DoubleEcho: Mitigating context-manipulation attacks in copresence verification

Hien Thi Thu Truong, Juhani Toivonen, Thien Duc Nguyen, Claudio Soriente, Sasu Tarkoma, N. Asokan

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Abstract

Copresence verification based on context can improve usability and strengthen security of many authentication and access control systems. By sensing and comparing their surroundings, two or more devices can tell whether they are copresent and use this information to make access control decisions. To the best of our knowledge, all context-based copresence verification mechanisms to date are susceptible to context-manipulation attacks. In such attacks, a distributed adversary replicates the same context at the (different) locations of the victim devices, and induces them to believe that they are copresent. In this paper we propose DoubleEcho, a context-based copresence verification technique that leverages acoustic Room Impulse Response (RIR) to mitigate context-manipulation attacks. In DoubleEcho, one device emits a wide-band audible chirp and all participating devices record reflections of the chirp from the surrounding environment. Since RIR is, by its very nature, dependent on the physical surroundings, it constitutes a unique location signature that is hard for an adversary to replicate. We evaluate DoubleEcho by collecting RIR data with various mobile devices and in a range of different locations. We show that DoubleEcho mitigates context-manipulation attacks whereas all other approaches to date are entirely vulnerable to such attacks. DoubleEcho detects copresence (or lack thereof) in roughly 2 seconds and works on commodity devices.

Original languageEnglish
Title of host publication2019 IEEE International Conference on Pervasive Computing and Communications, PerCom 2019
PublisherIEEE
ISBN (Electronic)9781538691489
DOIs
Publication statusPublished - 1 Mar 2019
MoE publication typeA4 Article in a conference publication
EventIEEE International Conference on Pervasive Computing and Communications - Kyoto, Japan
Duration: 12 Mar 201914 Mar 2019

Conference

ConferenceIEEE International Conference on Pervasive Computing and Communications
Abbreviated titlePerCom
CountryJapan
CityKyoto
Period12/03/201914/03/2019

Keywords

  • Acoustic
  • Context-manipulation attack
  • Copresence verification
  • Reverberation time
  • Room impulse response

Fingerprint Dive into the research topics of 'DoubleEcho: Mitigating context-manipulation attacks in copresence verification'. Together they form a unique fingerprint.

Cite this