ABC: Enabling Smartphone Authentication with Built-in Camera

被引:17
作者
Ba, Zhongjie [1 ]
Piao, Sixu [1 ]
Fu, Xinwen [2 ]
Koutsonikolas, Dimitrios [1 ]
Mohaisen, Aziz [2 ]
Ren, Kui [1 ]
机构
[1] Univ Buffalo State Univ New York, Buffalo, NY 14260 USA
[2] Univ Cent Florida, Orlando, FL 32816 USA
来源
25TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2018) | 2018年
基金
新加坡国家研究基金会; 美国国家科学基金会;
关键词
PHOTO-RESPONSE NONUNIFORMITY; SENSOR; IDENTIFICATION; IMAGES;
D O I
10.14722/ndss.2018.23099
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Reliably identifying and authenticating smartphones is critical in our daily life since they are increasingly being used to manage sensitive data such as private messages and financial data. Recent researches on hardware fingerprinting show that each smartphone, regardless of the manufacturer or make, possesses a variety of hardware fingerprints that are unique, robust, and physically unclonable. There is a growing interest in designing and implementing hardware-rooted smartphone authentication which authenticates smartphones through verifying the hardware fingerprints of their built-in sensors. Unfortunately, previous fingerprinting methods either involve large registration overhead or suffer from fingerprint forgery attacks, rendering them infeasible in authentication systems. In this paper, we propose ABC, a real-time smartphone Authentication protocol utilizing the photo-response non-uniformity (PRNU) of the Built-in Camera. In contrast to previous works that require tens of images to build reliable PRNU features for conventional cameras, we are the first to observe that one image alone can uniquely identify a smartphone due to the unique PRNU of a smartphone image sensor. This new discovery makes the use of PRNU practical for smartphone authentication. While most existing hardware fingerprints are vulnerable against forgery attacks, ABC defeats forgery attacks by verifying a smartphone's PRNU identity through a challenge response protocol using a visible light communication channel. A user captures two time-variant QR codes and sends the two images to a server, which verifies the identity by fingerprint and image content matching. The time-variant QR codes can also defeat replay attacks. Our experiments with 16,000 images over 40 smartphones show that ABC can efficiently authenticate user devices with an error rate less than 0.5%.
引用
收藏
页数:15
相关论文
共 37 条
[1]  
[Anonymous], 2009, USENIX SECUR S
[2]  
[Anonymous], 2009, MEDIA FORENSICS SECU, DOI DOI 10.1117/12.805701
[3]   Addressing Smartphone-based Multi-factor Authentication via Hardware-rooted Technologies [J].
Ba, Zhongjie ;
Ren, Kui .
2017 IEEE 37TH INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING SYSTEMS (ICDCS 2017), 2017, :1910-1914
[4]  
Bojinov H., 2014, Mobile Device Identification via Sensor Fingerprinting
[5]   Wireless Device Identification with Radiometric Signatures [J].
Brik, Vladimir ;
Banerjee, Suman ;
Gruteser, Marco ;
Oh, Sangho .
MOBICOM'08: PROCEEDINGS OF THE FOURTEENTH ACM INTERNATIONAL CONFERENCE ON MOBILE COMPUTING AND NETWORKING, 2008, :116-+
[6]   Projection-based image registration in the presence of fixed-pattern noise [J].
Cain, SC ;
Hayat, MM ;
Armstrong, EE .
IEEE TRANSACTIONS ON IMAGE PROCESSING, 2001, 10 (12) :1860-1872
[7]   Wireless Device Authentication Using Acoustic Hardware Fingerprints [J].
Chen, Dajiang ;
Mao, Xufei ;
Qin, Zhen ;
Wang, Weiyi ;
Li, Xiang-Yang ;
Qin, Zhiguang .
BIG DATA COMPUTING AND COMMUNICATIONS, 2015, 9196 :193-204
[8]  
CHEN M., 2007, ELECT IMAGING 2007
[9]   Determining image origin and integrity using sensor noise [J].
Chen, Mo ;
Fridrich, Jessica ;
GoIjan, Miroslav ;
Lukas, Jan .
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2008, 3 (01) :74-90
[10]   You Can Hear But You Cannot Steal: Defending against Voice Impersonation Attacks on Smartphones [J].
Chen, Si ;
Ren, Kui ;
Piao, Sixu ;
Wang, Cong ;
Wang, Qian ;
Weng, Jian ;
Su, Lu ;
Mohaisen, Aziz .
2017 IEEE 37TH INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING SYSTEMS (ICDCS 2017), 2017, :183-195