Towards Device-to-User Authentication: Protecting Against Phishing Hardware by Ensuring Mobile Device Authenticity using Vibration Patterns

Rainhard Dieter Findling; Rene Mayrhofer

doi:10.1145/2836041.2836053

Towards Device-to-User Authentication: Protecting Against Phishing Hardware by Ensuring Mobile Device Authenticity using Vibration Patterns

Rainhard Dieter Findling, Rene Mayrhofer

Publikation: Beitrag in Buch/Bericht/Tagungsband › Konferenzbeitrag › Begutachtung

9 Zitate (Scopus)

Abstract

Users usually authenticate to mobile devices before using them (e.g. PIN, password), but devices do not do the same to users. Revealing the authentication secret to a non-authenticated device potentially enables attackers to obtain the secret, by replacing the device with an identical-looking malicious device. The revealed authentication secret could be transmitted to the attackers immediately, who then conveniently authenticate to the real device. Addressing this attack scenario, we analyze different approaches towards mobile device-to-user (D2U) authentication, for which we provide an overview of advantages/drawbacks, potential risks and device authentication data bandwidth estimations. We further analyze vibration as one D2U feedback channel that is unobtrusive and hard to eavesdrop, including a user study to estimate vibration pattern recognition using a setup of ~7 bits per second (b/s). Study findings indicate that users are able to distinguish vibration patterns with median correctness of 97.5% (without taking training effects into account) - which indicates that vibration could act as authentication feedback channel and should be investigated further in future research.

Originalsprache	Englisch
Titel	MUM 2015 - Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia
Redakteure/-innen	Enrico Rukzio, Michael Roland, Rene Mayrhofer, Clemens Holzmann, Jonna Hakkila
Herausgeber (Verlag)	ACM Press
Seiten	131-135
Seitenumfang	5
ISBN (elektronisch)	9781450336055
DOIs	https://doi.org/10.1145/2836041.2836053
Publikationsstatus	Veröffentlicht - 30 Nov. 2015
Veranstaltung	14th International Conference on Mobile and Ubiquitous Multimedia (MUM 2015) - Linz, Österreich Dauer: 30 Nov. 2015 → 2 Dez. 2015 http://www.mum-conf.org/2015/

Publikationsreihe

Name	ACM International Conference Proceeding Series
Band	30-November-2015

Konferenz

Konferenz	14th International Conference on Mobile and Ubiquitous Multimedia (MUM 2015)
Land/Gebiet	Österreich
Ort	Linz
Zeitraum	30.11.2015 → 02.12.2015
Internetadresse	http://www.mum-conf.org/2015/

Schlagwörter

Phishing hardware
mobile authentication
vibration
feedback

Zugriff auf Dokument

10.1145/2836041.2836053

Andere Dateien und Links

Link zur Publikation in Scopus

Zitieren

Findling, R. D., & Mayrhofer, R. (2015). Towards Device-to-User Authentication: Protecting Against Phishing Hardware by Ensuring Mobile Device Authenticity using Vibration Patterns. in E. Rukzio, M. Roland, R. Mayrhofer, C. Holzmann, & J. Hakkila (Hrsg.), MUM 2015 - Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia (S. 131-135). (ACM International Conference Proceeding Series; Band 30-November-2015). ACM Press. https://doi.org/10.1145/2836041.2836053

Findling, Rainhard Dieter ; Mayrhofer, Rene. / Towards Device-to-User Authentication: Protecting Against Phishing Hardware by Ensuring Mobile Device Authenticity using Vibration Patterns. MUM 2015 - Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia. Hrsg. / Enrico Rukzio ; Michael Roland ; Rene Mayrhofer ; Clemens Holzmann ; Jonna Hakkila. ACM Press, 2015. S. 131-135 (ACM International Conference Proceeding Series).

@inproceedings{28395ab9d92c4b759c783e8f62cf5913,

title = "Towards Device-to-User Authentication: Protecting Against Phishing Hardware by Ensuring Mobile Device Authenticity using Vibration Patterns",

abstract = "Users usually authenticate to mobile devices before using them (e.g. PIN, password), but devices do not do the same to users. Revealing the authentication secret to a non-authenticated device potentially enables attackers to obtain the secret, by replacing the device with an identical-looking malicious device. The revealed authentication secret could be transmitted to the attackers immediately, who then conveniently authenticate to the real device. Addressing this attack scenario, we analyze different approaches towards mobile device-to-user (D2U) authentication, for which we provide an overview of advantages/drawbacks, potential risks and device authentication data bandwidth estimations. We further analyze vibration as one D2U feedback channel that is unobtrusive and hard to eavesdrop, including a user study to estimate vibration pattern recognition using a setup of ~7 bits per second (b/s). Study findings indicate that users are able to distinguish vibration patterns with median correctness of 97.5% (without taking training effects into account) - which indicates that vibration could act as authentication feedback channel and should be investigated further in future research.",

keywords = "Phishing hardware, mobile authentication, vibration, feedback, Phishing hardware, mobile authentication, vibration, feedback, Vibration, Feedback, Mobile authentication",

author = "Findling, {Rainhard Dieter} and Rene Mayrhofer",

year = "2015",

month = nov,

day = "30",

doi = "10.1145/2836041.2836053",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "ACM Press",

