Secure zero-effort two-factor authentication based on time-frequency audio analysis

Abstract

Two-factor authentication (2FA) protects user's online account even if his/her password is leaked. Conventional 2FA systems require extra interaction like typing a verification code, which might not be very user-friendly. To improve user experience, recent researchers aim at zero-effort 2FA, in which a smart phone placed close to a client computer (browser) automatically assists with the authentication. In this paper, we propose SoundAuth, a secure zero-effort 2FA mechanism based on (two kinds of) ambient audio signals. We consider the comparison of the surrounding sounds and certain unpredictable near-ultrasounds as a classification problem and employ machine learning techniques for analysis. To evaluate the usability and security of SoundAuth, we study the effects of the recording duration and distance between two devices. Experiments show SoundAuth outperforms existent schemes for specific simulation attacks.