Vibe: An Implicit Two-Factor Authentication using Vibration Signals

The increased need for online account security and the prominence of smartphones in today’s society has led to smartphone-based two-factor authentication schemes, in which the second factor is a code received on the user’s smartphone. Evolving two-factor authentication mechanisms suggest using the proximity of the user’s devices as the second authentication factor, avoiding the inconvenience of user-device interaction. These mechanisms often use low-range communication technologies or the similarities of devices’ environments to prove devices’ proximity and user authenticity. However, such mechanisms are vulnerable to colocated adversaries. This paper proposes Vibe-an implicit two-factor authentication mechanism, which uses a vibration communication channel to prove users’ authenticity in a secure and non-intrusive manner. Vibe’s design provides security at the physical layer, reducing the attack surface to the physical surface shared between devices. As a result, it protects users’ security even in the presence of co-located adversaries-the primary drawback of the existing systems. We prototyped Vibe and assessed its performance using commodity hardware in different environments. Our results show an equal error rate of 0.0175 with an end-to-end authentication latency of approximately 3.86 seconds.