De-auth of the blue! transparent de-authentication using bluetooth low energy beacon

Mauro Conti, Pier Paolo Tricomi*, Gene Tsudik

*Corresponding author for this work

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

4 Citations (Scopus)

Abstract

While user authentication (e.g., via passwords and/or biometrics) is considered important, the need for de-authentication is often underestimated. The so-called “lunchtime attack”, whereby a nearby attacker gains access to the casually departed user’s active log-in session, is a serious security risk that stems from lack of proper de-authentication. Although there have been several proposals for automatic de-authentication, all of them have certain drawbacks, ranging from user burden to deployment costs and high rate of false positives. In this paper we propose DE-auth of the Blue (DEB) – a cheap, unobtrusive, fast and reliable system based on the impact of the human body on wireless signal propagation. In DEB, the wireless signal emanates from a Bluetooth Low Energy Beacon, the only additional equipment needed. The user is not required to wear or to be continuously interacting with any device. DEB can be easily deployed at a very low cost. It uses physical properties of wireless signals that cannot be trivially manipulated by an attacker. DEB recognizes when the user physically steps away from the workstation, and transparently de-authenticates her in less than three seconds. We implemented DEB and conducted extensive experiments, showing a very high success rate, with a low risk of false positives when two beacons are used.

Original languageEnglish
Title of host publicationComputer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings
EditorsLiqun Chen, Steve Schneider, Ninghui Li, Kaitai Liang
PublisherSpringer
Pages277-294
Number of pages18
ISBN (Print)9783030589509
DOIs
Publication statusPublished - 2020
Externally publishedYes
Event25th European Symposium on Research in Computer Security, ESORICS 2020 - Guildford, United Kingdom
Duration: 14 Sept 202018 Sept 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12308 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference25th European Symposium on Research in Computer Security, ESORICS 2020
Country/TerritoryUnited Kingdom
CityGuildford
Period14/09/2018/09/20

Keywords

  • Bluetooth beacon
  • De-authentication
  • Information security
  • Wireless signals

Fingerprint

Dive into the research topics of 'De-auth of the blue! transparent de-authentication using bluetooth low energy beacon'. Together they form a unique fingerprint.

Cite this