Abstract
Our objective is to create a transparent authentication factor using existing hardware and information already present. Transparent authentication refers to not burdening the user with interaction, and therefore a transparent authentication factor is applicable not only at the beginning of a session but continuously during an authenticated session. We choose to utilize the WiFi environment of a user, as it is ubiquitous in terms of the presence of WiFi signals and user hardware. As we intend our contribution as an addition to stand-alone passwords or existing multifactor-authentication schemes, we decided to build on the concept of separated authentication channels used in state-of-the-art multifactor authentication. To do so, we require two devices. Measuring the WiFi environment from two points enables us to use the proximity of devices as the additional authentication claim. In this work, we demonstrate that it is feasible to use WiFi to identify the proximity of devices. We analyze two scenarios, a semi-densely populated apartment environment and a densely populated office environment in terms of WiFi access points. In the apartment scenario, we show that SPAWN provides at least as much entropy as a traditional password, while not requiring the user to retype a low-entropy token. In the office scenario, this amount of entropy can still be derived in 74% of the measures. By applying private set metrics, we investigate and demonstrate that a device’s proximity can be employed as an authentication factor without compromising privacy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Crawford, H., Ahmadzadeh, E.: Authentication on the go: assessing the effect of movement on mobile device keystroke dynamics. In: Thirteenth Symposium on Usable Privacy and Security, pp. 163–173 (2017)
Crawford, H., Renaud, K.: Understanding user perceptions of transparent authentication on a mobile device. J. Trust Manage. 1, 1–28 (2014)
Dee, T., Richardson, I., Tyagi, A.: Continuous transparent mobile device touchscreen soft keyboard biometric authentication. In: 32nd International Conference on VLSI Design, pp. 539–540. IEEE (2019)
Ghose, N., Gupta, K., Lazos, L., Li, M., Xu, Z., Li, J.: ZITA: zero-interaction two-factor authentication using contact traces and in-band proximity verification. IEEE Trans. Mob. Comput. 23, 6318–6333 (2023)
Richard, P.: Security: active authentication. IT Professional 15(4), 4–7 (2013)
Han, D., Chen, Y., Li, T., Zhang, R., Zhang, Y., Hedgpeth, T.: Proximity-proof: secure and usable mobile two-factor authentication. In: Proceedings of the 24th Annual International Conference on Mobile Computing and Networking, pp. 401–415 (2018)
Jaccard, P.: Étude comparative de la distribution florale dans une portion des alpes et des jura. Bull. Soc. Vaudoise Sci. Nat. 37, 547–579 (1901)
Jakubeit, P., Peter, A., van Steen, M.: The measurable environment as nonintrusive authentication factor on the example of WiFi beacon frames. In: Saracino, A., Mori, P. (eds.)International Workshop on Emerging Technologies for Authorization and Authentication, pp. 48–69. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-25467-3_4
Jakubeit, P., Peter, A., van Steen, M.: LocKey: location-based key extraction from the WiFi environment in the user’s vicinity. In: Proceedings of the Eighteenth International Conference on Information Security Practice and Experience (2023)
Jolfaei, A.A., Mala, H., Zarezadeh, M.: EO-PSI-CA: efficient outsourced private set intersection cardinality. J. Inf. Secur. Appl. 65, 102996 (2022)
Kelsey, J., Chang, S., Perlner, R.: Nist special publication 800–185: sha-3 derived functions: cshake, kmac, tuplehash and parallelhash. Tech. Rep., National Institute of Standards and Technology, Gaithersburg, MD (2016)
Konig, R., Renner, R., Schaffner, C.: The operational meaning of min-and max-entropy. IEEE Trans. Inf. Theory 55, 4337–4347 (2009)
Li, Z., Wang, H., Fang, H.: Group-based cooperation on symmetric key generation for wireless body area networks. IEEE Internet Things J. 4(6), 1955–1963 (2017)
LastPass by LogMeIn. The 3rd annual global password security report. Tillgänglig (2019). https://lp-cdn.lastpass.com/lporcamedia/document-library/lastpass/pdf/en/LMI0828a-IAM-LastPass-State-of-the-Password-Report. pdf
Luo, Z., Wang, W., Qu, J., Jiang, T., Zhang, Q.: ShieldScatter: improving IoT security with backscatter assistance. In: Proceedings of the 16th ACM conference on Embedded Networked Sensor Systems, pp. 185–198 (2018)
Pierson, T.J., Peters, T., Peterson, R., Kotz, D.: Proximity detection with single-antenna IoT devices. In: The 25th Annual International Conference on Mobile Computing and Networking, pp. 1–15 (2019)
Pinkas, B., Schneider, T., Weinert, C., Wieder, U.: Efficient circuit-based PSI via cuckoo hashing. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 125–157. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_5
Prove. State of MFA Report (2023). https://www.prove.com/blog/prove-identity-2023-state-of-mfa-report-consumer-attitudes-multi-factor-authentication
Primo, A., Phoha, V.V., Kumar, R., Serwadda, A.: Context-aware active authentication using smartphone accelerometer measurements. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops, pp. 98–105 (2014)
Rosulek, M., Trieu, N.: Compact and malicious private set intersection for small sets. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 1166–1181 (2021)
Shah, S.W., Kanhere, S.S.: Wi-Auth: Wifi based second factor user authentication. In: Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, pp. 393–402 (2017)
NIST special Publication 800-79-2. Guidelines for the authorization of personal identity (2022). https://www.nist.gov/itl/applied-cybersecurity/back-basics-multi-factor-authentication-mfa
Trivedi, A., Zakaria, C., Balan, R., Becker, A., Corey, G., Shenoy, P.: WiFiTrace: network-based contact tracing for infectious diseases using passive WiFi sensing. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 5(1), 1–26 (2021)
van de Kamp, T., Stritzl, D., Jonker, W., Peter, A.: Two-client and multi-client functional encryption for set intersection. In: Jang-Jaccard, J., Guo, F. (eds.) ACISP 2019. LNCS, vol. 11547, pp. 97–115. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21548-4_6
WiFi Alliance: WiFi Direct (2023). https://www.wi-fi.org/discover-wi-fi/wi-fi-direct
Wigle: WiFi Network Database (2022). https://wigle.net/
Yuen, B., et al.: Wi-fi and bluetooth contact tracing without user intervention. IEEE Access 10, 91027–91044 (2022)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 IFIP International Federation for Information Processing
About this paper
Cite this paper
Jakubeit, P., Peter, A., van Steen, M. (2024). SPAWN: Seamless Proximity-Based Authentication by Utilizing the Existent WiFi Environment. In: Bouzefrane, S., Sauveron, D. (eds) Information Security Theory and Practice. WISTP 2024. Lecture Notes in Computer Science, vol 14625. Springer, Cham. https://doi.org/10.1007/978-3-031-60391-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-031-60391-4_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-60390-7
Online ISBN: 978-3-031-60391-4
eBook Packages: Computer ScienceComputer Science (R0)