Séminaire Hien Truong/25 avril/10h/A008
Title: Security based on Contextual Co-presence Detection
Abstract: Although the security research community no longer takes security and usability to be mutually contradictory goals, simultaneously accomplishing security and usability goals continues to be a challenge. We addressed this challenge by investigating a promising approach: exploiting contextual information. We began by addressing a specific example problem: zero-interaction authentication schemes are essential for usability in certain situations, but are vulnerable to relay attacks. “Passive keyless entry and start” systems such as “Keyless- Go” are intended to increase the usability of car access control systems. They allow the owner of a car to unlock car doors merely by physically approaching the car without having to take the key out to perform any other action, such as pressing a button on the car key. This is an instance of proximity-based “zero interaction authentication” (ZIA). The standard defense against relay attack using techniques for distance-bounding is often impractical. A more realistic approach is to have the parties sense their respective current ambient context along multiple modalities and compare them to see if they can conclude that they are co-present in the same context. We took an experimental approach to answer basic question of “how to determine contextual co-presence?” which requires answering a number of sub-questions. Zero interaction authentication approaches are deployed predominantly based on the verifier detecting the proximity of the user’s personal device, or a security token, by running authentication protocol over a short-range wireless communication channel. We proposed a solution using multiple sensors to collect contextual data to detect co-presence of the prover and verifier. Modern computing devices are equipped with many “sensors” like microphones, wireless networking interfaces, global positioning system (GPS) receivers and so on. A device can extract information from such sensors that are characteristics of context. By having two mutually trusting devices exchange and compare context information, they can determine if they are co-present or not. Although prior works constitute an important step towards addressing the hard problem of resisting relay attacks using off-the-shelf hardware, they leave several important questions unexplored. We did the first work that fairly compares the performance of different sensor modalities in resisting relay attacks against ZIA based on contextual co-presence. We proved the feasibility of using different context (Radio Frequency, physical ambient) to design security solution resisting relay attacks.
Bio
Hien Truong received the Ph.D of Computer Science from INRIA and Universite de Lorraine in France in 2012. Since then she has been working as a postdoctoral researcher at the Department of Computer Science, University of Helsinki in Finland. Her research interests include Information Security, Privacy and Trust for Distributed Systems, and Mobile Security. In current research, she focuses on applying machine learning and data analysis techniques to solve various security problems such as predicting mobile malware, defending against relay attacks in wireless communication channels. She has conducted research activities collaboratively with industrial partners including Intel Collaborative Research Institute for Secure Computing (ICRI-SC) in Finland and NTT Cyber Solutions Laboratories (NTT Labs) in Japan.
