SPAWN: Seamless Proximity-Based Authentication by Utilizing the Existent WiFi Environment

Philipp Jakubeit; Andreas Peter; Maarten van Steen

doi:10.1007/978-3-031-60391-4_1

SPAWN: Seamless Proximity-Based Authentication by Utilizing the Existent WiFi Environment

Philipp Jakubeit^*
, Andreas Peter
, Maarten van Steen

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

4 Downloads (Pure)

Abstract

Our objective is to create a transparent authentication factor using existing hardware and information already present. Transparent authentication refers to not burdening the user with interaction, and therefore a transparent authentication factor is applicable not only at the beginning of a session but continuously during an authenticated session. We choose to utilize the WiFi environment of a user, as it is ubiquitous in terms of the presence of WiFi signals and user hardware. As we intend our contribution as an addition to stand-alone passwords or existing multifactor-authentication schemes, we decided to build on the concept of separated authentication channels used in state-of-the-art multifactor authentication. To do so, we require two devices. Measuring the WiFi environment from two points enables us to use the proximity of devices as the additional authentication claim. In this work, we demonstrate that it is feasible to use WiFi to identify the proximity of devices. We analyze two scenarios, a semi-densely populated apartment environment and a densely populated office environment in terms of WiFi access points. In the apartment scenario, we show that SPAWN provides at least as much entropy as a traditional password, while not requiring the user to retype a low-entropy token. In the office scenario, this amount of entropy can still be derived in 74% of the measures. By applying private set metrics, we investigate and demonstrate that a device’s proximity can be employed as an authentication factor without compromising privacy.

Original language	English
Title of host publication	Information Security Theory and Practice - 14th IFIP WG 11.2 International Conference, WISTP 2024, Proceedings
Editors	Samia Bouzefrane, Damien Sauveron
Publisher	Springer
Pages	1-16
Number of pages	16
ISBN (Print)	9783031603907
DOIs	https://doi.org/10.1007/978-3-031-60391-4_1
Publication status	Published - 18 Jun 2024
Event	14th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2024 - Paris, France Duration: 29 Feb 2024 → 1 Mar 2024 Conference number: 14

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14625 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	14th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2024
Abbreviated title	WISTP 2024
Country/Territory	France
City	Paris
Period	29/02/24 → 1/03/24

Keywords

2026 OA procedure

Access to Document

10.1007/978-3-031-60391-4_1

978-3-031-60391-4_1Final published version, 614 KBLicence: Taverne

Cite this

Jakubeit, P., Peter, A., & van Steen, M. (2024). SPAWN: Seamless Proximity-Based Authentication by Utilizing the Existent WiFi Environment. In S. Bouzefrane, & D. Sauveron (Eds.), Information Security Theory and Practice - 14th IFIP WG 11.2 International Conference, WISTP 2024, Proceedings (pp. 1-16). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14625 LNCS). Springer. https://doi.org/10.1007/978-3-031-60391-4_1

Jakubeit, Philipp ; Peter, Andreas ; van Steen, Maarten. / SPAWN : Seamless Proximity-Based Authentication by Utilizing the Existent WiFi Environment. Information Security Theory and Practice - 14th IFIP WG 11.2 International Conference, WISTP 2024, Proceedings. editor / Samia Bouzefrane ; Damien Sauveron. Springer, 2024. pp. 1-16 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{6abff4d58f0349a4becada1cb2e20a6c,

title = "SPAWN: Seamless Proximity-Based Authentication by Utilizing the Existent WiFi Environment",

abstract = "Our objective is to create a transparent authentication factor using existing hardware and information already present. Transparent authentication refers to not burdening the user with interaction, and therefore a transparent authentication factor is applicable not only at the beginning of a session but continuously during an authenticated session. We choose to utilize the WiFi environment of a user, as it is ubiquitous in terms of the presence of WiFi signals and user hardware. As we intend our contribution as an addition to stand-alone passwords or existing multifactor-authentication schemes, we decided to build on the concept of separated authentication channels used in state-of-the-art multifactor authentication. To do so, we require two devices. Measuring the WiFi environment from two points enables us to use the proximity of devices as the additional authentication claim. In this work, we demonstrate that it is feasible to use WiFi to identify the proximity of devices. We analyze two scenarios, a semi-densely populated apartment environment and a densely populated office environment in terms of WiFi access points. In the apartment scenario, we show that SPAWN provides at least as much entropy as a traditional password, while not requiring the user to retype a low-entropy token. In the office scenario, this amount of entropy can still be derived in 74\% of the measures. By applying private set metrics, we investigate and demonstrate that a device{\textquoteright}s proximity can be employed as an authentication factor without compromising privacy.",

keywords = "2026 OA procedure",

author = "Philipp Jakubeit and Andreas Peter and \{van Steen\}, Maarten",

note = "Publisher Copyright: {\textcopyright} IFIP International Federation for Information Processing 2024.; 14th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2024, WISTP 2024 ; Conference date: 29-02-2024 Through 01-03-2024",

