Proximity-Proof: Secure And Usable Mobile Two-Factor Authentication

Authors:
Dianqi Han Arizona State University
Yimin Chen Arizona State University
Tao Li Arizona State University
Rui Zhang University of Delaware
Yanchao Zhang Arizona State University
Terri Hedgpeth Arizona State University

Introduction:

Current mobile two-factor authentication (2FA) solutions all require some form of user effort which may seriously affect the experience of mobile users. In this paper, the authors propose ProximityProof, a secure and usable mobile 2FA system without involving user interactions.

Abstract:

Mobile two-factor authentication (2FA) has become commonplace along with the popularity of mobile devices. Current mobile 2FA solutions all require some form of user efort which may seriously afect the experience of mobile users, especially senior citizens or those with disability such as visually impaired users. In this paper, we propose ProximityProof, a secure and usable mobile 2FA system without involving user interactions. Proximity-Proof automatically transmits a user's 2FA response via inaudible OFDM-modulated acoustic signals to the login browser. We propose a novel technique to extract individual speaker and microphone fingerprints of a mobile device to defend against the powerful man-in-the-middle (MiM) attack. In addition, ProximityProof explores two-way acoustic ranging to thwart the colocated attack. To the best of our knowledge, Proximity-Proof is the first mobile 2FA scheme resilient to the MiM and colocated attacks. We empirically analyze that Proximity-Proof is at least as secure as existing mobile 2FA solutions while being highly usable. We also prototype Proximity-Proof and confirm its high security, usability, and eficiency through comprehensive user experiments.

You may want to know: