Towards device-to-user authentication: Protecting against phishing hardware by ensuring mobile device authenticity using vibration patterns

Rainhard Dieter Findling; René Mayrhofer

doi:10.1145/2836041.2836053

Towards device-to-user authentication: Protecting against phishing hardware by ensuring mobile device authenticity using vibration patterns

Rainhard Dieter Findling, René Mayrhofer

Ei julkaistu Aalto-yliopiston affiliaatiolla

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference contribution › Scientific › vertaisarvioitu

4 Sitaatiot (Scopus)

Abstrakti

Users usually authenticate to mobile devices before using them (e.g. PIN, password), but devices do not do the same to users. Revealing the authentication secret to a non-authenticated device potentially enables attackers to obtain the secret, by replacing the device with an identical-looking malicious device. The revealed authentication secret could be transmitted to the attackers immediately, who then conveniently authenticate to the real device. Addressing this attack scenario, we analyze different approaches towards mobile device-to-user (D2U) authentication, for which we provide an overview of advantages/drawbacks, potential risks and device authentication data bandwidth estimations. We further analyze vibration as one D2U feedback channel that is unobtrusive and hard to eavesdrop, including a user study to estimate vibration pattern recognition using a setup of '7 bits per second (b/s). Study findings indicate that users are able to distinguish vibration patterns with median correctness of 97.5% (without taking training effects into account) - which indicates that vibration could act as authentication feedback channel and should be investigated further in future research.

Alkuperäiskieli	Englanti
Otsikko	MUM 2015 - Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia
Toimittajat	Enrico Rukzio, Michael Roland, Rene Mayrhofer, Clemens Holzmann, Jonna Hakkila
Kustantaja	ACM
Sivut	131-135
Sivumäärä	5
Vuosikerta	30-November-2015
ISBN (elektroninen)	9781450336055
DOI - pysyväislinkit	https://doi.org/10.1145/2836041.2836053
Tila	Julkaistu - 30 marraskuuta 2015
OKM-julkaisutyyppi	A4 Artikkeli konferenssijulkaisuussa
Tapahtuma	International Conference on Mobile and Ubiquitous Multimedia - Linz, Itävalta Kesto: 30 marraskuuta 2015 → 2 joulukuuta 2015 Konferenssinumero: 14

Conference

Conference	International Conference on Mobile and Ubiquitous Multimedia
Lyhennettä	MUM
Maa	Itävalta
Kaupunki	Linz
Ajanjakso	30/11/2015 → 02/12/2015

Pääsy asiakirjaan

10.1145/2836041.2836053

Link to publication in Scopus

Sormenjälki Sukella tutkimusaiheisiin 'Towards device-to-user authentication: Protecting against phishing hardware by ensuring mobile device authenticity using vibration patterns'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä

Findling, R. D., & Mayrhofer, R. (2015). Towards device-to-user authentication: Protecting against phishing hardware by ensuring mobile device authenticity using vibration patterns. teoksessa E. Rukzio, M. Roland, R. Mayrhofer, C. Holzmann, & J. Hakkila (Toimittajat), MUM 2015 - Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia (Vuosikerta 30-November-2015, Sivut 131-135). ACM. https://doi.org/10.1145/2836041.2836053

Findling, Rainhard Dieter ; Mayrhofer, René. / Towards device-to-user authentication : Protecting against phishing hardware by ensuring mobile device authenticity using vibration patterns. MUM 2015 - Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia. Toimittaja / Enrico Rukzio ; Michael Roland ; Rene Mayrhofer ; Clemens Holzmann ; Jonna Hakkila. Vuosikerta 30-November-2015 ACM, 2015. Sivut 131-135

@inproceedings{4239e568330448d7b5a2e4d77cb95021,

title = "Towards device-to-user authentication: Protecting against phishing hardware by ensuring mobile device authenticity using vibration patterns",

abstract = "Users usually authenticate to mobile devices before using them (e.g. PIN, password), but devices do not do the same to users. Revealing the authentication secret to a non-authenticated device potentially enables attackers to obtain the secret, by replacing the device with an identical-looking malicious device. The revealed authentication secret could be transmitted to the attackers immediately, who then conveniently authenticate to the real device. Addressing this attack scenario, we analyze different approaches towards mobile device-to-user (D2U) authentication, for which we provide an overview of advantages/drawbacks, potential risks and device authentication data bandwidth estimations. We further analyze vibration as one D2U feedback channel that is unobtrusive and hard to eavesdrop, including a user study to estimate vibration pattern recognition using a setup of '7 bits per second (b/s). Study findings indicate that users are able to distinguish vibration patterns with median correctness of 97.5% (without taking training effects into account) - which indicates that vibration could act as authentication feedback channel and should be investigated further in future research.",

keywords = "Feedback, Mobile authentication, Phishing hardware, Vibration",

author = "Findling, {Rainhard Dieter} and Ren{\'e} Mayrhofer",

year = "2015",

month = nov,

day = "30",

doi = "10.1145/2836041.2836053",

language = "English",

volume = "30-November-2015",

pages = "131--135",

editor = "Enrico Rukzio and Michael Roland and Rene Mayrhofer and Clemens Holzmann and Jonna Hakkila",

booktitle = "MUM 2015 - Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia",

publisher = "ACM",

note = "International Conference on Mobile and Ubiquitous Multimedia, MUM ; Conference date: 30-11-2015 Through 02-12-2015",

