Drone to the Rescue: Relay-Resilient Authentication using Ambient Multi-sensing

  • Babins Shrestha
  • Nitesh Saxena
  • Hien Thi Thu Truong
  • N. Asokan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8437)

Abstract

Many mobile and wireless authentication systems are prone to relay attacks whereby two non co-presence colluding entities can subvert the authentication functionality by simply relaying the data between a legitimate prover (\({\mathcal {P}}\)) and verifier (\({\mathcal {V}}\)). Examples include payment systems involving NFC and RFID devices, and zero-interaction token-based authentication approaches. Utilizing the contextual information to determine \({\mathcal {P}}\)-\({\mathcal {V}}\) proximity, or lack thereof, is a recently proposed approach to defend against relay attacks. Prior work considered WiFi, Bluetooth, GPS and Audio as different contextual modalities for the purpose of relay-resistant authentication.

In this paper, we explore purely ambient physical sensing capabilities to address the problem of relay attacks in authentication systems. Specifically, we consider the use of four new sensor modalities, ambient temperature, precision gas, humidity, and altitude, for \({\mathcal {P}}\)-\({\mathcal {V}}\) proximity detection. Using an off-the-shelf ambient sensing platform, called Sensordrone, connected to Android devices, we show that combining these different modalities provides a robust proximity detection mechanism, yielding very low false positives (security against relay attacks) and very low false negatives (good usability). Such use of multiple ambient sensor modalities offers unique security advantages over traditional sensors (WiFi, Bluetooth, GPS or Audio) because it requires the attacker to simultaneously manipulate the multiple characteristics of the physical environment.

Keywords

Relay attacks Proximity detection Environmental sensors 

Notes

Acknowledgments

This work was partially supported by a Google Faculty Research Award, and a US NSF grant (CNS-1201927). We thank the FC’14 anonymous reviewers for their useful feedback.

