Litcius/Paper detail

Listen to Your Fingers

Huijie Chen, Fan Li, Wan Du, Song Yang, Matthew Conn, Yu Wang

2020Proceedings of the ACM on Interactive Mobile Wearable and Ubiquitous Technologies45 citationsDOI

Abstract

Inputting a pattern or PIN code on the touch screen is a popular method to prevent unauthorized access to mobile devices. However, these sensitive tokens are highly susceptible to being inferred by various types of side-channel attacks, which can compromise the security of the private data stored in the device. This paper presents a second-factor authentication method, TouchPrint, which relies on the user's hand posture shape traits (dependent on the individual different posture type and unique hand geometry biometrics) when the user inputs PIN or pattern. It is robust against the behavioral variability of inputting a passcode and places no restrictions on input manner (e.g., number of the finger touching the screen, moving speed, or pressure). To capture the spatial characteristic of the user's hand posture shape when input the PIN or pattern, TouchPrint performs active acoustic sensing to scan the user's hand posture when his/her finger remains static at some reference positions on the screen (e.g., turning points for the pattern and the number buttons for the PIN code), and extracts the multipath effect feature from the echo signals reflected by the hand. Then, TouchPrint fuses with the spatial multipath feature-based identification results generated from the multiple reference positions to facilitate a reliable and secure MFA system. We build a prototype on smartphone and then evaluate the performance of TouchPrint comprehensively in a variety of scenarios. The experiment results demonstrate that TouchPrint can effectively defend against the replay attacks and imitate attacks. Moreover, TouchPrint can achieve an authentication accuracy of about 92% with only ten training samples.

Topics & Concepts

Computer scienceFeature (linguistics)Channel (broadcasting)BiometricsIdentification (biology)Code (set theory)Mobile deviceSide channel attackMultipath propagationArtificial intelligenceComputer visionPattern recognition (psychology)Computer securityCryptographySet (abstract data type)Operating systemBiologyBotanyPhilosophyComputer networkProgramming languageLinguisticsUser Authentication and Security SystemsInteractive and Immersive DisplaysBiometric Identification and Security