Visible to the public CRII: SaTC: Camera-based mobile device end-user authenticationConflict Detection Enabled

Project Details

Performance Period

Jun 01, 2015 - May 31, 2018

Institution(s)

SUNY at Binghamton

Award Number


Secure and useable end-user authentication is a major challenge in a modern society that allocates and relocates more and more resources online. As many users nowadays carry a mobile device (e.g., a smartphone), authentication approaches beyond the often-criticized traditional password leverage auxiliary information that can be received by, displayed on, computed by or sent from these omnipresent personal companions. Such multi-factor authentication schemes have the benefit of relying on a combination of "something the user knows" with "something the user has," but are typically only tied to data stored on or sent to the auxiliary device, rather than to the device itself. The goal of this research is to enable practical authentication based on hardware characteristics of consumer-grade mobile devices by transforming the idea of "something the user has" from intangible software artifacts to physical properties of the device, without the need of dedicated internal or external hardware or circuitry in place.

The project focuses on a novel authentication modality based on inherent physical hardware properties in the form of device-specific, unavoidable and unclonable manufacturing imperfections of the smartphone's digital camera sensor. These "sensor fingerprints" can be extracted from probe images displayed to and captured by the user's smartphone in an authentication protocol. At the technical level, a major requirement of an effective sensor-based authentication scheme is leakage-resistance, i.e., adversaries shall not be able to infer the authentication modality from public images acquired outside of the authentication protocol. In this framework, the project integrates techniques for leakage-resistant fingerprint generation and verification, fingerprint re-use across multiple authentication instances, efficient fingerprint storage, and fingerprint quality assessment. By putting ideas from the area of media forensics on the map of an established field of security research, the project will pave the way for novel perspectives in both domains.