ABLE: Zero-effort Two-factor Authentication Exploiting BLE Co-location
Author
Abstract

Two-factor authentication (2FA) offers very important security enhancement to traditional username-password authentication, while in many cases incurring undesirable user burdens (e.g., entering a one-time verification code sent to a phone via SMS). Some zero-effort authentication techniques (e.g., Sound-Proof) have been proposed to relieve such burdens without degrading security, but are vulnerable to prediction attacks and co-existence attacks. This paper proposes ABLE, a zeroeffort 2FA approach based on co-location detection leveraging environmental Bluetooth Low Energy (BLE) signal characteristics. In this approach, a laptop on which the user tries to authenticate to a web server, and the user’s smartphone placed nearby which is trusted by the server, both collect and send a record of environmental BLE signal characteristics to the server. The server decides whether the two devices are colocated by evaluating the similarity of the two records, and makes the authentication decision. ABLE is constructed based on the fact that only two devices in close proximity share similar environmental signal characteristics, which distinguishes a legitimate user device from potential adversaries. Due to its location-sensitive nature, combining favorable features brought with the BLE protocol, ABLE is gifted with good resistance to attacks that threaten existing zero-effort authentication schemes. ABLE is not only immune to remote attackers, but also achieves an accuracy over 90\% even against co-present attackers.

Year of Publication
2022
Date Published
apr
Publisher
IEEE
Conference Location
Austin, TX, USA
ISBN Number
978-1-66544-266-4
URL
https://ieeexplore.ieee.org/document/9771745/
DOI
10.1109/WCNC51071.2022.9771745
Google Scholar | BibTeX | DOI