Ambient audio authentication

Jia-Ning Luo; Meng-Hsuan Tsai; Nai-Wei Lo; Chih-Yang Kao; Ming-Hour Yang; Jia-Ning Luo; Meng-Hsuan Tsai; Nai-Wei Lo; Chih-Yang Kao; Ming-Hour Yang

doi:10.3934/mbe.2019327

Mathematical Biosciences and Engineering

2019, Volume 16, Issue 6: 6562-6586. doi: 10.3934/mbe.2019327

Previous Article Next Article

Research article Special Issues

Ambient audio authentication

1.
Department of Information and Telecommunications, Ming Chuan University, Taiwan
2.
Department of Information Management, National Taiwan University of Science and Technology, Taiwan
3.
Department of Information and Computer Engineering, Chung Yuan Christian University, Taiwan

Received: 01 April 2019 Accepted: 01 July 2019 Published: 15 July 2019

In the IoT environment, many terminal devices are deployed in unattended areas. If these devices are moved elsewhere by an attacker, the wrong environmental sensing values are obtained, which causes a major disaster. In this paper, we propose an ambient authentication mechanism based on audio to be used in multi-factor authentication by using the ambient sensors equipped with a smart phone. An ultrasonic signal that is not detectable by the human ear was transmitted by the authenticator, and the attenuated signal received by the user being authenticated was transmitted back to the authentication server. The transmitted and received decoded symbol sequences of the audio signal are used to calculated the bit error rate, which is used to measure the relative distance. Our proposed method can narrow the authentication distance to less than 0.5 meters, which can greatly improve the security of the authentication system.
- multi-factor authentication,
- ambient authentication
Citation: Jia-Ning Luo, Meng-Hsuan Tsai, Nai-Wei Lo, Chih-Yang Kao, Ming-Hour Yang. Ambient audio authentication[J]. Mathematical Biosciences and Engineering, 2019, 16(6): 6562-6586. doi: 10.3934/mbe.2019327

Related Papers:

Abstract

In the IoT environment, many terminal devices are deployed in unattended areas. If these devices are moved elsewhere by an attacker, the wrong environmental sensing values are obtained, which causes a major disaster. In this paper, we propose an ambient authentication mechanism based on audio to be used in multi-factor authentication by using the ambient sensors equipped with a smart phone. An ultrasonic signal that is not detectable by the human ear was transmitted by the authenticator, and the attenuated signal received by the user being authenticated was transmitted back to the authentication server. The transmitted and received decoded symbol sequences of the audio signal are used to calculated the bit error rate, which is used to measure the relative distance. Our proposed method can narrow the authentication distance to less than 0.5 meters, which can greatly improve the security of the authentication system.

