DoubleEcho: Mitigating context-manipulation attacks in copresence verification

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Researchers

Research units

  • NEC Corporation
  • University of Helsinki
  • Technische Universität Darmstadt

Abstract

Copresence verification based on context can improve usability and strengthen security of many authentication and access control systems. By sensing and comparing their surroundings, two or more devices can tell whether they are copresent and use this information to make access control decisions. To the best of our knowledge, all context-based copresence verification mechanisms to date are susceptible to context-manipulation attacks. In such attacks, a distributed adversary replicates the same context at the (different) locations of the victim devices, and induces them to believe that they are copresent. In this paper we propose DoubleEcho, a context-based copresence verification technique that leverages acoustic Room Impulse Response (RIR) to mitigate context-manipulation attacks. In DoubleEcho, one device emits a wide-band audible chirp and all participating devices record reflections of the chirp from the surrounding environment. Since RIR is, by its very nature, dependent on the physical surroundings, it constitutes a unique location signature that is hard for an adversary to replicate. We evaluate DoubleEcho by collecting RIR data with various mobile devices and in a range of different locations. We show that DoubleEcho mitigates context-manipulation attacks whereas all other approaches to date are entirely vulnerable to such attacks. DoubleEcho detects copresence (or lack thereof) in roughly 2 seconds and works on commodity devices.

Details

Original languageEnglish
Title of host publication2019 IEEE International Conference on Pervasive Computing and Communications, PerCom 2019
Publication statusPublished - 1 Mar 2019
MoE publication typeA4 Article in a conference publication
EventIEEE International Conference on Pervasive Computing and Communications - Kyoto, Japan
Duration: 12 Mar 201914 Mar 2019

Conference

ConferenceIEEE International Conference on Pervasive Computing and Communications
Abbreviated titlePerCom
CountryJapan
CityKyoto
Period12/03/201914/03/2019

    Research areas

  • Acoustic, Context-manipulation attack, Copresence verification, Reverberation time, Room impulse response

ID: 38580145