The Community for Technology Leaders
2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS) (2017)
Atlanta, Georgia, USA
June 5, 2017 to June 8, 2017
ISSN: 1063-6927
ISBN: 978-1-5386-1792-2
pp: 1910-1914
ABSTRACT
Multi-factor authentication is a well-recognized access control method that enhances the security of users' sensitive data and identities. A successful authentication attempt requires a user to correctly present two or more authentication factors such as knowledge factors, possession factors and inherence factors. For smartphone-based multi-factor authentication, a promising way to authenticate a user is to verify his possession of a legitimate smartphone, which calls for secure and usable device authentication schemes. In this article, we propose to authenticate a device through tracking the hardware fingerprint of its built-in sensor. We first review the existing hardware-rooted identification methods and discuss the merits of applying a hardware fingerprint as a smartphone's unique identity. Then, we analyze the security issues underlying these methods and identify two security requirements for the identification methods to be used in an authentication scheme: Fingerprint Leakage Resilience and Fingerprint Forgery Resilience. Finally, we look into a specific hardware fingerprint originally used for digital cameras. We analyze the feasibility of applying this fingerprint to differentiate off-the-shelf smartphones and list several challenging practical issues underlying this method.
INDEX TERMS
Authentication, Cameras, Fingerprint recognition, Hardware, Forgery, Resilience
CITATION

Z. Ba and K. Ren, "Addressing Smartphone-Based Multi-factor Authentication via Hardware-Rooted Technologies," 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), Atlanta, Georgia, USA, 2017, pp. 1910-1914.
doi:10.1109/ICDCS.2017.88
87 ms
(Ver 3.3 (11022016))