Wi-Auth: WiFi based Second Factor User Authentication

While second factor authentication (2FA) is now widely available, user adoption is still very low, as most of 2FA implementations require significant interaction from the user. In this paper, we present a novel 2FA system, called Wi-Auth that requires minimal participation from the user. A user after confirming her credentials with an online service, simply has to place a pre-registered secondary device in close proximity ( <2.5 inches) of the primary device from which the login attempt is being made. Wi-Auth detects the proximity of these two devices by comparing the fine-grained Channel State Information (CSI) of the ambient WiFi signals measured at the two devices. The logic being that two devices that are in such close proximity will exhibit very similar CSI characteristics. Wi-Auth uses a lightweight two-step matching algorithm to compare the two CSI measurements. We also address (for the first time in literature) the issue of targeted attacks where an attacker may be co-located with the victim. We implement Wi-Auth using commodity off-the-shelf 802.11n devices and evaluate its performance in three different practical settings including an open office, an apartment and a large meeting space. Our experiments performed at 90 different location reveal that Wi-Auth can on average achieve 94% authentication accuracy with 5% false positives and 6% false negatives. Moreover, Wi-Auth is very robust in preventing co-located attacks with a 95% attack detection accuracy.