DoubleEcho: Mitigating Context-Manipulation Attacks in Copresence Verification
Hien Thi Thu Truong, Juhani Toivonen, Thien Duc Nguyen and, Claudio Soriente, Sasu Tarkoma, N. Asokan
TL;DR
DoubleEcho uses acoustic Room Impulse Response signatures to verify device copresence, effectively preventing context-manipulation attacks and enhancing security in authentication systems.
Contribution
It introduces a novel RIR-based copresence verification method that is resistant to manipulation, unlike previous approaches.
Findings
DoubleEcho effectively detects copresence within 2 seconds.
It mitigates all tested context-manipulation attacks.
Works on standard mobile devices in various environments.
Abstract
Copresence verification based on context can improve usability and strengthen security of many authentication and access control systems. By sensing and comparing their surroundings, two or more devices can tell whether they are copresent and use this information to make access control decisions. To the best of our knowledge, all context-based copresence verification mechanisms to date are susceptible to context-manipulation attacks. In such attacks, a distributed adversary replicates the same context at the (different) locations of the victim devices, and induces them to believe that they are copresent. In this paper we propose DoubleEcho, a context-based copresence verification technique that leverages acoustic Room Impulse Response (RIR) to mitigate context-manipulation attacks. In DoubleEcho, one device emits a wide-band audible chirp and all participating devices record reflections…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsUser Authentication and Security Systems · Advanced Authentication Protocols Security · RFID technology advancements