STASH: Securing transparent authentication schemes using prover-side proximity verification

TL;DR

STASH enhances transparent authentication by enabling prover-side proximity verification through trajectory comparison, effectively preventing relay attacks while maintaining usability and ease of integration.

Contribution

It introduces a novel relay-resilient approach using trajectory verification with low-cost sensors, improving security of transparent authentication schemes.

Findings

STASH effectively thwarts relay attacks in empirical tests.

The system is efficient and easy to integrate with existing schemes.

Prototype data confirms security and usability benefits.

Abstract

Transparent authentication (TA) schemes are those in which a user is authenticated by a verifier without requiring explicit user interaction. By doing so, those schemes promise high usability and security simultaneously. The majority of TA implementations rely on the received signal strength as an indicator for the proximity of a user device (prover). However, such implicit proximity verification is not secure against an adversary who can relay messages over a larger distance. In this paper, we propose a novel approach for thwarting relay attacks in TA schemes: the prover permits access to authentication credentials only if it can confirm that it is near the verifier. We present STASH, a system for relay-resilient transparent authentication in which the prover does proximity verification by comparing its approach trajectory towards the intended verifier with known authorized reference trajectories. Trajectories are measured using low-cost sensors commonly available on personal devices. We demonstrate the security of STASH against a class of adversaries and its ease-of-use by analyzing empirical data, collected using a STASH prototype. STASH is efficient and can be easily integrated to complement existing TA schemes.