ToAuth: Towards Automatic Near Field Authentication for Smartphones

Near field authentication is of great importance for a range of applications, and has attracted many research efforts in the past decades. Several approaches have been developed and demonstrated their feasibility. The state-of-art works, however, still have much room to improve their automation and usability. First, user assistance is required in most existing approaches, which will be easily observed and imitated by attackers. Second, the authentications of several works heavily depend on special hardware, e.g., Server or high resolution screen, which greatly restricts their application scenarios. In this paper, we present a near field authentication system Tooth that needs little human assistance and is compatible with most smart phones. ToAuth is based on the key insight that the acceleration traces are similar for a pair of smart phones when they are contacting physically and vibrating. The random vibration patterns are sufficiently uncertain to provide high entropy to generate a pair of cryptographic keys yet are inimitable for a third party who does not get in touch with the vibration source. ToAuth leverages the keys to make authentication for smart phones. We implement ToAuth on Android platform and evaluate its performance under various scenarios. Extensive experiments demonstrate ToAuth could achieve around 90% success rate in stable environment, and prevent attacks depended on vibration noise.

[1]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[2]  Vibhor Sharma,et al.  Near Field Communication , 2013, Encyclopedia of Biometrics.

[3]  Andrew Odlyzko,et al.  On Longest Increasing Subsequences in Random Permutations , 1998 .

[4]  Mario Huemer,et al.  Key Generation Based on Acceleration Data of Shaking Processes , 2007, UbiComp.

[5]  Nitesh Saxena,et al.  Authentication technologies for the blind or visually impaired , 2009 .

[6]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[7]  Guoliang Xue,et al.  Near field authentication for smart devices , 2013, 2013 Proceedings IEEE INFOCOM.

[8]  Hui Li,et al.  Privacy and Authentication Protocol for Mobile RFID Systems , 2014, Wirel. Pers. Commun..

[9]  Yiming Yang,et al.  An Evaluation of Statistical Approaches to Text Categorization , 1999, Information Retrieval.

[10]  Sheli McHugh,et al.  Near Field Communication: Introduction and Implications , 2012 .

[11]  Jizhong Zhao,et al.  Twins: Device-free object tracking using passive tags , 2013, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[12]  Wei Xi,et al.  CBID: A Customer Behavior Identification System Using Passive Tags , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[13]  René Mayrhofer,et al.  Shake Well Before Use: Authentication Based on Accelerometer Data , 2007, Pervasive.

[14]  Ulrike Meyer,et al.  A man-in-the-middle attack on UMTS , 2004, WiSe '04.

[15]  Aggelos Kiayias,et al.  Robust key generation from signal envelopes in wireless networks , 2007, CCS '07.

[16]  DAVID G. KENDALL,et al.  Introduction to Mathematical Statistics , 1947, Nature.

[17]  Lujo Bauer,et al.  Don't Bump, Shake on It: the exploitation of a popular accelerometer-based smart phone exchange and its secure replacement , 2011, ACSAC '11.

[18]  Jun Li,et al.  Crowd++: unsupervised speaker count with smartphones , 2013, UbiComp.

[19]  Kuo-Ching Liu,et al.  A privacy and authentication protocol for mobile RFID system , 2014 .

[20]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[21]  Three Different Measures of Sample Skewness and Kurtosis and their Effects on the Jarque-Bera Test for Normality , 2011 .