ABC: Enabling Smartphone Authentication with Built-in Camera

In this paper, we propose ABC, a real-time smartphone Authentication protocol utilizing the photo-response nonuniformity (PRNU) of the Built-in Camera. In contrast to previous works that require tens of images to build reliable PRNU features for conventional cameras, we are the first to observe that one image alone can uniquely identify a smartphone due to the unique PRNU of a smartphone image sensor. This new discovery makes the use of PRNU practical for smartphone authentication. While most existing hardware fingerprints are vulnerable against forgery attacks, ABC defeats forgery attacks by verifying a smartphone’s PRNU identity through a challenge response protocol using a visible light communication channel. A user captures two time-variant QR codes and sends the two images to a server, which verifies the identity by fingerprint and image content matching. The time-variant QR codes can also defeat replay attacks. Our experiments with 16,000 images over 40 smartphones show that ABC can efficiently authenticate user devices with an error rate less than 0.5%.

[1]  Stephen C. Cain,et al.  Projection-based image registration in the presence of fixed-pattern noise , 2001, IEEE Trans. Image Process..

[2]  Nikita Borisov,et al.  Exploring Ways To Mitigate Sensor-Based Smartphone Fingerprinting , 2015, ArXiv.

[3]  Stefan Katzenbeisser,et al.  Cell phone camera ballistics: attacks and countermeasures , 2010, Electronic Imaging.

[4]  Witold Kinsner,et al.  A radio transmitter fingerprinting system ODO-1 , 1996, Proceedings of 1996 Canadian Conference on Electrical and Computer Engineering.

[5]  Hiroshi Ito,et al.  A New Watermark Surviving After Re-shooting the Images Displayed on a Screen , 2005, KES.

[6]  Miroslav Goljan,et al.  Digital camera identification from sensor pattern noise , 2006, IEEE Transactions on Information Forensics and Security.

[7]  Srdjan Capkun,et al.  Attacks on physical-layer identification , 2010, WiSec '10.

[8]  Xiang-Yang Li,et al.  Wireless Device Authentication Using Acoustic Hardware Fingerprints , 2015, BigCom.

[9]  Srdjan Capkun,et al.  Physical-Layer Identification of Wireless Devices , 2011 .

[10]  Srdjan Capkun,et al.  Physical-layer Identification of RFID Devices , 2009, USENIX Security Symposium.

[11]  Srdjan Capkun,et al.  Physical-layer identification of UHF RFID tags , 2010, MobiCom.

[12]  Dennis Goeckel,et al.  Identifying Wireless Users via Transmitter Imperfections , 2011, IEEE Journal on Selected Areas in Communications.

[13]  Nikita Borisov,et al.  Fingerprinting Smart Devices Through Embedded Acoustic Components , 2014, ArXiv.

[14]  Nikita Borisov,et al.  Do You Hear What I Hear?: Fingerprinting Smart Devices Through Embedded Acoustic Components , 2014, CCS.

[15]  Nikita Borisov,et al.  Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses , 2016, NDSS.

[16]  Xiangyu Liu,et al.  Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound , 2014, CCS.

[17]  Guoliang Xing,et al.  COBRA: color barcode streaming for smartphone systems , 2012, MobiSys '12.

[18]  Cong Wang,et al.  SBVLC: Secure barcode-based visible light communication for smartphones , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[19]  Miroslav Goljan,et al.  Digital Camera Identification from Images - Estimating False Acceptance Probability , 2008, IWDW.

[20]  R.T. Johnk,et al.  Electromagnetic signatures of WLAN cards and network security , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..

[21]  J. Fridrich,et al.  Digital image forensics , 2009, IEEE Signal Processing Magazine.

[22]  Ming-Wei Liu,et al.  Specific Emitter Identification using Nonlinear Device Estimation , 2008, 2008 IEEE Sarnoff Symposium.

[23]  Ahmet Emir Dirik,et al.  Forensic use of photo response non-uniformity of imaging sensors and a counter method. , 2014, Optics express.

[24]  Kui Ren,et al.  Addressing Smartphone-Based Multi-factor Authentication via Hardware-Rooted Technologies , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[25]  Jessica J. Fridrich,et al.  Large scale test of sensor fingerprint camera identification , 2009, Electronic Imaging.

[26]  Rainer Böhme,et al.  Can we trust digital image forensics? , 2007, ACM Multimedia.

[27]  Mo Chen,et al.  Defending Against Fingerprint-Copy Attack in Sensor-Based Camera Identification , 2011, IEEE Transactions on Information Forensics and Security.

[28]  Wenyuan Xu,et al.  AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable , 2014, NDSS.

[29]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[30]  Gabi Nakibly,et al.  Mobile Device Identification via Sensor Fingerprinting , 2014, ArXiv.

[31]  Ahmet Emir Dirik,et al.  Adaptive photo-response non-uniformity noise removal against image source attribution , 2015, Digit. Investig..

[32]  Mo Chen,et al.  Determining Image Origin and Integrity Using Sensor Noise , 2008, IEEE Transactions on Information Forensics and Security.

[33]  Matthias Kirchner,et al.  Fragile sensor fingerprint camera identification , 2015, 2015 IEEE International Workshop on Information Forensics and Security (WIFS).

[34]  Aziz Mohaisen,et al.  You Can Hear But You Cannot Steal: Defending Against Voice Impersonation Attacks on Smartphones , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[35]  Dennis Goeckel,et al.  RF fingerprinting of users who actively mask their identities with artificial distortion , 2011, 2011 Conference Record of the Forty Fifth Asilomar Conference on Signals, Systems and Computers (ASILOMAR).

[36]  Mo Chen,et al.  Digital imaging sensor identification (further study) , 2007, Electronic Imaging.