12,380 research outputs found
DoubleEcho: Mitigating Context-Manipulation Attacks in Copresence Verification
Copresence verification based on context can improve usability and strengthen
security of many authentication and access control systems. By sensing and
comparing their surroundings, two or more devices can tell whether they are
copresent and use this information to make access control decisions. To the
best of our knowledge, all context-based copresence verification mechanisms to
date are susceptible to context-manipulation attacks. In such attacks, a
distributed adversary replicates the same context at the (different) locations
of the victim devices, and induces them to believe that they are copresent. In
this paper we propose DoubleEcho, a context-based copresence verification
technique that leverages acoustic Room Impulse Response (RIR) to mitigate
context-manipulation attacks. In DoubleEcho, one device emits a wide-band
audible chirp and all participating devices record reflections of the chirp
from the surrounding environment. Since RIR is, by its very nature, dependent
on the physical surroundings, it constitutes a unique location signature that
is hard for an adversary to replicate. We evaluate DoubleEcho by collecting RIR
data with various mobile devices and in a range of different locations. We show
that DoubleEcho mitigates context-manipulation attacks whereas all other
approaches to date are entirely vulnerable to such attacks. DoubleEcho detects
copresence (or lack thereof) in roughly 2 seconds and works on commodity
devices
Survey and Systematization of Secure Device Pairing
Secure Device Pairing (SDP) schemes have been developed to facilitate secure
communications among smart devices, both personal mobile devices and Internet
of Things (IoT) devices. Comparison and assessment of SDP schemes is
troublesome, because each scheme makes different assumptions about out-of-band
channels and adversary models, and are driven by their particular use-cases. A
conceptual model that facilitates meaningful comparison among SDP schemes is
missing. We provide such a model. In this article, we survey and analyze a wide
range of SDP schemes that are described in the literature, including a number
that have been adopted as standards. A system model and consistent terminology
for SDP schemes are built on the foundation of this survey, which are then used
to classify existing SDP schemes into a taxonomy that, for the first time,
enables their meaningful comparison and analysis.The existing SDP schemes are
analyzed using this model, revealing common systemic security weaknesses among
the surveyed SDP schemes that should become priority areas for future SDP
research, such as improving the integration of privacy requirements into the
design of SDP schemes. Our results allow SDP scheme designers to create schemes
that are more easily comparable with one another, and to assist the prevention
of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications
Surveys & Tutorials 2017 (Volume: PP, Issue: 99
Security by Spatial Reference:Using Relative Positioning to Authenticate Devices for Spontaneous Interaction
Spontaneous interaction is a desirable characteristic associated with mobile and ubiquitous computing. The aim is to enable users to connect their personal devices with devices encountered in their environment in order to take advantage of interaction opportunities in accordance with their situation. However, it is difficult to secure spontaneous interaction as this requires authentication of the encountered device, in the absence of any prior knowledge of the device. In this paper we present a method for establishing and securing spontaneous interactions on the basis of emphspatial references that capture the spatial relationship of the involved devices. Spatial references are obtained by accurate sensing of relative device positions, presented to the user for initiation of interactions, and used in a peer authentication protocol that exploits a novel mechanism for message transfer over ultrasound to ensures spatial authenticity of the sender
Shake well before use: Authentication based on Accelerometer Data
Small, mobile devices without user interfaces, such as Bluetooth headsets, often need to communicate securely over wireless networks. Active attacks can only be prevented by authenticating wireless communication, which is problematic when devices do not have any a priori information about each other. We introduce a new method for device-to-device authentication by shaking devices together. This paper describes two protocols for combining cryptographic authentication techniques with known methods of accelerometer data analysis to the effect of generating authenticated, secret keys. The protocols differ in their design, one being more conservative from a security point of view, while the other allows more dynamic interactions. Three experiments are used to optimize and validate our proposed authentication method
Acoustic Integrity Codes: Secure Device Pairing Using Short-Range Acoustic Communication
Secure Device Pairing (SDP) relies on an out-of-band channel to authenticate
devices. This requires a common hardware interface, which limits the use of
existing SDP systems. We propose to use short-range acoustic communication for
the initial pairing. Audio hardware is commonly available on existing
off-the-shelf devices and can be accessed from user space without requiring
firmware or hardware modifications. We improve upon previous approaches by
designing Acoustic Integrity Codes (AICs): a modulation scheme that provides
message authentication on the acoustic physical layer. We analyze their
security and demonstrate that we can defend against signal cancellation attacks
by designing signals with low autocorrelation. Our system can detect
overshadowing attacks using a ternary decision function with a threshold. In
our evaluation of this SDP scheme's security and robustness, we achieve a bit
error ratio below 0.1% for a net bit rate of 100 bps with a signal-to-noise
ratio (SNR) of 14 dB. Using our open-source proof-of-concept implementation on
Android smartphones, we demonstrate pairing between different smartphone
models.Comment: 11 pages, 11 figures. Published at ACM WiSec 2020 (13th ACM
Conference on Security and Privacy in Wireless and Mobile Networks). Updated
reference
Why It Takes So Long to Connect to a WiFi Access Point
Today's WiFi networks deliver a large fraction of traffic. However, the
performance and quality of WiFi networks are still far from satisfactory. Among
many popular quality metrics (throughput, latency), the probability of
successfully connecting to WiFi APs and the time cost of the WiFi connection
set-up process are the two of the most critical metrics that affect WiFi users'
experience. To understand the WiFi connection set-up process in real-world
settings, we carry out measurement studies on million mobile users from
representative cities associating with million APs in billion WiFi
sessions, collected from a mobile "WiFi Manager" App that tops the Android/iOS
App market. To the best of our knowledge, we are the first to do such large
scale study on: how large the WiFi connection set-up time cost is, what factors
affect the WiFi connection set-up process, and what can be done to reduce the
WiFi connection set-up time cost. Based on the measurement analysis, we develop
a machine learning based AP selection strategy that can significantly improve
WiFi connection set-up performance, against the conventional strategy purely
based on signal strength, by reducing the connection set-up failures from
to and reducing time costs of the connection set-up
processes by more than times.Comment: 11pages, conferenc
- ā¦