References

[1]	S. Babar, A. Stango, N. Prasad, et al., Proposed embedded security framework for internet of things (IoT), in 2011 2^nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE) , IEEE, (2011), 1–5.
[2]	C. M. Chen, B. Xiang, Y. Liu, et al., A secure authentication protocol for internet of vehicles, IEEE Access, 7 (2019), 12047–12057.
[3]	J. C. W. Lin, J. M. T. Wu, P. Fournier-Viger, et al., A sanitization approach to secure shared data in an IoT environment, Multimed. Tools Appl., 75 (2016), 14075–14087.
[4]	K. H. Wang, C. M. Chen, W. Fang, et al., On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags, J. Supercomput., 74 (2018), 65–70.
[5]	H. Xiong and Z. Qin, Revocable and scalable certificateless remote authentication protocol with anonymity for wireless body area networks, IEEE T. Inf. Foren. Sec., 10 (2015), 1442–1455.
[6]	T. Y. Wu, C. M. Chen, K. H. Wang, et al., A provably secure certificateless public key encryption with keyword search, J. Chin. Inst. Eng., 42 (2019), 20–28.
[7]	H. Xiong, Y. Zhao, L. Peng, et al., Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing, Future Gener. Comp. Sy., 97 (2019), 453–461.
[8]	J. N. Luo and M. H. Yang, A mobile authentication system resists to shoulder-surfing attacks, Multimed. Tools Appl., 75 (2016), 14075–14087.
[9]	J. N. Luo, M. H. Yang and C. L. Tsai, An anti-shoulder-surfing authentication scheme of mobile device, J. Internet Technol., 19 (2018), 1263–1272.
[10]	K. H. Yeh, C. Su, W. Chiu, et al., I walk, therefore I am: continuous user authentication with plantar biometrics, IEEE Commun. Mag., 56 (2018), 150–157.
[11]	L. Zhou, C. Su, W. Chiua, et al., You think, therefore you are: transparent authentication system with brainwave-oriented bio-features for IoT networks, IEEE T. Emerg. Top. Com., (2017).
[12]	M. Gao, X. Hu, B. Cao, et al., Fingerprint sensors in mobile devices, in 2014 9^th IEEE Conference on Industrial Electronics and Applications, IEEE, (2014), 1437–1440.
[13]	A. Roy, N. Memon and A. Ross, Masterprint: Exploring the vulnerability of partial fingerprint-based authentication systems, IEEE T. Inf. Foren. Sec., 12 (2017), 2013–2025.
[14]	A. Bud, Facing the future: The impact of apple Face ID, Biometric Technol. Today, 2018 (2018), 5–7.
[15]	GSMA.com, SS7 vulnerabilities and attack exposure report 2018, 2018. Available from: https://www.gsma.com/membership/ss7-vulnerabilities-and-attack-exposure-report-2018/.
[16]	Google Inc., Google authenticator open source, 2018. Available from: https://github.com/google/google-authenticator.
[17]	FIDO Alliance, FIDO (Fast IDentity Online) Alliance, 2018. Available from: https://fidoalliance.org.
[18]	FIDO Alliance, FIDO speficication 1.0, 2014. Available from: https://fidoalliance.org/fido-1-0-specifications-published-and-final/.
[19]	FIDO Alliance, FIDO UAF architectural overview, 2017. Available from: https: //fidoalliance.org/specs/fido-uaf-v1.1-ps-20170202/fido-uaf-protocol-v1. 1-ps-20170202.html.
[20]	FIDO Alliance, FIDO Universal 2nd factor (U2F) overview, 2017. Available from: https: //fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-overview-v1. 2-ps-20170411.html.
[21]	W. Choi, M. Seo and D. H. Lee, Sound-proximity: 2-factor authentication against relay attack on passive keyless entry and start system, J. Adv. Transport., (2018), 1–13.
[22]	J. Krumm and K. Hinckley, The nearme wireless proximity server, in International Conference on Ubiquitous Computing, Springer, (2004), 283–300.
[23]	A. Levi, E. C¸etintas ¸, M. Aydos, et al., Relay attacks on bluetooth authentication and solutions, in International Symposium on Computer and Information Sciences, Springer, (2004), 278–288.
[24]	A. Francillon, B. Danev and S. Capkun, Relay attacks on passive keyless entry and start systems in modern cars, in Proceedings of the Network and Distributed System Security Symposium (NDSS), Internet Society, (2011).
[25]	L. Francis, G. Hancke, K. Mayes, et al., Practical NFC peer-to-peer relay attack using mobile phones, in International Workshop on Radio Frequency Identification: Security and Privacy Is-sues, Springer, (2010), 35–49.
[26]	B. Shrestha, M. Shirvanian, P. Shrestha, et al., The sounds of the phones: Dangers of zero-effort second factor login based on ambient audio, in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ACM, (2016), 908–919.
[27]	A. Varshavsky, A. Scannell, A. LaMarca, et al., Amigo: Proximity-based authentication of mobile devices, in International Conference on Ubiquitous Computing, Springer, (2007), 253–270.
[28]	Wireless Cables Inc., Aircable, 2019. Available from: https://www.aircable.net/extend.php.
[29]	D. Schürmann and S. Sigg, Secure communication based on ambient audio, IEEE T. Mobile Com-put., 12 (2013), 358–370.
[30]	M. Miettinen, N. Asokan, T. D. Nguyen, et al., Context-based zero-interaction pairing and keyevolution for advanced personal devices, in Proceedings of the 2014 ACM SIGSAC Conferenceon Computer and Communications Security, ACM, (2014), 880–891.
[31]	B. Shrestha, N. Saxena, H. T. T. Truong, et al., Drone to the rescue: Relay-resilient authenticationusing ambient multi-sensing, in International Conference on Financial Cryptography and DataSecurity, Springer, (2014), 349–364.
[32]	M. Shirvanian, S. Jarecki, N. Saxena, et al., Two-factor authentication resilient to server com-promise using mix-bandwidth devices, in Proceedings of the Network and Distributed SystemSecurity Symposium (NDSS), Internet Society, (2014).
[33]	T. K. Hon, L. Wang, J. D. Reiss, et al., Audio fingerprinting for multi-device self-localization, IEEE/ACM Transactions on Audio, Speech and Language Processing (TASLP), 23 (2015), 1623–1636.
[34]	N. Nguyen, S. Sigg, A. Huynh, et al., Using ambient audio in secure mobile phone communication,in 2012 IEEE International Conference on Pervasive Computing and Communications Workshops, IEEE, (2012), 431–434.
[35]	N. Karapanos, C. Marforio, C. Soriente, et al., Sound-proof: usable two-factor authenticationbased on ambient sound, in 24^th USENIX Security Symposium (USENIX Security 15), (2015),483–498.
[36]	D. Arp, E. Quiring, C. Wressnegger, et al., Privacy threats through ultrasonic side channels onmobile devices, 2017 IEEE European Symposium on Security and Privacy (EuroS&P), (2017),35–47.
[37]	L. Blue, H. Abdullah, L. Vargas, et al., 2MA - Verifying Voice Commands via Two Microphone Authentication., in AsiaCCS 2018, (2018), 89–100.
[38]	M. Wang, W. T. Zhu, S. Yan, et al., SoundAuth: Secure Zero-Effort Two-Factor Authentication Based on Audio Signals, in 2018 IEEE Conference on Communications and Network Security (CNS), IEEE, (2018), 1–9.
[39]	L. Deshotels, Inaudible sound as a covert channel in mobile devices, in 8^th USENIX Workshop on Offensive Technologies (WOOT 14), (2014).

Reader Comments

Your name:*

Email:*
© 2019 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)