short-paper

Towards device-to-user authentication: protecting against phishing hardware by ensuring mobile device authenticity using vibration patterns

Authors:

Rainhard Dieter Findling,

René MayrhoferAuthors Info & Claims

MUM '15: Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia

Pages 131 - 135

https://doi.org/10.1145/2836041.2836053

Published: 30 November 2015 Publication History

Abstract

Users usually authenticate to mobile devices before using them (e.g. PIN, password), but devices do not do the same to users. Revealing the authentication secret to a non-authenticated device potentially enables attackers to obtain the secret, by replacing the device with an identical-looking malicious device. The revealed authentication secret could be transmitted to the attackers immediately, who then conveniently authenticate to the real device. Addressing this attack scenario, we analyze different approaches towards mobile device-to-user (D2U) authentication, for which we provide an overview of advantages/drawbacks, potential risks and device authentication data bandwidth estimations. We further analyze vibration as one D2U feedback channel that is unobtrusive and hard to eavesdrop, including a user study to estimate vibration pattern recognition using a setup of ~7 bits per second (b/s). Study findings indicate that users are able to distinguish vibration patterns with median correctness of 97.5% (without taking training effects into account) -- which indicates that vibration could act as authentication feedback channel and should be investigated further in future research.

References

[1]

Joshua Adkins, Genevieve Flaspohler, and Prabal Dutta. 2015. Ving: Bootstrapping the Desktop Area Network with a Vibratory Ping. In The 2nd ACM Workshop on Hot Topics in Wireless (HotWireless'15). Paris, France.

Digital Library

[2]

Lorrie Faith Cranor and Simson Garfinkel. 2008. Security and Usability. O'Reilly Media.

[3]

M. Hansen, R. Hill, and S. Wimberly. 2012. Detecting covert communication on Android. In Local Computer Networks (LCN), 2012 IEEE 37th Conference on. 300-303.

Digital Library

[4]

Robin Heydon. 2012. Bluetooth Low Energy: The Developer's Handbook. Prentice Hall.

[5]

Daniel Hintze, Rainhard Dieter Findling, Sebastian Scholz, and René Mayrhofer. 2014. Mobile Device Usage Characteristics: The Effect of Context and Form Factor on Locked and Unlocked Usage. In Proc. MoMM 2014: 12th International Conference on Advances in Mobile Computing and Multimedia. ACM Press, New York, NY, USA, 105-114.

Digital Library

[6]

Tim Kindberg, Chris Bevan, Eamonn O'Neill, James Mitchell, Jim Grimmett, and Dawn Woodgate. 2009. Authenticating Ubiquitous Services: A Study of Wireless Hotspot Access. In Proceedings of the 11th International Conference on Ubiquitous Computing (UbiComp '09). ACM, New York, NY, USA, 115-124.

Digital Library

[7]

M. Long and D. Durham. 2007. Human Perceivable Authentication: An Economical Solution for Security Associations in Short-Distance Wireless Networking. In Computer Communications and Networks, 2007. ICCCN 2007. Proceedings of 16th International Conference on. 257-264.

[8]

Rene Mayrhofer and Hans Gellersen. 2007. On the Security of Ultrasound as Out-of-band Channel. In Parallel and Distributed Processing Symposium, 2007. IPDPS 2007. IEEE International. IEEE, 1--6.

[9]

R. Mayrhofer and H. Gellersen. 2009. Shake Well Before Use: Intuitive and Secure Pairing of Mobile Devices. Mobile Computing, IEEE Transactions on 8, 6 (2009), 792-806.

Digital Library

[10]

Eric Rescorla. 2000. SSL and TLS: Designing and Building Secure Systems. Addison-Wesley Professional.

[11]

Ronald L. Rivest and Adi Shamir. 1984. How to Expose an Eavesdropper. Commun. ACM 27, 4 (April 1984), 393-394.

Digital Library

[12]

P. C. Roberts, L. P. Benofsky, W. G. Holt, L. H. Johnson, M. J. Bryant, and N. I. Nussbaum. 2009. Systems and methods for demonstrating authenticity of a virtual machine using a security image. (July 21 2009). https://www.google.com/patents/US7565535 US Patent 7,565,535.

[13]

P. C. Roberts, L. P. Benofsky, W. G. Holt, L. H. Johnson, B. M. Willman, and M. J. Bryant. 2010. Systems and methods for determining if applications executing on a computer system are trusted. (May 18 2010). https://www.google.com/patents/US7721094 US Patent 7,721,094.

[14]

Nirupam Roy, Mahanth Gowda, and Romit Roy Choudhury. 2015. Ripple: Communicating through Physical Vibration. In 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15). USENIX Association, Oakland, CA, 265--278. httpps://www.usenix.org/conference/nsdi15/technical-sessions/presentation/roy

Digital Library

[15]

Claudio Soriente, Gene Tsudik, and Ersin Uzun. 2008. HAPADEP: Human-Assisted Pure Audio Device Pairing. In Information Security, Tzong-Chen Wu, Chin-Laung Lei, Vincent Rijmen, and Der-Tsai Lee (Eds.). Lecture Notes in Computer Science, Vol. 5222. Springer Berlin Heidelberg, 385-400.