References

  1. 1.
    Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  2. 2.
    Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)CrossRefMATHGoogle Scholar
  3. 3.
  4. 4.
    Corner, M.D., Noble, B.D.: Zero-interaction authentication. In: Proceedings of 8th Annual International Conference on Mobile Computing and Networking. MobiCom’02, pp. 1–11. ACM, New York (2002)Google Scholar
  5. 5.
    Czeskis, A., Dietz, M., Kohno, T., Wallach, D., Balfanz, D.: Strengthening user authentication through opportunistic cryptographic identity assertions. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security. CCS ’12, pp. 404–414. ACM, New York (2012)Google Scholar
  6. 6.
    Desmedt, Y., Goutier, C., Bengio, S.: Special uses and abuses of the Fiat-Shamir passport protocol. In: Pomerance, Carl (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988)Google Scholar
  7. 7.
    Dolev, D., Yao, A.C.-C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–207 (1983)CrossRefMATHMathSciNetGoogle Scholar
  8. 8.
    Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: 16th USENIX Security Symposium, August 2007Google Scholar
  9. 9.
    Francillon, A., Danev, B., Capkun, S.: Relay attacks on passive keyless entry and start systems in modern cars. Cryptology ePrint Archive, Report 2010/332 (2010). http://eprint.iacr.org/
  10. 10.
    Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical NFC peer-to-peer relay attack using mobile phones. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 35–49. Springer, Heidelberg (2010)Google Scholar
  11. 11.
    Halevi, T., Ma, D., Saxena, N., Xiang, T.: Secure proximity detection for NFC devices based on ambient sensor data. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 379–396. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  12. 12.
    Hall, M., et al.: The weka data mining software: an update. SIGKDD Explor. Newsl. 11(1), 10–18 (2009)CrossRefGoogle Scholar
  13. 13.
    Hancke, G.: Practical attacks on proximity identification systems (short paper). In: IEEE Symposium on Security and Privacy (2006)Google Scholar
  14. 14.
    Hancke, G.P., Kuhn, M.G.: Attacks on time-of-flight distance bounding channels. In: Proceedings of the first ACM Conference on Wireless Network Security. WiSec ’08, pp. 194–202. ACM, New York (2008)Google Scholar
  15. 15.
    Kfir, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard. In: Security and Privacy for Emerging Areas in Communications Networks (Securecomm) (2005)Google Scholar
  16. 16.
    Krumm, J., Hinckley, K.: The NearMe wireless proximity server. In: Mynatt, E.D., Siio, I. (eds.) UbiComp 2004. LNCS, vol. 3205, pp. 283–300. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Meier, R.: Professional Android 4 Application Development. Wiley, New York (2012)Google Scholar
  18. 18.
    Narayanan, A., Thiagarajan, N., Lakhani, M., Hamburg, M., Boneh, D.: Location privacy via private proximity testing. In: Proceedings of the Network and Distributed System Security Symposium. NDSS (2011)Google Scholar
  19. 19.
    Nguyen, N., Sigg, S., Huynh, A., Ji, Y.: Pattern-based alignment of audio data for ad hoc secure device pairing. In: 16th International Symposium on Wearable Computers. ISWC, pp. 88–91. IEEE (2012)Google Scholar
  20. 20.
    Nguyen, N., Sigg, S., Huynh, A., Ji, Y.: Using ambient audio in secure mobile phone communication. In: 2012 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 431–434. IEEE (2012)Google Scholar
  21. 21.
    National Oceanic and Atmospheric Administration: Pressure altitude. http://www.wrh.noaa.gov/slc/projects/wxcalc/formulas/pressureAltitude.pdf
  22. 22.
    Roveti, D.K.: Choosing a humidity sensor: a review of three technologies this discussion of the operating principles of capacitive, resisitive, and thermal conductivity humidity sensors also addresses their advantages, disadvantages, and applications. Sensors - J. Appl. Sensing Technol. 18(7), 54–58 (2001)Google Scholar
  23. 23.
    Rudolph, M.: Sensordrone-control, March 2013. https://github.com/Sensorcon/Sensordrone-Control
  24. 24.
    Schurmann, D., Sigg, S.: Secure communication based on ambient audio. IEEE Trans. Mob. Comput. 12(2), 358–370 (2013)CrossRefGoogle Scholar
  25. 25.
    Sensordrone. Sensorcon: Sensordrone, preliminary specifications, rev. d: Specifications & user guide, November 2012. http://developer.sensordrone.com/forum/download/file.php?id=10
  26. 26.
    Treacy, M.: 10 environmental sensors that go along with you, February 2009. http://www.treehugger.com/clean-technology/environmental-sensors.html
  27. 27.
    Truong, H.T.T., Gao, X., Shrestha, B., Saxena, N., Asokan, N., Nurmi, P.: Comparing and fusing different sensor modalities for relay attack resistance in zero-interaction authentication. In: IEEE International Conference on Pervasive Computing and Communications. PerCom (2014)Google Scholar
  28. 28.
    Urien, P., Piramuthu, S.: Elliptic curve-based RFID/NFC authentication with temperature sensor input for relay attacks. Dec. Support Syst. 59, 28–36 (2014)CrossRefGoogle Scholar
  29. 29.
    Varshavsky, A., Scannell, A., LaMarca, A., de Lara, E.: Amigo: proximity-based authentication of mobile devices. In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds.) UbiComp 2007. LNCS, vol. 4717, pp. 253–270. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  30. 30.
    Webb, G.I.: Multiboosting: a technique for combining boosting and wagging. Mach. Learn. 40(2), 159–196 (2000)CrossRefGoogle Scholar
  31. 31.
    Widlar, R.: An exact expression for the thermal variation of the emitter base voltage of bi-polar transistors. Proc. IEEE 55(1), 96–97 (1967)CrossRefGoogle Scholar
  32. 32.
    Yurish, S.: Smartphone sensing: what sensors would we like to have in the future smartphones? http://www.iaria.org/conferences2012/filesSENSORDEVICES12/Yurish_Smartphone_Sensing.pdf

Copyright information

© International Financial Cryptography Association 2014

Authors and Affiliations

  • Babins Shrestha
    • 1
  • Nitesh Saxena
    • 1
  • Hien Thi Thu Truong
    • 2
  • N. Asokan
    • 2
    • 3
  1. 1.University of Alabama at BirminghamBirminghamUSA
  2. 2.University of HelsinkiHelsinkiFinland
  3. 3.Aalto UniversityEspooFinland

Personalised recommendations