Sensor-Based Proximity Detection in the Face of Active Adversaries
Academic Article
Overview
Research
Identity
Additional Document Info
Other
View All
Overview
abstract
Context-centric sensor-based proximity detection (or, contextual co-presence detection) is a promising approach to defend against relay attacks in many mobile authentication systems, especially against unattended terminals (such as cars parked in unmonitored parking lots, remote gas station pumps, or stolen laptops). Prior work demonstrated the effectiveness of a variety of contextual sensor modalities for this purpose, including audio-radio environment (ambient audio, Wi-Fi, Bluetooth, and GPS, and combinations thereof) and physical environment (temperature, humidity, gas, and altitude, and combinations thereof). In this paper, we present a systematic assessment of such co-presence detection in the presence of a strong, context-manipulating attacker against unattended terminals. First, we show that it is feasible to manipulate, consistently control, and stabilize the readings of different acoustic and physical environment sensors (and even multiple sensors simultaneously) using low-cost, off-the-shelf equipment. Specifically, we show that it is possible to control the temperature using a home-grade hair dryer, affect the gas readings using a smoking cigarette, impact the altitude/pressure with a simple air compressor, or relay audio signals recorded at one end to the other thereby causing both sides to perceive a very similar acoustic environment. Second, based on these capabilities and the strengthened threat model, we show that an attacker who can manipulate the context gains a significant advantage in defeating contextual co-presence detection. For systems that use multiple sensors, we investigate two sensor fusion approaches based on machine learning classification techniques-features-fusion and decisions-fusion, and show that both are vulnerable to context manipulation attacks but the latter approach can be more resistant in some cases. We further consider other defensive approaches that may be used to reduce the impact of even such a strong context-manipulating attacker. Our work represents the first concrete step towards analyzing, extending, and systematizing prior work on contextual co-presence detection under a stronger, but realistic adversarial model.