Digital Library

[16]

Emanuel von Zezschwitz, Paul Dunphy, and Alexander De Luca. 2013. Patterns in the wild: a field study of the usability of pattern and pin-based authentication on mobile devices. In Proc. of the 15th international conference on Human-computer interaction with mobile devices and services (MobileHCI '13). ACM, New York, NY, USA, 261-270.

Digital Library

[17]

T. Yonezawa, J. Nakazawa, and H. Tokuda. 2015. Vinteraction: Vibration-based information transfer for smart devices. In Mobile Computing and Ubiquitous Networking (ICMU), 2015 Eighth International Conference on. 155-160.

Cited By

Dittrich JFindling R(2024)Good Vibes! Towards Phone-to-User Authentication Through Wristwatch VibrationsAdvances in Mobile Computing and Multimedia Intelligence10.1007/978-3-031-78049-3_3(24-30)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1007/978-3-031-78049-3_3
Zhao GDu BShen YLao ZCui LWen H(2021)LeaD: Learn to Decode Vibration-based Communication for Intelligent Internet of ThingsACM Transactions on Sensor Networks10.1145/344025017:3(1-25)Online publication date: 21-Jun-2021
https://dl.acm.org/doi/10.1145/3440250
Sen SKotz DDavidsson PLangheinrich M(2020)VibeRingProceedings of the 10th International Conference on the Internet of Things10.1145/3410992.3410995(1-8)Online publication date: 6-Oct-2020
https://dl.acm.org/doi/10.1145/3410992.3410995
Show More Cited By

Index Terms

Towards device-to-user authentication: protecting against phishing hardware by ensuring mobile device authenticity using vibration patterns
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. Interaction devices
      1. Haptic devices
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Usability in security and privacy

Recommendations

Mobile Authentication Scheme Using SMS
SSME '09: Proceedings of the 2009 IITA International Conference on Services Science, Management and Engineering

Identity authentication is the first line of defense in the security application system to access the mobile network resources. However, as the means of attacking become variety, new requirements have been brought forward for the technology of identity ...
WYK: Mobile Device Authentication Using the User’s Address Book
Emerging Technologies for Authorization and Authentication
Abstract
Authenticating a user the correct way is paramount to IT systems, where the risk is growing more and more in number and complexity. This is specially important in mobile phones, where a number of applications require continuous device ...
The Case for Mobile Two-Factor Authentication

Mobile two-factor authentication systems can provide three security guarantees. First, a compromised PIN won't provide a way to authenticate an attacker or provide any extra information about the corresponding phone. Second, a stolen phone won't provide ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

MUM '15: Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia

November 2015

442 pages

ISBN:9781450336055

DOI:10.1145/2836041

General Chairs:
Clemens Holzmann
University of Applied Sciences Upper Austria, Hagenberg, Austria
,
René Mayrhofer
Johannes Kepler University Linz, Linz, Austria
,
Program Chairs:
Jonna Häkkilä
University of Lapland
,
Enrico Rukzio
University of Ulm
,
Publications Chair:
Michael Roland
University of Applied Sciences Upper Austria

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

FH OOE: University of Applied Sciences Upper Austria
Johannes Kepler Univ Linz: Johannes Kepler Universität Linz

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 November 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

MUM '15

Sponsor:

FH OOE
Johannes Kepler Univ Linz

MUM '15: 14th International Conference on Mobile and Ubiquitous Multimedia

November 30 - December 2, 2015

Linz, Austria

Acceptance Rates

MUM '15 Paper Acceptance Rate 33 of 89 submissions, 37%;

Overall Acceptance Rate 190 of 465 submissions, 41%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
239
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Dittrich JFindling R(2024)Good Vibes! Towards Phone-to-User Authentication Through Wristwatch VibrationsAdvances in Mobile Computing and Multimedia Intelligence10.1007/978-3-031-78049-3_3(24-30)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1007/978-3-031-78049-3_3
Zhao GDu BShen YLao ZCui LWen H(2021)LeaD: Learn to Decode Vibration-based Communication for Intelligent Internet of ThingsACM Transactions on Sensor Networks10.1145/344025017:3(1-25)Online publication date: 21-Jun-2021
https://dl.acm.org/doi/10.1145/3440250
Sen SKotz DDavidsson PLangheinrich M(2020)VibeRingProceedings of the 10th International Conference on the Internet of Things10.1145/3410992.3410995(1-8)Online publication date: 6-Oct-2020
https://dl.acm.org/doi/10.1145/3410992.3410995
Lee KRaghunathan VRaghunathan AKim Y(2018)SYNCVIBE: Fast and Secure Device Pairing through Physical Vibration on Commodity Smartphones2018 IEEE 36th International Conference on Computer Design (ICCD)10.1109/ICCD.2018.00043(234-241)Online publication date: Oct-2018
https://doi.org/10.1109/ICCD.2018.00043
Li FChen HSong XZhang QLi YWang Y(2017)CondioSensePersonal and Ubiquitous Computing10.1007/s00779-016-0981-121:1(17-29)Online publication date: 1-Feb-2017
https://dl.acm.org/doi/10.1007/s00779-016-0981-1
Vassilakis VPanaousis EMouratidis H(2016)Security Challenges of Small Cell as a Service in Virtualized Mobile Edge Computing EnvironmentsInformation Security Theory and Practice10.1007/978-3-319-45931-8_5(70-84)Online publication date: 17-Sep-2016
https://doi.org/10.1007/978-3-319-45931-8_5

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents