Transparent authentication (TA) schemes are those in which a user is authenticated by a verifier without requiring explicit user interaction. Those schemes promise high usability and security simultaneously. Many TA schemes rely on the received signal strength as an indicator for the proximity of a user device (prover). However, such implicit proximity verification is not secure against an adversary who can relay messages. In this paper, we propose a novel approach for thwarting relay attacks in TA schemes: the prover permits access to authentication credentials only if it can confirm that it is near the verifier. We present TRec, a system for relay-resilient transparent authentication in which the prover does proximity verification by identifying its approach trajectory to the intended verifier and comparing it with known authorized reference trajectories. Trajectories are measured using low-cost sensors commonly available on personal devices. We demonstrate the security of TRec against a class of adversaries and its ease-of-use by analyzing empirical data, collected using a TRec prototype. TRec is efficient and can be easily integrated into existing TA schemes.
|Number of pages||12|
|Publication status||Published - 2016|
|MoE publication type||D4 Published development or research report or study|