}

Findling, RD & Mayrhofer, R 2015, Towards device-to-user authentication: Protecting against phishing hardware by ensuring mobile device authenticity using vibration patterns. julkaisussa E Rukzio, M Roland, R Mayrhofer, C Holzmann & J Hakkila (toim), MUM 2015 - Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia. Vuosikerta 30-November-2015, ACM, Sivut 131-135, International Conference on Mobile and Ubiquitous Multimedia, Linz, Itävalta, 30/11/2015. https://doi.org/10.1145/2836041.2836053

Towards device-to-user authentication : Protecting against phishing hardware by ensuring mobile device authenticity using vibration patterns. / Findling, Rainhard Dieter; Mayrhofer, René.

MUM 2015 - Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia. toim. / Enrico Rukzio; Michael Roland; Rene Mayrhofer; Clemens Holzmann; Jonna Hakkila. Vuosikerta 30-November-2015 ACM, 2015. s. 131-135.

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference contribution › Scientific › vertaisarvioitu

TY - GEN

T1 - Towards device-to-user authentication

T2 - International Conference on Mobile and Ubiquitous Multimedia

AU - Findling, Rainhard Dieter

AU - Mayrhofer, René

N1 - Conference code: 14

PY - 2015/11/30

Y1 - 2015/11/30

N2 - Users usually authenticate to mobile devices before using them (e.g. PIN, password), but devices do not do the same to users. Revealing the authentication secret to a non-authenticated device potentially enables attackers to obtain the secret, by replacing the device with an identical-looking malicious device. The revealed authentication secret could be transmitted to the attackers immediately, who then conveniently authenticate to the real device. Addressing this attack scenario, we analyze different approaches towards mobile device-to-user (D2U) authentication, for which we provide an overview of advantages/drawbacks, potential risks and device authentication data bandwidth estimations. We further analyze vibration as one D2U feedback channel that is unobtrusive and hard to eavesdrop, including a user study to estimate vibration pattern recognition using a setup of '7 bits per second (b/s). Study findings indicate that users are able to distinguish vibration patterns with median correctness of 97.5% (without taking training effects into account) - which indicates that vibration could act as authentication feedback channel and should be investigated further in future research.

AB - Users usually authenticate to mobile devices before using them (e.g. PIN, password), but devices do not do the same to users. Revealing the authentication secret to a non-authenticated device potentially enables attackers to obtain the secret, by replacing the device with an identical-looking malicious device. The revealed authentication secret could be transmitted to the attackers immediately, who then conveniently authenticate to the real device. Addressing this attack scenario, we analyze different approaches towards mobile device-to-user (D2U) authentication, for which we provide an overview of advantages/drawbacks, potential risks and device authentication data bandwidth estimations. We further analyze vibration as one D2U feedback channel that is unobtrusive and hard to eavesdrop, including a user study to estimate vibration pattern recognition using a setup of '7 bits per second (b/s). Study findings indicate that users are able to distinguish vibration patterns with median correctness of 97.5% (without taking training effects into account) - which indicates that vibration could act as authentication feedback channel and should be investigated further in future research.

KW - Feedback

KW - Mobile authentication

KW - Phishing hardware

KW - Vibration

UR - http://www.scopus.com/inward/record.url?scp=84959294149&partnerID=8YFLogxK

U2 - 10.1145/2836041.2836053

DO - 10.1145/2836041.2836053

M3 - Conference contribution

AN - SCOPUS:84959294149

VL - 30-November-2015

SP - 131

EP - 135

BT - MUM 2015 - Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia

A2 - Rukzio, Enrico

A2 - Roland, Michael

A2 - Mayrhofer, Rene

A2 - Holzmann, Clemens

A2 - Hakkila, Jonna

PB - ACM

Y2 - 30 November 2015 through 2 December 2015

ER -

Findling RD, Mayrhofer R. Towards device-to-user authentication: Protecting against phishing hardware by ensuring mobile device authenticity using vibration patterns. julkaisussa Rukzio E, Roland M, Mayrhofer R, Holzmann C, Hakkila J, toimittajat, MUM 2015 - Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia. Vuosikerta 30-November-2015. ACM. 2015. s. 131-135 https://doi.org/10.1145/2836041.2836053