DoubleEcho: Mitigating context-manipulation attacks in copresence verification

Hien Thi Thu Truong; Juhani Toivonen; Thien Duc Nguyen; Claudio Soriente; Sasu Tarkoma; N. Asokan

doi:10.1109/PERCOM.2019.8767404

DoubleEcho: Mitigating context-manipulation attacks in copresence verification

Hien Thi Thu Truong, Juhani Toivonen, Thien Duc Nguyen, Claudio Soriente, Sasu Tarkoma, N. Asokan

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

Abstract

Copresence verification based on context can improve usability and strengthen security of many authentication and access control systems. By sensing and comparing their surroundings, two or more devices can tell whether they are copresent and use this information to make access control decisions. To the best of our knowledge, all context-based copresence verification mechanisms to date are susceptible to context-manipulation attacks. In such attacks, a distributed adversary replicates the same context at the (different) locations of the victim devices, and induces them to believe that they are copresent. In this paper we propose DoubleEcho, a context-based copresence verification technique that leverages acoustic Room Impulse Response (RIR) to mitigate context-manipulation attacks. In DoubleEcho, one device emits a wide-band audible chirp and all participating devices record reflections of the chirp from the surrounding environment. Since RIR is, by its very nature, dependent on the physical surroundings, it constitutes a unique location signature that is hard for an adversary to replicate. We evaluate DoubleEcho by collecting RIR data with various mobile devices and in a range of different locations. We show that DoubleEcho mitigates context-manipulation attacks whereas all other approaches to date are entirely vulnerable to such attacks. DoubleEcho detects copresence (or lack thereof) in roughly 2 seconds and works on commodity devices.

Original language	English
Title of host publication	2019 IEEE International Conference on Pervasive Computing and Communications, PerCom 2019
Publisher	IEEE
ISBN (Electronic)	9781538691489
DOIs	https://doi.org/10.1109/PERCOM.2019.8767404
Publication status	Published - 1 Mar 2019
MoE publication type	A4 Conference publication
Event	IEEE International Conference on Pervasive Computing and Communications - Kyoto, Japan Duration: 12 Mar 2019 → 14 Mar 2019

Conference

Conference	IEEE International Conference on Pervasive Computing and Communications
Abbreviated title	PerCom
Country/Territory	Japan
City	Kyoto
Period	12/03/2019 → 14/03/2019

Funding

This work was supported by the Intel Collaborative Research Institute for Secure Computing. This paper has received funding from the European Unions Horizon 2020 research and innovation programme under grant agreement No 779852. We thank Emmanuel Vincent (INRIA) for his initial discussion and for the Matlab source code to compute RIR; Jens Matthias Bohli (NEC) and Petteri Nurmi (University of Helsinki) for their insightful discussions and comments.

Keywords

Acoustic
Context-manipulation attack
Copresence verification
Reverberation time
Room impulse response

Access to Document

10.1109/PERCOM.2019.8767404

https://arxiv.org/abs/1803.07211

Cite this

@inproceedings{111402a167f840f885a44e55b16439bf,

title = "DoubleEcho: Mitigating context-manipulation attacks in copresence verification",

abstract = "Copresence verification based on context can improve usability and strengthen security of many authentication and access control systems. By sensing and comparing their surroundings, two or more devices can tell whether they are copresent and use this information to make access control decisions. To the best of our knowledge, all context-based copresence verification mechanisms to date are susceptible to context-manipulation attacks. In such attacks, a distributed adversary replicates the same context at the (different) locations of the victim devices, and induces them to believe that they are copresent. In this paper we propose DoubleEcho, a context-based copresence verification technique that leverages acoustic Room Impulse Response (RIR) to mitigate context-manipulation attacks. In DoubleEcho, one device emits a wide-band audible chirp and all participating devices record reflections of the chirp from the surrounding environment. Since RIR is, by its very nature, dependent on the physical surroundings, it constitutes a unique location signature that is hard for an adversary to replicate. We evaluate DoubleEcho by collecting RIR data with various mobile devices and in a range of different locations. We show that DoubleEcho mitigates context-manipulation attacks whereas all other approaches to date are entirely vulnerable to such attacks. DoubleEcho detects copresence (or lack thereof) in roughly 2 seconds and works on commodity devices.",

keywords = "Acoustic, Context-manipulation attack, Copresence verification, Reverberation time, Room impulse response",

author = "\{Thu Truong\}, \{Hien Thi\} and Juhani Toivonen and Nguyen, \{Thien Duc\} and Claudio Soriente and Sasu Tarkoma and N. Asokan",

