensor modalities, ambient temperature, precision gas, humidity, and altitude utilizing an off-the-shelf device called Sensordrone. Then, we show that, compared to any single modality, fusing multiple modalities improves resilience against ZIA relay attacks while retaining a high level of usability. Finally, we motivate the need for a stronger adversarial model to characterize an attacker who can compromise the integrity of context sensing itself. We show that in the presence of such a powerful attacker, each individual sensor modality offers very low security. Positively, the use of multiple sensor modalities improves security against such an attacker if the attacker cannot compromise multiple modalities simultaneously.

 

Zero Interaction Authentication (Attack Scenario)

Figure 2: Zero Interaction Authentication (Attack Scenario)

People

Faculty

Student

  • Babins Shrestha (PhD student; Now Sr. Information Security Analyst at VISA Inc.)

External Collaborators:

  • Xiang Gao (MS student; University of Helsinki; Now Software Engineer at LiveRing)
  • Hien Thi Thu Truong (Postdoctoral Researcher; University of Helsinki; Now Research Scientist at NEC Laboratories Europe GmbH)
  • Petteri Nurmi (Senior Researcher; University of Helsinki; Now Lecturer at Lancaster University)
  • N. Asokan (Professor; Aalto University and University of Helsinki)

Publication