Authors: Mingyue Wang; Shen Yan; Wei Wang; Jiwu Jing
Addresses: School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing 100049, China ' Information Sciences Institute, University of Southern California, CA 90292, USA ' State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China; Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, Beijing 100093, China ' School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing 100049, China
Abstract: Two-factor authentication (2FA) protects user's online account even if his/her password is leaked. Conventional 2FA systems require extra interaction like typing a verification code, which might not be very user-friendly. To improve user experience, recent researchers aim at zero-effort 2FA, in which a smart phone placed close to a client computer (browser) automatically assists with the authentication. In this paper, we propose SoundAuth, a secure zero-effort 2FA mechanism based on (two kinds of) ambient audio signals. We consider the comparison of the surrounding sounds and certain unpredictable near-ultrasounds as a classification problem and employ machine learning techniques for analysis. To evaluate the usability and security of SoundAuth, we study the effects of the recording duration and distance between two devices. Experiments show SoundAuth outperforms existent schemes for specific simulation attacks.
Keywords: zero-effort two-factor authentication; two-factor authentication; 2FA; audio signals; ambient sound; near-ultrasound; challenge-response protocol; co-presence detection; machine learning technique; time synchronisation.
International Journal of Information and Computer Security, 2022 Vol.18 No.3/4, pp.237 - 261
Received: 20 Nov 2019
Accepted: 10 Jan 2020
Published online: 05 Sep 2022 *