Sensor-based Proximity Detection in the Face of Active Adversaries
This addresses a security problem for mobile authentication systems by exposing vulnerabilities to context-manipulating attacks, representing an incremental assessment of existing methods.
The paper tackled the vulnerability of sensor-based proximity detection systems to active adversaries who manipulate sensor readings, demonstrating that attackers can consistently control acoustic and physical environment sensors using low-cost equipment to defeat co-presence detection. It found that both features-fusion and decisions-fusion sensor fusion approaches are vulnerable, though decisions-fusion is more resistant in some cases.
Contextual proximity detection (or, co-presence detection) is a promising approach to defend against relay attacks in many mobile authentication systems. We present a systematic assessment of co-presence detection in the presence of a context-manipulating attacker. First, we show that it is feasible to manipulate, consistently control and stabilize the readings of different acoustic and physical environment sensors (and even multiple sensors simultaneously) using low-cost, off-the-shelf equipment. Second, based on these capabilities, we show that an attacker who can manipulate the context gains a significant advantage in defeating context-based co-presence detection. For systems that use multiple sensors, we investigate two sensor fusion approaches based on machine learning techniques: features-fusion and decisions-fusion, and show that both are vulnerable to contextual attacks but the latter approach can be more resistant in some cases.