Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

De-authentication using Ambient Light Sensor

Ankit Gangwal, Aashish Paliwal, Mauro Conti

TL;DR

The paper tackles the problem of automatic de-authentication to prevent lunchtime attacks in shared workplaces by leveraging the built-in ambient light sensor (ALS) on modern computers. It proposes DEAL, which uses a sliding-window outlier detector on univariate ALS readings to infer user departure and revoke the session within a few seconds. In a large-scale study with 4800 samples from 120 volunteers across four workplace settings, DEAL achieves an 89.15% hit rate and 7.35% fall-out, de-authenticating within about 4 seconds; crucially, it requires no external hardware and is inexpensive to deploy. The results suggest DEAL offers a practical, low-maintenance, hardware-free solution for continuous protection against unauthorized access in shared workspaces, with room for future improvements via environment-specific tuning and learning-based enhancements.

Abstract

While user authentication happens before initiating or resuming a login session, de-authentication detects the absence of a previously-authenticated user to revoke her currently active login session. The absence of proper de-authentication can lead to well-known lunchtime attacks, where a nearby adversary takes over a carelessly departed user's running login session. The existing solutions for automatic de-authentication have distinct practical limitations, e.g., extraordinary deployment requirements or high initial cost of external equipment. In this paper, we propose "DE-authentication using Ambient Light sensor" (DEAL), a novel, inexpensive, fast, and user-friendly de-authentication approach. DEAL utilizes the built-in ambient light sensor of a modern computer to determine if the user is leaving her work-desk. DEAL, by design, is resilient to natural shifts in lighting conditions and can be configured to handle abrupt changes in ambient illumination (e.g., due to toggling of room lights). We collected data samples from 4800 sessions with 120 volunteers in 4 typical workplace settings and conducted a series of experiments to evaluate the quality of our proposed approach thoroughly. Our results show that DEAL can de-authenticate a departing user within 4 seconds with a hit rate of 89.15% and a fall-out of 7.35%. Finally, bypassing DEAL to launch a lunchtime attack is practically infeasible as it requires the attacker to either take the user's position within a few seconds or manipulate the sensor readings sophisticatedly in real-time.

De-authentication using Ambient Light Sensor

TL;DR

The paper tackles the problem of automatic de-authentication to prevent lunchtime attacks in shared workplaces by leveraging the built-in ambient light sensor (ALS) on modern computers. It proposes DEAL, which uses a sliding-window outlier detector on univariate ALS readings to infer user departure and revoke the session within a few seconds. In a large-scale study with 4800 samples from 120 volunteers across four workplace settings, DEAL achieves an 89.15% hit rate and 7.35% fall-out, de-authenticating within about 4 seconds; crucially, it requires no external hardware and is inexpensive to deploy. The results suggest DEAL offers a practical, low-maintenance, hardware-free solution for continuous protection against unauthorized access in shared workspaces, with room for future improvements via environment-specific tuning and learning-based enhancements.

Abstract

While user authentication happens before initiating or resuming a login session, de-authentication detects the absence of a previously-authenticated user to revoke her currently active login session. The absence of proper de-authentication can lead to well-known lunchtime attacks, where a nearby adversary takes over a carelessly departed user's running login session. The existing solutions for automatic de-authentication have distinct practical limitations, e.g., extraordinary deployment requirements or high initial cost of external equipment. In this paper, we propose "DE-authentication using Ambient Light sensor" (DEAL), a novel, inexpensive, fast, and user-friendly de-authentication approach. DEAL utilizes the built-in ambient light sensor of a modern computer to determine if the user is leaving her work-desk. DEAL, by design, is resilient to natural shifts in lighting conditions and can be configured to handle abrupt changes in ambient illumination (e.g., due to toggling of room lights). We collected data samples from 4800 sessions with 120 volunteers in 4 typical workplace settings and conducted a series of experiments to evaluate the quality of our proposed approach thoroughly. Our results show that DEAL can de-authenticate a departing user within 4 seconds with a hit rate of 89.15% and a fall-out of 7.35%. Finally, bypassing DEAL to launch a lunchtime attack is practically infeasible as it requires the attacker to either take the user's position within a few seconds or manipulate the sensor readings sophisticatedly in real-time.
Paper Structure (14 sections, 1 equation, 5 figures, 3 tables, 1 algorithm)

This paper contains 14 sections, 1 equation, 5 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related works
  3. System and adversary models
  4. System model
  5. Adversary model
  6. Proposed Method
  7. Evaluation
  8. Evaluation setup
  9. Data collection
  10. Experimental results
  11. Discussion
  12. Comparison with existing de-authentication schemes
  13. Limitations
  14. Conclusion and future work

Figures (5)

  • Figure 1: A representative depiction of affecting illumination perceived by ALS.
  • Figure 2: The top view of our office setup.
  • Figure 3: The distribution of age, sex, and height of the volunteers.
  • Figure 4: A random set of ALS data samples collected from different positions.
  • Figure 5: Hit rate (%) over different height classes for $\eta=1.5s$, $\ell=4s$.