Mobile device sensorhistory as a second factor for authentication

Despite the availability of biometrics like face recognition and finger print scanners passwords are still a common widely accepted way to secure personal computers and business workstations. This stands in contrast with security measures we can find for cloud services like Dropbox and Google that provide their users with two-factor authentication. Although one could argue that the physical machine loses importance with the shift towards having everything in the cloud ranging from software over platforms to infrastructure there is still a need of securing the endpoint at which these services are accessed. For this purpose, often software or hardware tokens are used along the password in a two-factor authentication scenario. Examples are RSA tokens, software tokens like the Google authenticator or NFC smart cards. A common issue with these solutions is that they are vulnerable to relay attacks. We thus propose a second factor which is resilient to these kind of attacks. To do so it is necessary to guarantee the physical co-presence of the authenticating device and the second factor, e.g. a smart phone. This project aims to ensure this property using the gyroscope history of a smart phone and validating it against received signal strength measurements conducted by WiFi checkpoints within the perimeter, e.g. office building, of the authenticating machine. This makes sure that the smart phone wielder actually walked to the machine and the phone is thus present where the user claims.