• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • Research Projects
  • Publications
  • People
  • Teaching
  • Media Outreach
  • News Archive

SPIES Lab, Computer Science and Engineering

Texas A&M University College of Engineering

Contextual Security

Zero-Interaction Authentication (ZIA) refers to approaches that authenticate a user to a verifier (terminal) without any user interaction. Currently deployed ZIA solutions are predominantly based on the terminal detecting the proximity of the user’s personal device, or a security token, by running an authentication protocol over a short-range wireless communication channel. Unfortunately, this simple approach is highly vulnerable to low-cost and practical relay attacks which completely offset the usability benefits of ZIA. The use of contextual information, gathered via on-board sensors, to detect the co-presence of the user and the verifier is a recently proposed mechanism to resist relay attacks.

Zero Interaction Authentication (Benign Scenario)

Figure 1: Zero Interaction Authentication (Benign Scenario)

As a case in point, we systematically investigate the performance of different sensor modalities for co-presence detection with respect to a standard Dolev-Yao adversary. We compare the performance of four commonly available sensor modalities (Wi-Fi, Bluetooth, GPS, and Audio) in resisting ZIA relay attacks. Further, we compare four new ambient environment sensor modalities, ambient temperature, precision gas, humidity, and altitude utilizing an off-the-shelf device called Sensordrone. Then, we show that, compared to any single modality, fusing multiple modalities improves resilience against ZIA relay attacks while retaining a high level of usability. Finally, we motivate the need for a stronger adversarial model to characterize an attacker who can compromise the integrity of context sensing itself. We show that in the presence of such a powerful attacker, each individual sensor modality offers very low security. Positively, the use of multiple sensor modalities improves security against such an attacker if the attacker cannot compromise multiple modalities simultaneously.

Zero Interaction Authentication (Attack Scenario)

Figure 2: Zero Interaction Authentication (Attack Scenario)

People

Faculty

  • Nitesh Saxena

Student

  • Babins Shrestha (PhD student; Now Sr. Information Security Analyst at VISA Inc.)

External Collaborators:

  • Xiang Gao (MS student; University of Helsinki; Now Software Engineer at LiveRing)
  • Hien Thi Thu Truong (Postdoctoral Researcher; University of Helsinki; Now Research Scientist at NEC Laboratories Europe GmbH)
  • Petteri Nurmi (Senior Researcher; University of Helsinki; Now Lecturer at Lancaster University)
  • N. Asokan (Professor; Aalto University and University of Helsinki)

Publication

  • Sensor-based Proximity Detection in the Face of Active Adversaries
    Babins Shrestha, Nitesh Saxena, Hien Truong and N. Asokan.
    In IEEE Transactions on Mobile Computing (TMC),
    [pdf]
  • Drone to the rescue: Relay-resilient authentication using ambient multi-sensing
    Babins Shrestha, Nitesh Saxena, Hien Thi Thu Truong, N Asokan
    International Conference on Financial Cryptography and Data Security (FC), March 2014
    [pdf]
  • Comparing and fusing different sensor modalities for relay attack resistance in zero-interaction authentication
    Hien Thi Thu Truong, Xiang Gao, Babins Shrestha, Nitesh Saxena, N Asokan, Petteri Nurmi
    IEEE International Conference on Pervasive Computing and Communications (PerCom), March 2014
    [pdf]
  • Using contextual co-presence to strengthen Zero-Interaction Authentication: Design, integration and usability
    Hien Thi Thu Truong, Xiang Gao, Babins Shrestha, Nitesh Saxena, N Asokan, Petteri Nurmi
    Pervasive and Mobile Computing (PMC), Vol: 16, 2015
    [doi]

Recent News

  • “Neuro Security” work got a MURI award from AFOSR March 22, 2023
  • Paper accepted to Oakland 2023 March 14, 2023
  • Paper (conditionally) accepted to MobiSys 2023 February 27, 2023
  • Paper accepted to USENIX Security 2023 February 21, 2023
  • 2 full papers accepted to WiSec 2023 January 30, 2023
  • Cybersecurity Program Led By Dr. Saxena Ranks Best! January 26, 2023
  • EarSpy in Media January 26, 2023
  • Dr. Saxena is a Co-PI on Thematic AI Lab November 28, 2022
  • Paper accepted to PMC 2022 November 28, 2022
  • Paper accepted to ICISC 2022 November 28, 2022
  • A New Grant from NSA October 17, 2022
  • Dr. Saxena appointed as a Dean’s Research Fellow October 17, 2022
  • Dr. Saxena to lead a new SaTC Medium project on Election Security July 16, 2022
  • SPIES Lab’s 12th PhD Graduate — Anuradha Mandal July 16, 2022
  • SPIES Lab’s 11th PhD Graduate – Payton Walker July 6, 2022
  • Two papers accepted to PST 2022 June 9, 2022
  • Paper accepted to ICDCS 2022 April 4, 2022
  • Paper accepted CHIL 2022 March 19, 2022
  • 2 papers accepted to WiSec 2022 March 19, 2022
  • Paper accepted to EuroS&P 2022 February 12, 2022

© 2016–2023 SPIES Lab, Computer Science and Engineering Log in

Texas A&M Engineering Experiment Station Logo
  • College of Engineering
  • Facebook
  • Twitter
  • State of Texas
  • Open Records
  • Risk, Fraud & Misconduct Hotline
  • Statewide Search
  • Site Links & Policies
  • Accommodations
  • Environmental Health, Safety & Security
  • Employment