note = "| openaire: EC/H2020/779852/EU//IoTCrawler ; IEEE International Conference on Pervasive Computing and Communications, PerCom ; Conference date: 12-03-2019 Through 14-03-2019",

year = "2019",

month = mar,

day = "1",

doi = "10.1109/PERCOM.2019.8767404",

language = "English",

booktitle = "2019 IEEE International Conference on Pervasive Computing and Communications, PerCom 2019",

publisher = "IEEE",

address = "United States",

}

Thu Truong, HT, Toivonen, J, Nguyen, TD, Soriente, C, Tarkoma, S & Asokan, N 2019, DoubleEcho: Mitigating context-manipulation attacks in copresence verification. in 2019 IEEE International Conference on Pervasive Computing and Communications, PerCom 2019., 8767404, IEEE, IEEE International Conference on Pervasive Computing and Communications, Kyoto, Japan, 12/03/2019. https://doi.org/10.1109/PERCOM.2019.8767404

DoubleEcho: Mitigating context-manipulation attacks in copresence verification. / Thu Truong, Hien Thi; Toivonen, Juhani; Nguyen, Thien Duc et al.
2019 IEEE International Conference on Pervasive Computing and Communications, PerCom 2019. IEEE, 2019. 8767404.

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - DoubleEcho

T2 - IEEE International Conference on Pervasive Computing and Communications

AU - Thu Truong, Hien Thi

AU - Toivonen, Juhani

AU - Nguyen, Thien Duc

AU - Soriente, Claudio

AU - Tarkoma, Sasu

AU - Asokan, N.

N1 - | openaire: EC/H2020/779852/EU//IoTCrawler

PY - 2019/3/1

Y1 - 2019/3/1

N2 - Copresence verification based on context can improve usability and strengthen security of many authentication and access control systems. By sensing and comparing their surroundings, two or more devices can tell whether they are copresent and use this information to make access control decisions. To the best of our knowledge, all context-based copresence verification mechanisms to date are susceptible to context-manipulation attacks. In such attacks, a distributed adversary replicates the same context at the (different) locations of the victim devices, and induces them to believe that they are copresent. In this paper we propose DoubleEcho, a context-based copresence verification technique that leverages acoustic Room Impulse Response (RIR) to mitigate context-manipulation attacks. In DoubleEcho, one device emits a wide-band audible chirp and all participating devices record reflections of the chirp from the surrounding environment. Since RIR is, by its very nature, dependent on the physical surroundings, it constitutes a unique location signature that is hard for an adversary to replicate. We evaluate DoubleEcho by collecting RIR data with various mobile devices and in a range of different locations. We show that DoubleEcho mitigates context-manipulation attacks whereas all other approaches to date are entirely vulnerable to such attacks. DoubleEcho detects copresence (or lack thereof) in roughly 2 seconds and works on commodity devices.

AB - Copresence verification based on context can improve usability and strengthen security of many authentication and access control systems. By sensing and comparing their surroundings, two or more devices can tell whether they are copresent and use this information to make access control decisions. To the best of our knowledge, all context-based copresence verification mechanisms to date are susceptible to context-manipulation attacks. In such attacks, a distributed adversary replicates the same context at the (different) locations of the victim devices, and induces them to believe that they are copresent. In this paper we propose DoubleEcho, a context-based copresence verification technique that leverages acoustic Room Impulse Response (RIR) to mitigate context-manipulation attacks. In DoubleEcho, one device emits a wide-band audible chirp and all participating devices record reflections of the chirp from the surrounding environment. Since RIR is, by its very nature, dependent on the physical surroundings, it constitutes a unique location signature that is hard for an adversary to replicate. We evaluate DoubleEcho by collecting RIR data with various mobile devices and in a range of different locations. We show that DoubleEcho mitigates context-manipulation attacks whereas all other approaches to date are entirely vulnerable to such attacks. DoubleEcho detects copresence (or lack thereof) in roughly 2 seconds and works on commodity devices.

KW - Acoustic

KW - Context-manipulation attack

KW - Copresence verification

KW - Reverberation time

KW - Room impulse response

UR - http://www.scopus.com/inward/record.url?scp=85070217444&partnerID=8YFLogxK

U2 - 10.1109/PERCOM.2019.8767404

DO - 10.1109/PERCOM.2019.8767404

M3 - Conference article in proceedings

BT - 2019 IEEE International Conference on Pervasive Computing and Communications, PerCom 2019

PB - IEEE

Y2 - 12 March 2019 through 14 March 2019

ER -

DoubleEcho: Mitigating context-manipulation attacks in copresence verification

Abstract

Conference

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this