Our paper „SPAWN: Seamless Proximity-based Authentication by Utilizing the Existent WiFi Environment” got accepted at WISTP 2024!
Short summary:
Our objective is to create a transparent authentication factor using existing hardware and information already present. Transparent authentication refers to not burdening the user with interaction, and therefore a transparent authentication factor is applicable not only at the beginning of a session but continuously during an authenticated session. We choose to utilize the WiFi environment of a user, as it is ubiquitous in terms of the presence of WiFi signals and user hardware. As we intend our contribution as an addition to stand-alone passwords or existing multifactor-authentication schemes, we decided to build on the concept of separated authentication channels used in state-of-the-art multifactor authentication. To do so, we require two devices. Measuring the WiFi environment from two points enables us to use the proximity of devices as the additional authentication claim. In this work, we demonstrate that it is feasible to use WiFi to identify the proximity of devices. We analyze two scenarios, a semi-densely populated apartment environment and a densely populated o ce environment in terms of WiFi access points. In the apartment scenario, we show that SPAWN provides at least as much entropy as a traditional password, while not requiring the user to retype a low-entropy token. In the o ce scenario, this amount of entropy can still be derived in 74% of the measures. By applying private set metrics, we investigate and demonstrate that a device's proximity can be employed as an authentication factor without compromising privacy.