ZITA: Zero-Interaction Two-Factor Authentication Using Contact Traces and In-Band Proximity Verification

Nirnimesh Ghose, Kaustubh Gupta, Loukas Lazos, Ming Li, Ziqi Xu, Jincheng Li

Research output: Contribution to journalArticlepeer-review

3 Scopus citations

Abstract

Two-factor authentication provides an additional layer of protection to commonly-occurring password breaches. However, existing TFA methods, often involve special hardware interfaces, or require human effort which is prone to errors and acts as an adoption detractor for older adults and novice technology users. To address these limitations, we propose a zero-interaction, two-factor authentication (ZITA) protocol. In ZITA, the first factor is implemented using the conventional username and password methods. The second factor is completed without any human effort provided that the user is not accessing the service from an unregistered public device and a designated secondary device is physically co-present. To automate the second factor, ZITA exploits the long-term contact between the login device and the secondary device such as a smartphone. Moreover, to thwart man-in-the-middle and co-located attacks, ZITA incorporates a proximity verification test that relies on the randomness of ambient RF signals. Compared with other zero-effort TFA protocols, ZITA remains secure against advanced threats and does not require out-of-band sensors such as microphones, speakers, or photoplethysmography (PPG) sensors.

Original languageEnglish (US)
Pages (from-to)6318-6333
Number of pages16
JournalIEEE Transactions on Mobile Computing
Volume23
Issue number5
DOIs
StatePublished - May 1 2024

Keywords

  • Commercial off the shelf (COTS) wireless devices
  • in-band
  • man-in-the-middle attacks
  • physical-layer security
  • two-factor authentication (TFA)
  • wireless signal manipulation attacks

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'ZITA: Zero-Interaction Two-Factor Authentication Using Contact Traces and In-Band Proximity Verification'. Together they form a unique fingerprint.

Cite this