Sensor-based Proximity Detection in the Face of Active Adversaries

TL;DR

This paper evaluates the vulnerability of sensor-based proximity detection systems to active attackers who manipulate environmental sensor readings, revealing significant security challenges and limitations of current sensor fusion defenses.

Contribution

It systematically demonstrates the feasibility of manipulating environmental sensors and assesses the effectiveness of sensor fusion methods against such attacks.

Findings

Sensor readings can be manipulated with off-the-shelf equipment.

Manipulation significantly undermines proximity detection security.

Sensor fusion methods show varying resistance to attacks.

Abstract

Contextual proximity detection (or, co-presence detection) is a promising approach to defend against relay attacks in many mobile authentication systems. We present a systematic assessment of co-presence detection in the presence of a context-manipulating attacker. First, we show that it is feasible to manipulate, consistently control and stabilize the readings of different acoustic and physical environment sensors (and even multiple sensors simultaneously) using low-cost, off-the-shelf equipment. Second, based on these capabilities, we show that an attacker who can manipulate the context gains a significant advantage in defeating context-based co-presence detection. For systems that use multiple sensors, we investigate two sensor fusion approaches based on machine learning techniques: features-fusion and decisions-fusion, and show that both are vulnerable to contextual attacks but the latter approach can be more resistant in some cases.