pages = "131--135",

editor = "Enrico Rukzio and Michael Roland and Rene Mayrhofer and Clemens Holzmann and Jonna Hakkila",

booktitle = "MUM 2015 - Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia",

note = "14th International Conference on Mobile and Ubiquitous Multimedia (MUM 2015) ; Conference date: 30-11-2015 Through 02-12-2015",

url = "http://www.mum-conf.org/2015/",

}

Findling, RD & Mayrhofer, R 2015, Towards Device-to-User Authentication: Protecting Against Phishing Hardware by Ensuring Mobile Device Authenticity using Vibration Patterns. in E Rukzio, M Roland, R Mayrhofer, C Holzmann & J Hakkila (Hrsg.), MUM 2015 - Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia. ACM International Conference Proceeding Series, Bd. 30-November-2015, ACM Press, S. 131-135, 14th International Conference on Mobile and Ubiquitous Multimedia (MUM 2015), Linz, Österreich, 30.11.2015. https://doi.org/10.1145/2836041.2836053

Towards Device-to-User Authentication: Protecting Against Phishing Hardware by Ensuring Mobile Device Authenticity using Vibration Patterns. / Findling, Rainhard Dieter; Mayrhofer, Rene.
MUM 2015 - Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia. Hrsg. / Enrico Rukzio; Michael Roland; Rene Mayrhofer; Clemens Holzmann; Jonna Hakkila. ACM Press, 2015. S. 131-135 (ACM International Conference Proceeding Series; Band 30-November-2015).

Publikation: Beitrag in Buch/Bericht/Tagungsband › Konferenzbeitrag › Begutachtung

TY - GEN

T1 - Towards Device-to-User Authentication: Protecting Against Phishing Hardware by Ensuring Mobile Device Authenticity using Vibration Patterns

AU - Findling, Rainhard Dieter

AU - Mayrhofer, Rene

PY - 2015/11/30

Y1 - 2015/11/30

N2 - Users usually authenticate to mobile devices before using them (e.g. PIN, password), but devices do not do the same to users. Revealing the authentication secret to a non-authenticated device potentially enables attackers to obtain the secret, by replacing the device with an identical-looking malicious device. The revealed authentication secret could be transmitted to the attackers immediately, who then conveniently authenticate to the real device. Addressing this attack scenario, we analyze different approaches towards mobile device-to-user (D2U) authentication, for which we provide an overview of advantages/drawbacks, potential risks and device authentication data bandwidth estimations. We further analyze vibration as one D2U feedback channel that is unobtrusive and hard to eavesdrop, including a user study to estimate vibration pattern recognition using a setup of ~7 bits per second (b/s). Study findings indicate that users are able to distinguish vibration patterns with median correctness of 97.5% (without taking training effects into account) - which indicates that vibration could act as authentication feedback channel and should be investigated further in future research.

AB - Users usually authenticate to mobile devices before using them (e.g. PIN, password), but devices do not do the same to users. Revealing the authentication secret to a non-authenticated device potentially enables attackers to obtain the secret, by replacing the device with an identical-looking malicious device. The revealed authentication secret could be transmitted to the attackers immediately, who then conveniently authenticate to the real device. Addressing this attack scenario, we analyze different approaches towards mobile device-to-user (D2U) authentication, for which we provide an overview of advantages/drawbacks, potential risks and device authentication data bandwidth estimations. We further analyze vibration as one D2U feedback channel that is unobtrusive and hard to eavesdrop, including a user study to estimate vibration pattern recognition using a setup of ~7 bits per second (b/s). Study findings indicate that users are able to distinguish vibration patterns with median correctness of 97.5% (without taking training effects into account) - which indicates that vibration could act as authentication feedback channel and should be investigated further in future research.

KW - Phishing hardware

KW - mobile authentication

KW - vibration

KW - feedback

KW - Phishing hardware

KW - mobile authentication

KW - vibration

KW - feedback

KW - Vibration

KW - Feedback

KW - Mobile authentication

UR - http://www.scopus.com/inward/record.url?scp=84959294149&partnerID=8YFLogxK

U2 - 10.1145/2836041.2836053

DO - 10.1145/2836041.2836053

M3 - Conference contribution

T3 - ACM International Conference Proceeding Series

SP - 131

EP - 135

BT - MUM 2015 - Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia

A2 - Rukzio, Enrico

A2 - Roland, Michael

A2 - Mayrhofer, Rene

A2 - Holzmann, Clemens

A2 - Hakkila, Jonna

PB - ACM Press

T2 - 14th International Conference on Mobile and Ubiquitous Multimedia (MUM 2015)

Y2 - 30 November 2015 through 2 December 2015

ER -

Findling RD, Mayrhofer R. Towards Device-to-User Authentication: Protecting Against Phishing Hardware by Ensuring Mobile Device Authenticity using Vibration Patterns. in Rukzio E, Roland M, Mayrhofer R, Holzmann C, Hakkila J, Hrsg., MUM 2015 - Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia. ACM Press. 2015. S. 131-135. (ACM International Conference Proceeding Series). doi: 10.1145/2836041.2836053

Towards Device-to-User Authentication: Protecting Against Phishing Hardware by Ensuring Mobile Device Authenticity using Vibration Patterns

Abstract

Publikationsreihe

Konferenz

Schlagwörter

Zugriff auf Dokument

Andere Dateien und Links

Fingerprint

Zitieren