Proximity Verification Based on Acoustic Room Impulse Response

Device proximity verification has a wide range of security applications such as proximity authentication, multi-factor authentication, group-membership management and many more. To achieve high ease-of-use, a recently proposed class of solutions exploit contextual information captured by onboard sensors including radio (Wi-Fi, Bluetooth and GPS receivers), ambient sounds (microphones), movement (accelerometers) and physical environment (light, temperature and humidity) to facilitate the verification process with minimal user involvement. Active acoustic methods have some advantages over many others: they work indoors, they can take the shape of the enclosure and barriers into account, they don't require pre-installed infrastructure and they are relatively fast. In this paper we propose R-Prox, an approach for proximity (copresence) verification based on acoustic Room Impulse Response (RIR). In R-Prox, one device actively emits a short, wide-band audible chirp and all participating devices record reflections of the chirp from the surrounding environment. From this impulse response signal, we extract features on different frequency bands and compare them for a copresence verdict. We evaluate our method by collecting RIR data with various Commercial Off-The-Shelf (COTS) mobile devices in different rooms. We then train a binary classification model to determine copresence using RIR features. In our experiments we show R-Prox to be sensitive, with false negative verdicts can be as low as 0.059 of the true copresence cases. Although R-Prox's false positive rate is not as low (in case rooms are likely having similar acoustic RIR), we show that it can be effectively combined with schemes like Sound-Proof (which suffers from high false positive rates in some adversarial settings) so that the resulting system has high accuracy.

[1]  M. Schroeder New Method of Measuring Reverberation Time , 1965 .

[2]  René Mayrhofer,et al.  Shake Well Before Use: Intuitive and Secure Pairing of Mobile Devices , 2009, IEEE Transactions on Mobile Computing.

[3]  Stephan Sigg,et al.  Secure Communication Based on Ambient Audio , 2013, IEEE Transactions on Mobile Computing.

[4]  Gerhard Tröster,et al.  RoomSense: an indoor positioning system for smartphones using active sound probing , 2013, AH.

[5]  Gerhard P. Hancke,et al.  Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones , 2010, RFIDSec.

[6]  M. Schroeder Integrated‐impulse method measuring sound decay without using impulses , 1979 .

[7]  Xiang Gao,et al.  Comparing and fusing different sensor modalities for relay attack resistance in Zero-Interaction Authentication , 2014, 2014 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[8]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[9]  Geoffrey E. Hinton,et al.  Deep Learning , 2015, Nature.

[10]  Srdjan Capkun,et al.  Secure positioning in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[11]  Di Ma,et al.  Secure Proximity Detection for NFC Devices Based on Ambient Sensor Data , 2012, ESORICS.

[12]  Nitesh Saxena,et al.  The Sounds of the Phones: Dangers of Zero-Effort Second Factor Login based on Ambient Audio , 2016, CCS.

[13]  N. Asokan,et al.  Drone to the Rescue: Relay-Resilient Authentication using Ambient Multi-sensing , 2014, Financial Cryptography.

[14]  Mary Baker,et al.  The sound of silence , 2013, SenSys '13.

[15]  Xinyu Zhang,et al.  Ubiquitous keyboard for small mobile devices: harnessing multipath fading for fine-grained keystroke localization , 2014, MobiSys.

[16]  Ming Jin,et al.  SoundLoc: Acoustic Method for Indoor Localization without Infrastructure , 2014, ArXiv.

[17]  Guobin Shen,et al.  BeepBeep: a high accuracy acoustic ranging system using COTS mobile devices , 2007, SenSys '07.

[18]  Malcolm J. Hawksford,et al.  Distortion immunity of MLS-derived impulse response measurements , 1993 .

[19]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[20]  Kang G. Shin,et al.  EchoTag: Accurate Infrastructure-Free Indoor Location Tagging with Smartphones , 2015, MobiCom.

[21]  Srdjan Capkun,et al.  Realization of RF Distance Bounding , 2010, USENIX Security Symposium.

[22]  Claudio Soriente,et al.  Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound , 2015, USENIX Security Symposium.

[23]  Steven J. Murdoch,et al.  Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks , 2007, USENIX Security Symposium.

[24]  Wade Trappe,et al.  ProxiMate: proximity-based secure pairing using ambient wireless signals , 2011, MobiSys '11.

[25]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[26]  Eyal de Lara,et al.  Amigo: Proximity-Based Authentication of Mobile Devices , 2007, UbiComp.

[27]  Brian D. Noble,et al.  Zero-interaction authentication , 2002, MobiCom '02.

[28]  Geoffrey E. Hinton,et al.  Visualizing Data using t-SNE , 2008 .

[29]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[30]  Claude Castelluccia,et al.  Shake them up!: a movement-based pairing protocol for CPU-constrained devices , 2005, MobiSys '05.

[31]  A. Harter,et al.  A distributed location system for the active office , 1994, IEEE Network.

[32]  Angelo Farina,et al.  Simultaneous Measurement of Impulse Response and Distortion with a Swept-Sine Technique , 2000 .

[33]  Petteri Nurmi,et al.  Using contextual co-presence to strengthen Zero-Interaction Authentication:Design, integration and usability , 2015 .

[34]  Blake Hannaford,et al.  "Are You with Me?" - Using Accelerometers to Determine If Two Devices Are Carried by the Same Person , 2004, Pervasive.

[35]  Guy-Bart Stan,et al.  Comparison of different impulse response measurement techniques , 2002 .

[36]  N. Aoshima Computer‐generated pulse signal applied for sound measurement , 1981 .

[37]  Tadayoshi Kohno,et al.  RFIDs and secret handshakes: defending against ghost-and-leech attacks and unauthorized reads with context-aware communications , 2008, CCS.

[38]  John Krumm,et al.  The NearMe Wireless Proximity Server , 2004, UbiComp.

[39]  N. Asokan,et al.  Contextual Proximity Detection in the Face of Context-Manipulating Adversaries , 2015, ArXiv.

[40]  Ahmad-Reza Sadeghi,et al.  I Know Where You are: Proofs of Presence Resilient to Malicious Provers , 2015, AsiaCCS.

[41]  Dan Boneh,et al.  Location Privacy via Private Proximity Testing , 2011, NDSS.