Listen to Your Fingers

Inputting a pattern or PIN code on the touch screen is a popular method to prevent unauthorized access to mobile devices. However, these sensitive tokens are highly susceptible to being inferred by various types of side-channel attacks, which can compromise the security of the private data stored in the device. This paper presents a second-factor authentication method, TouchPrint, which relies on the user's hand posture shape traits (dependent on the individual different posture type and unique hand geometry biometrics) when the user inputs PIN or pattern. It is robust against the behavioral variability of inputting a passcode and places no restrictions on input manner (e.g., number of the finger touching the screen, moving speed, or pressure). To capture the spatial characteristic of the user's hand posture shape when input the PIN or pattern, TouchPrint performs active acoustic sensing to scan the user's hand posture when his/her finger remains static at some reference positions on the screen (e.g., turning points for the pattern and the number buttons for the PIN code), and extracts the multipath effect feature from the echo signals reflected by the hand. Then, TouchPrint fuses with the spatial multipath feature-based identification results generated from the multiple reference positions to facilitate a reliable and secure MFA system. We build a prototype on smartphone and then evaluate the performance of TouchPrint comprehensively in a variety of scenarios. The experiment results demonstrate that TouchPrint can effectively defend against the replay attacks and imitate attacks. Moreover, TouchPrint can achieve an authentication accuracy of about 92% with only ten training samples.

[1]  Xiang-Yang Li,et al.  SilentSense: silent user identification via touch and movement behavioral biometrics , 2013, MobiCom.

[2]  Nitesh Saxena,et al.  Bad Sounds Good Sounds: Attacking and Defending Tap-Based Rhythmic Passwords Using Acoustic Signals , 2015, CANS.

[3]  Ana González-Marcos,et al.  Biometric Identification through Hand Geometry Measurements , 2000, IEEE Trans. Pattern Anal. Mach. Intell..

[4]  Minglu Li,et al.  LipPass: Lip Reading-based User Authentication on Smartphones Leveraging Acoustic Signals , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[5]  Bing Zhou,et al.  EchoPrint: Two-factor Authentication using Acoustics and Vision on Smartphones , 2018, MobiCom.

[6]  Hai Huang,et al.  You Are How You Touch: User Verification on Smartphones via Tapping Behaviors , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[7]  Lei Xie,et al.  VSkin: Sensing Touch Gestures on Surfaces of Mobile Devices Using Acoustic Signals , 2018, MobiCom.

[8]  Jie Yang,et al.  Snooping Keystrokes with mm-level Audio Ranging on a Single Phone , 2015, MobiCom.

[9]  Minglu Li,et al.  TouchPass: towards behavior-irrelevant on-touch user authentication on smartphones leveraging vibrations , 2020, MobiCom.

[10]  Chen Wang,et al.  WristSpy: Snooping Passcodes in Mobile Payment Using Wrist-worn Wearables , 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[11]  Yan Wang,et al.  Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN , 2016, AsiaCCS.

[12]  Nicolas Roussel,et al.  Characterizing Latency in Touch and Button-Equipped Interactive Systems , 2017, UIST.

[13]  Zhenjiang Li,et al.  aLeak: Privacy Leakage through Context - Free Wearable Side-Channel , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[14]  Yu Wang,et al.  EchoTrack: Acoustic device-free hand tracking on smart phones , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[15]  Tareq Y. Al-Naffouri,et al.  Zadoff-Chu coded ultrasonic signal for accurate range estimation , 2017, 2017 25th European Signal Processing Conference (EUSIPCO).

[16]  Kang G. Shin,et al.  EchoTag: Accurate Infrastructure-Free Indoor Location Tagging with Smartphones , 2015, MobiCom.

[17]  Yunhao Liu,et al.  Context-free Attacks Using Keyboard Acoustic Emanations , 2014, CCS.

[18]  Vijayalakshmi Atluri,et al.  A side-channel attack on smartphones: Deciphering key taps using built-in microphones , 2018, J. Comput. Secur..

[19]  Fan Li,et al.  ClickLeak: Keystroke Leaks Through Multimodal Sensors in Cyber-Physical Social Networks , 2017, IEEE Access.

[20]  Minglu Li,et al.  KeyLiSterber: Inferring Keystrokes on QWERTY Keyboard of Touch Screen through Acoustic Signals , 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[21]  Yanwen Wang,et al.  Push the Limit of Acoustic Gesture Recognition , 2020, IEEE INFOCOM 2020 - IEEE Conference on Computer Communications.

[22]  Xiaopeng Li,et al.  Touch Well Before Use: Intuitive and Secure Authentication for IoT Devices , 2019, MobiCom.

[23]  He Wang,et al.  MoLe: Motion Leaks through Smartwatch Sensors , 2015, MobiCom.

[24]  Mo Li,et al.  DopEnc: acoustic-based encounter profiling using smartphones , 2016, MobiCom.

[25]  Yu Wang,et al.  PPGPass: Nonintrusive and Secure Mobile Two-Factor Authentication via Wearables , 2020, IEEE INFOCOM 2020 - IEEE Conference on Computer Communications.

[26]  Zhi-Li Zhang,et al.  Multi-touch Authentication Using Hand Geometry and Behavioral Information , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[27]  Li Lu,et al.  Safeguard: User Reauthentication on Smartphones via Behavioral Biometrics , 2015, IEEE Transactions on Computational Social Systems.

[28]  Qian Zhang,et al.  CondioSense: high-quality context-aware service for audio sensing system via active sonar , 2017, Personal and Ubiquitous Computing.

[29]  Mo Li,et al.  An Acoustic-Based Encounter Profiling System , 2018, IEEE Transactions on Mobile Computing.

[30]  Fan Li,et al.  SoundMark: Accurate Indoor Localization via Peer-Assisted Dead Reckoning , 2018, IEEE Internet of Things Journal.

[31]  Rajesh Kumar,et al.  Context-Aware Active Authentication Using Smartphone Accelerometer Measurements , 2014, 2014 IEEE Conference on Computer Vision and Pattern Recognition Workshops.

[32]  Xiaojiang Chen,et al.  Cracking Android Pattern Lock in Five Attempts , 2017, NDSS.

[33]  Feng Xiao,et al.  PatternListener: Cracking Android Pattern Lock Using Acoustic Signals , 2018, CCS.

[34]  Xinyu Zhang,et al.  Ubiquitous keyboard for small mobile devices: harnessing multipath fading for fine-grained keystroke localization , 2014, MobiSys.

[35]  Xiaohui Liang,et al.  Revealing Your Mobile Password via WiFi Signals: Attacks and Countermeasures , 2020, IEEE Transactions on Mobile Computing.