TU Darmstadt / ULB / TUbiblio

DoubleEcho: Mitigating Context-Manipulation Attacks in Copresence Verification

Truong, Hien Thi Thu ; Toivonen, Juhani ; Nguyen, Thien Duc ; Soriente, Claudio ; Tarkoma, Sasu ; Asokan, N. (2019)
DoubleEcho: Mitigating Context-Manipulation Attacks in Copresence Verification.
IEEE International Conference on Pervasive Computing and Communications (PerCom2019). Kyoto, Japan (11.03.2019-15.03.2019)
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Copresence verification based on context can improve usability and strengthen security of many authentication and access control systems. By sensing and comparing their surroundings, two or more devices can tell whether they are copresent and use such information to make access control decisions. To the best of our knowledge, all context-based copresence verification mechanisms to date are susceptible to context-manipulation attacks. In such attacks, a distributed adversary replicates the same context at the (different) locations of the victim devices, and induces them to conclude that they are copresent. In this paper we propose DoubleEcho, a copresence verification scheme based on acoustic Room Impulse Response (RIR) that mitigates context-manipulation attacks. In DoubleEcho, one device emits a short, wide-band audible chirp and all participating devices record reflections of the chirp from the surrounding environment. Since RIR is, by its very nature, dependent on the physical surroundings, it constitutes a unique location signature that is hard for an adversary to replicate. We evaluate DoubleEcho by collecting RIR data with various mobile devices and in different locations. DoubleEcho exhibits robustness to context-manipulation attacks with a false positive rate can be as low as 0.089, whereas all other approaches to date are entirely vulnerable to such attacks. The false negative rate can be as low as 0.021. DoubleEcho detects copresence (or lack thereof) in roughly 2 seconds and works on commodity devices.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2019
Autor(en): Truong, Hien Thi Thu ; Toivonen, Juhani ; Nguyen, Thien Duc ; Soriente, Claudio ; Tarkoma, Sasu ; Asokan, N.
Art des Eintrags: Bibliographie
Titel: DoubleEcho: Mitigating Context-Manipulation Attacks in Copresence Verification
Sprache: Englisch
Publikationsjahr: 1 März 2019
Ort: Kyoto, Japan
Veranstaltungstitel: IEEE International Conference on Pervasive Computing and Communications (PerCom2019)
Veranstaltungsort: Kyoto, Japan
Veranstaltungsdatum: 11.03.2019-15.03.2019
Kurzbeschreibung (Abstract):

Copresence verification based on context can improve usability and strengthen security of many authentication and access control systems. By sensing and comparing their surroundings, two or more devices can tell whether they are copresent and use such information to make access control decisions. To the best of our knowledge, all context-based copresence verification mechanisms to date are susceptible to context-manipulation attacks. In such attacks, a distributed adversary replicates the same context at the (different) locations of the victim devices, and induces them to conclude that they are copresent. In this paper we propose DoubleEcho, a copresence verification scheme based on acoustic Room Impulse Response (RIR) that mitigates context-manipulation attacks. In DoubleEcho, one device emits a short, wide-band audible chirp and all participating devices record reflections of the chirp from the surrounding environment. Since RIR is, by its very nature, dependent on the physical surroundings, it constitutes a unique location signature that is hard for an adversary to replicate. We evaluate DoubleEcho by collecting RIR data with various mobile devices and in different locations. DoubleEcho exhibits robustness to context-manipulation attacks with a false positive rate can be as low as 0.089, whereas all other approaches to date are entirely vulnerable to such attacks. The false negative rate can be as low as 0.021. DoubleEcho detects copresence (or lack thereof) in roughly 2 seconds and works on commodity devices.

Freie Schlagworte: Primitives; P3
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
DFG-Sonderforschungsbereiche (inkl. Transregio)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen
Hinterlegungsdatum: 21 Jan 2019 08:13
Letzte Änderung: 03 Jul 2024 06:27
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen