Presentation is loading. Please wait.

Presentation is loading. Please wait.

S OUND -P ROOF : U SABLE T WO -F ACTOR A UTHENTICATION B ASED ON A MBIENT S OUND Nikolaos Karapanos, Claudio marforio, Claudio Soriente and Srdjan Capkun.

Published byBarry Sherman Modified over 9 years ago

Similar presentations

Presentation on theme: "S OUND -P ROOF : U SABLE T WO -F ACTOR A UTHENTICATION B ASED ON A MBIENT S OUND Nikolaos Karapanos, Claudio marforio, Claudio Soriente and Srdjan Capkun."— Presentation transcript:

1 S OUND -P ROOF : U SABLE T WO -F ACTOR A UTHENTICATION B ASED ON A MBIENT S OUND Nikolaos Karapanos, Claudio marforio, Claudio Soriente and Srdjan Capkun Institute of Information Security ETH Zurich Presenter: Rongdong Chai

2 Weakness Password-Only authentication sometimes is weak Password => The word helping hacker pass your account

3 Helpless? You Attacker

4 What to do 2 factor-authentication – Is it a good solusion? Protect online accounts when password leaked Require extra steps to log in – SMS – Portable device – Online code

5 Related Work Traditional 2FA – Hardware tokens – Software tokens Reduced-Interaction 2FA – Short-range Radio Communication – Near-ultrasound – Location Information – Other sensors

6 Assumptions Attacker gained username and password Attacker goal => authenticate to servers Attacker wins if s/he convice servers that s/he hold the second authentication.

7 Assumptions User phone CANNOT be compromised Compromised phone = password-only authentication(one factor) User computer CANNOT be compromised Man-In-The-Browser attack -> hijack user’s session => defeat any 2FA mechanism

8 Ignore Co-located attacker Man-In-The-Middle adversary [29] On the effective prevention of TLS man-in-the-middle attacks in web applications Give me your phone or you die!

9 Important Background One-thrid Octave Bands – Roughly 20Hz – 20kHz – 10-> 1/3; 1->1/2 Cross-correlation – Standard measurement of two time series

10 Sound-Proof Architecture Similarity Computation Block

11 Sound-Proof Overview

12 Sound-Proof Weakness Quiet Environment – User-made noise Co-located Attacks – Secure phone-computer channel – User-phone interaction

13 Implementation Web Server and Browser Software Token Time Synchronization Run-time Overload

14 Evaluation Important Parameters – Average power threshold – Highest clock difference experienced – Cross-correlation threshold – Contiguous octave bounds

15 FRR/FAR with τ C

16 FRR/FAR in different cases

17 Environment Impact on FRR

18 User Activity

19 Phone Position

20 Phone Model

21 Computer

22 User Study Goal: -- evaluate Sound-Proof -- compare with Google 2FA User unaware of the difference System Usability Scale(SUS) score

23 Results Demographics SUS Scores Login Time Failure Rates Post-test Questionnaire

24 Addition Software and Hardware Requirements Other Browsers Privacy Quiet Environments Fallback to Code-based 2FA Failed Login Attempts and Throttling Login Evidence Continuous Authentication Alternative Devices Logins from the Phone Comparative Analysis

25 Contributions Propose Sound-Proof Prototype for both Android and iOS Conduct user study

26 Conclusion 2FA mechanism – Sound-Proof Work even in pocket/purse More usable than Google 2FA Prefer to use Foster large-scale adoption

27 Quiz Questions What will the author do if the ambient sound is too low? What are the 2 reasons that makes the majority of users to choose Sound-Proof? Is Sound-Proof 100% secure? Why?

28 Thank You!

Download ppt "S OUND -P ROOF : U SABLE T WO -F ACTOR A UTHENTICATION B ASED ON A MBIENT S OUND Nikolaos Karapanos, Claudio marforio, Claudio Soriente and Srdjan Capkun."

Similar presentations

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.
Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).

Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
A mobile single sign-on system Master thesis 2006 Mats Byfuglien.

A mobile single sign-on system Master thesis 2006 Mats Byfuglien.
User-centric Handling of Identity Agent Compromise Daisuke Mashima Dr. Mustaque Ahamad Swagath Kannan College of Computing Georgia Institute of Technology.

User-centric Handling of Identity Agent Compromise Daisuke Mashima Dr. Mustaque Ahamad Swagath Kannan College of Computing Georgia Institute of Technology.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug 2013 - scotthel.me.

Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)
OIRA / IT November 2014 Instructor Course Evaluation (ICE) Instructors’ Manual.

OIRA / IT November 2014 Instructor Course Evaluation (ICE) Instructors’ Manual.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Users Are Not Dependable How to make security indicators that protect them better Min Wu, Simson Garfinkel, Robert Miller MIT Computer Science and Artificial.

Users Are Not Dependable How to make security indicators that protect them better Min Wu, Simson Garfinkel, Robert Miller MIT Computer Science and Artificial.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Analysis of the Communication between Colluding Applications on Modern Smartphones Claudio Marforio 1, Hubert Ritzdorf 1, Aurélien Francillon 2, Srdjan.

Analysis of the Communication between Colluding Applications on Modern Smartphones Claudio Marforio 1, Hubert Ritzdorf 1, Aurélien Francillon 2, Srdjan.
Mobile phone based environment control/security system Christopher Carroll B.E. Electronic and Computer Engineering.

Mobile phone based environment control/security system Christopher Carroll B.E. Electronic and Computer Engineering.
SSH: An Internet Protocol By Anja Kastl IS 373 - World Wide Web Standards.

SSH: An Internet Protocol By Anja Kastl IS World Wide Web Standards.
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.

Similar presentations

Ads by Google