WiLock: Exploiting Wireless Signals for Device-Free Continuous Authentication

摘要

Mobile devices use time-based de-authentication to secure themselves against un-authorized users, and usually lock themselves after a pre- defined time of inactivity, known as "lock-out time". The technique is effective, however lack of an adaptive de-authentication mechanism may limit the usability and security: if the lock-out time is too short, the usability suffers from requirement of frequent and possibly unnecessary user authentications, and if too long, the security suffers from an increased window of opportunity for lunch-time attacks. In this paper, we propose WiLock; a WiFi-assisted proximity-based device locking technique, to complement the traditional authentication and de-authentication mechanism on the mobile devices in simplistic but highly common scenarios, to avoid unnecessary de- authentication of the user and to secure devices against lunch-time attacks. We introduce the concept of "Personal Space" (PS) as a safe zone around the device in which the solo presence of the user is considered safe. This approach adopts analyzing wireless signals received at the device to sense human presence in device proximity and make security- aware decisions on locking the device. Physical proximity of the device, along with the presence and relative locations of human objects in it as an authentication factor has been studied and is shown to be effective for enhancing security and usability of mobile devices. After benchmarking different classifiers, we adopt a k-NN based learning method to classify collected information into lock and unlock classes. Our evaluation through extensive experiments on real collected data using off-the-shelf WiFi equipments confirms our scheme's performance and shows an average detection accuracy of 92.62% and 78.73% for stationary and moving objects respectively in the experiment's environment and setting.