Drone to the Rescue: Relay-Resilient Authentication using Ambient Multi-sensing

Many mobile and wireless authentication systems are prone to relay attacks whereby two non co-presence colluding entities can subvert the authentication functionality by simply relaying the data between a legitimate prover (P) and verifier (V). Examples include payment systems involving NFC and RFID devices, and zero-interaction token-based authentication approaches. Utilizing the contextual information to determine P-V proximity, or lack thereof, is a recently proposed approach to defend against relay attacks. Prior work considered WiFi, Bluetooth, GPS and Audio as different contextual modalities for the purpose of relay-resistant authentication. In this paper, we explore purely ambient physical sensing capabilities to address the problem of relay attacks in authentication systems. Specifically, we consider the use of four new sensor modalities, ambient temperature, precision gas, humidity, and altitude, for P-V proximity detection. Using an off-the-shelf ambient sensing platform, called Sensordrone, connected to Android devices, we show that combining these different modalities provides a robust proximity detection mechanism, yielding very low false positives (security against relay attacks) and very low false negatives (good usability). Such use of multiple ambient sensor modalities offers unique security advantages over traditional sensors (WiFi, Bluetooth, GPS or Audio) because it requires the attacker to simultaneously manipulate the multiple characteristics of the physical environment.