Comparing and fusing different sensor modalities for relay attack resistance in Zero-Interaction Authentication

Truong, Hien Thi Thu; Gao, Xiang; Shrestha, Babins; Saxena, Nitesh; Asokan, N.; Nurmi, Petteri

doi:10.1109/percom.2014.6813957

Cited by 61 publications

(123 citation statements)

References 16 publications

Supporting

Mentioning

117

Contrasting

Order By: Relevance

“…In addition, contextbased detection assumes that attackers cannot infer the information needed for verification at a distance. For example, GPS coordinates and/or RF packets can be used as contextual information for proximity detection [40][41][42][43].…”

Section: Received Signal Strength Indicator (Rssi)mentioning

confidence: 99%

“…Because it is difficult for exclusively contextual information to be compromised, their method is resilient to attacks. Truong et al proposed a method that uses modalities that can be measured from the sensors of smartphones [42]. They used Wi-Fi signal strength, Bluetooth signal strength, GPS, and audio as contextual information.…”

Section: Received Signal Strength Indicator (Rssi)mentioning

confidence: 99%

See 1 more Smart Citation

Sound-Proximity: 2-Factor Authentication against Relay Attack on Passive Keyless Entry and Start System

Choi

Seo

Lee

2018

Journal of Advanced Transportation

View full text Add to dashboard Cite

Passive keyless entry and start system has been widely used in modern cars. Car owners can open the door or start the engine merely by having the key in their pocket. PKES was originally designed to establish a communication channel between the car and its key within approximately one meter. However, the channel is vulnerable to relay attacks by which attackers unlock the door even if the key is out of range. Even though relay attacks have been recognized as a potential threat for over ten years, such attacks were thought to be impractical due to highly expensive equipment; however, the required cost is gradually practical. Recently, a relay attack has been demonstrated with equipment being sold only under $100. In this paper, we propose a sound-based proximity-detection method to prevent relay attacks on PKES systems. The sound is eligible to be applied to PKES because audio systems are commonly available in cars. We evaluate our method, considering environments where cars are commonly parked, and present the recording time satisfying both usability and security. In addition, we newly define an advanced attack, called the record-and-playback attack, for sound-based proximity detection, demonstrating that our method is robust to such an attack.

show abstract

Section: Received Signal Strength Indicator (Rssi)mentioning

confidence: 99%

Section: Received Signal Strength Indicator (Rssi)mentioning

confidence: 99%

Sound-Proximity: 2-Factor Authentication against Relay Attack on Passive Keyless Entry and Start System

Choi

Seo

Lee

2018

Journal of Advanced Transportation

View full text Add to dashboard Cite

show abstract

“…It is difficult to deduce the total time it took to complete one transaction in its entirety, but the authors use recording durations of 0.6-1.5 seconds. [26] WiFi (Radio Waves) 1 sec More Likely Urien et al [27] Temperature N/A -Mehrnezhad et al [28] Accelerometer 0.6 to 1.5 sec More Likely Truong et al [29] GPS Truong et al [29] evaluated four different sensors across recording durations of 10-120 seconds. Although the results were positive, such a long recording duration renders them unsuitable for realistic NFC-based mobile transactions.…”

Section: Related Workmentioning

confidence: 99%

The Applicability of Ambient Sensors as Proximity Evidence for NFC Transactions

Shepherd¹,

Gurulian²,

Frank

et al. 2017

2017 IEEE Security and Privacy Workshops (SPW)

View full text Add to dashboard Cite

Abstract-Near Field Communication (NFC) has enabled mobile phones to emulate contactless smart cards. Similar to contactless smart cards, they are also susceptible to relay attacks. To counter these, a number of methods have been proposed that rely primarily on ambient sensors as a proximity detection mechanism (also known as an anti-relay mechanism). In this paper, we empirically evaluate a comprehensive set of ambient sensors for their effectiveness as a proximity detection mechanism for NFC contactless-based applications like banking, transport and high-security access controls. We selected 17 sensors available via the Google Android platform. Each sensor, where feasible, was used to record the measurements of 1,000 contactless transactions at four different physical locations. A total of 252 users, a random sample from the university student population, were involved during the field trials. After careful analysis, we conclude that no single evaluated mobile ambient sensor is suitable for proximity detection in NFC-based contactless applications in realistic deployment scenarios. Lastly, we identify a number of potential avenues that may improve their effectiveness.

show abstract

“…In recent years, smartphones' sensor modules, e.g., GPS, accelerometers, microphones and light sensors, have received a lot of attention and thus various sensor-based authentication schemes have been proposed by industry and academia alike [3,4,6,15,11,7,10,8,14,16,12,9,2].…”

Section: Sensor-based Authenticationmentioning

confidence: 99%

“…Based upon their employed sensor type, they can be classified into various sensor types: (i) temperature [11,15], (ii) acceleration [12,8,9,2], (iii) location information [6,14], (iv) RF (Radio Frequency) signals [14,7,16], (v) audio [3,4,10,14], (vi) light [3,4,10], (vii) exhaust gas [11], (viii) humidity [11], and (ix) altitude [11]. Halevi et al proposed a secure proximity detection scheme for a NFC enabled mobile payment system [3,4].…”

Section: Sensor-based Authenticationmentioning

confidence: 99%