Exclusively in-store: Acoustic location authentication for stationary business devices

Over the past decade, the adoption of Internet of Things (IoT) devices has greatly revolutionized the retail and commerce industries. However, these devices are vulnerable to attacks, such as theft, which raises significant security and privacy concerns for business assets. Securing such business-owned devices is challenging, particularly due to the business contexts that require not only authenticating the devices but also verifying the environment in which the devices are located. In this study, we present a zero-effort authentication approach based on acoustic fingerprints, namely AcousticAuth. AcousticAuth enables a “verifier” device to authenticate and verify the work environment of multiple “prover” devices (e.g., kiosks) by extracting their acoustic fingerprints and direction information. Additionally, we adopt a novel method based on beamforming to expand the fingerprint space of the provers. We implemented a prototype of AcousticAuth using real-world IoT devices, and the evaluation of the prototype indicates that AcousticAuth is highly effective and achieves high sensitivity when authenticating different devices across environments. Our results demonstrate that AcousticAuth can accurately distinguish between different devices and the same model devices with the error rate of 0.03%, significantly enhancing the security of IoT devices in retail settings. AcousticAuth also distinguishes between the different environments with an error rate of 0.00%. Lastly, the system shows robustness against various acoustic interference scenarios, making it a practical solution for dynamic business environments. We not only introduce a novel security mechanism that pushes the limit of fingerprint-based authentication by expanding the fingerprint pool but also provide comprehensive insights into its implementation and performance, paving the way for more secure IoT deployments in the commercial sector.