WiLock: Exploiting Wireless Signals for Device-Free Continuous Authentication

Mobile devices use time-based de-authentication to secure themselves against un-authorized users, and usually lock themselves after a pre- defined time of inactivity, known as "lock-out time". The technique is effective, however lack of an adaptive de-authentication mechanism may limit the usability and security: if the lock-out time is too short, the usability suffers from requirement of frequent and possibly unnecessary user authentications, and if too long, the security suffers from an increased window of opportunity for lunch-time attacks. In this paper, we propose WiLock; a WiFi-assisted proximity-based device locking technique, to complement the traditional authentication and de-authentication mechanism on the mobile devices in simplistic but highly common scenarios, to avoid unnecessary de- authentication of the user and to secure devices against lunch-time attacks. We introduce the concept of "Personal Space" (PS) as a safe zone around the device in which the solo presence of the user is considered safe. This approach adopts analyzing wireless signals received at the device to sense human presence in device proximity and make security- aware decisions on locking the device. Physical proximity of the device, along with the presence and relative locations of human objects in it as an authentication factor has been studied and is shown to be effective for enhancing security and usability of mobile devices. After benchmarking different classifiers, we adopt a k-NN based learning method to classify collected information into lock and unlock classes. Our evaluation through extensive experiments on real collected data using off-the-shelf WiFi equipments confirms our scheme's performance and shows an average detection accuracy of 92.62% and 78.73% for stationary and moving objects respectively in the experiment's environment and setting.

[1]  Ryan J. Halter,et al.  A wearable system that knows who wears it , 2014, MobiSys.

[2]  Rong Li,et al.  Privacy Leakage in Mobile Sensing: Your Unlock Passwords Can Be Leaked through Wireless Hotspot Functionality , 2016, Mob. Inf. Syst..

[3]  Wei Wang,et al.  Understanding and Modeling of WiFi Signal Based Human Activity Recognition , 2015, MobiCom.

[4]  Ivan Martinovic,et al.  Using Reflexive Eye Movements for Fast Challenge-Response Authentication , 2016, CCS.

[5]  Aggelos K. Katsaggelos,et al.  Audio-Visual Biometrics , 2006, Proceedings of the IEEE.

[6]  N. Asokan,et al.  Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation Attacks , 2015, NDSS.

[7]  Jie Yang,et al.  E-eyes: device-free location-oriented activity identification using fine-grained WiFi signatures , 2014, MobiCom.

[8]  Sean W. Smith,et al.  Healthcare information technology's relativity problems: a typology of how patients' physical reality, clinicians' mental models, and healthcare information technology differ , 2014, J. Am. Medical Informatics Assoc..

[9]  Kaishun Wu,et al.  We Can Hear You with Wi-Fi! , 2016, IEEE Trans. Mob. Comput..

[10]  Mauro Roisenberg,et al.  Continuous Authentication by Keystroke Dynamics Using Committee Machines , 2006, ISI.

[11]  Brian D. Noble,et al.  Protecting applications with transient authentication , 2003, MobiSys '03.

[12]  Wei Wang,et al.  Keystroke Recognition Using WiFi Signals , 2015, MobiCom.

[13]  Ivan Martinovic,et al.  Preventing Lunchtime Attacks: Fighting Insider Threats With Eye Movement Biometrics , 2015, NDSS.

[14]  David Kotz,et al.  ZEBRA: Zero-Effort Bilateral Recurring Authentication , 2014, IEEE Symposium on Security and Privacy.

[15]  Gene Tsudik,et al.  Authentication using pulse-response biometrics , 2017, NDSS.

[16]  Sean W. Smith,et al.  Preventative Directions For Insider Threat Mitigation Via Access Control , 2008, Insider Attack and Cyber Security.