The paper focuses on a new de-authentication method called DEAL, which uses an ambient light sensor to detect when a user leaves their desk. This method aims to prevent ‘lunchtime attacks’ where an unauthorized user takes over a logged-in session. The researchers conducted experiments with 4800 sessions and 120 volunteers in 4 workplace settings. The results show that DEAL can de-authenticate a user within 4 seconds with an 89.15% success rate and a 7.35% failure rate. The paper concludes that bypassing DEAL to launch an attack is nearly impossible as it would require the attacker to take the user’s position within seconds or manipulate the sensor readings in real-time.

 

Publication date: 22 Sep 2023
Project Page: Not provided
Paper: https://arxiv.org/pdf/2309.12220