year = "2024",

month = jun,

day = "18",

doi = "10.1007/978-3-031-60391-4\_1",

language = "English",

isbn = "9783031603907",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "1--16",

editor = "Samia Bouzefrane and Damien Sauveron",

booktitle = "Information Security Theory and Practice - 14th IFIP WG 11.2 International Conference, WISTP 2024, Proceedings",

address = "Germany",

}

Jakubeit, P, Peter, A & van Steen, M 2024, SPAWN: Seamless Proximity-Based Authentication by Utilizing the Existent WiFi Environment. in S Bouzefrane & D Sauveron (eds), Information Security Theory and Practice - 14th IFIP WG 11.2 International Conference, WISTP 2024, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14625 LNCS, Springer, pp. 1-16, 14th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2024, Paris, France, 29/02/24. https://doi.org/10.1007/978-3-031-60391-4_1

SPAWN: Seamless Proximity-Based Authentication by Utilizing the Existent WiFi Environment. / Jakubeit, Philipp; Peter, Andreas ; van Steen, Maarten.
Information Security Theory and Practice - 14th IFIP WG 11.2 International Conference, WISTP 2024, Proceedings. ed. / Samia Bouzefrane; Damien Sauveron. Springer, 2024. p. 1-16 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14625 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - SPAWN

T2 - 14th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2024

AU - Jakubeit, Philipp

AU - Peter, Andreas

AU - van Steen, Maarten

N1 - Conference code: 14

PY - 2024/6/18

Y1 - 2024/6/18

N2 - Our objective is to create a transparent authentication factor using existing hardware and information already present. Transparent authentication refers to not burdening the user with interaction, and therefore a transparent authentication factor is applicable not only at the beginning of a session but continuously during an authenticated session. We choose to utilize the WiFi environment of a user, as it is ubiquitous in terms of the presence of WiFi signals and user hardware. As we intend our contribution as an addition to stand-alone passwords or existing multifactor-authentication schemes, we decided to build on the concept of separated authentication channels used in state-of-the-art multifactor authentication. To do so, we require two devices. Measuring the WiFi environment from two points enables us to use the proximity of devices as the additional authentication claim. In this work, we demonstrate that it is feasible to use WiFi to identify the proximity of devices. We analyze two scenarios, a semi-densely populated apartment environment and a densely populated office environment in terms of WiFi access points. In the apartment scenario, we show that SPAWN provides at least as much entropy as a traditional password, while not requiring the user to retype a low-entropy token. In the office scenario, this amount of entropy can still be derived in 74% of the measures. By applying private set metrics, we investigate and demonstrate that a device’s proximity can be employed as an authentication factor without compromising privacy.

AB - Our objective is to create a transparent authentication factor using existing hardware and information already present. Transparent authentication refers to not burdening the user with interaction, and therefore a transparent authentication factor is applicable not only at the beginning of a session but continuously during an authenticated session. We choose to utilize the WiFi environment of a user, as it is ubiquitous in terms of the presence of WiFi signals and user hardware. As we intend our contribution as an addition to stand-alone passwords or existing multifactor-authentication schemes, we decided to build on the concept of separated authentication channels used in state-of-the-art multifactor authentication. To do so, we require two devices. Measuring the WiFi environment from two points enables us to use the proximity of devices as the additional authentication claim. In this work, we demonstrate that it is feasible to use WiFi to identify the proximity of devices. We analyze two scenarios, a semi-densely populated apartment environment and a densely populated office environment in terms of WiFi access points. In the apartment scenario, we show that SPAWN provides at least as much entropy as a traditional password, while not requiring the user to retype a low-entropy token. In the office scenario, this amount of entropy can still be derived in 74% of the measures. By applying private set metrics, we investigate and demonstrate that a device’s proximity can be employed as an authentication factor without compromising privacy.

KW - 2026 OA procedure

UR - https://www.scopus.com/pages/publications/85197363998

U2 - 10.1007/978-3-031-60391-4_1

DO - 10.1007/978-3-031-60391-4_1

M3 - Conference contribution

AN - SCOPUS:85197363998

SN - 9783031603907

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 1

EP - 16

BT - Information Security Theory and Practice - 14th IFIP WG 11.2 International Conference, WISTP 2024, Proceedings

A2 - Bouzefrane, Samia

A2 - Sauveron, Damien

PB - Springer

Y2 - 29 February 2024 through 1 March 2024

ER -

Jakubeit P, Peter A , van Steen M. SPAWN: Seamless Proximity-Based Authentication by Utilizing the Existent WiFi Environment. In Bouzefrane S, Sauveron D, editors, Information Security Theory and Practice - 14th IFIP WG 11.2 International Conference, WISTP 2024, Proceedings. Springer. 2024. p. 1-16. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-60391-4_1