2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS) (2017)
Atlanta, Georgia, USA
June 5, 2017 to June 8, 2017
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICDCS.2017.88
Multi-factor authentication is a well-recognized access control method that enhances the security of users' sensitive data and identities. A successful authentication attempt requires a user to correctly present two or more authentication factors such as knowledge factors, possession factors and inherence factors. For smartphone-based multi-factor authentication, a promising way to authenticate a user is to verify his possession of a legitimate smartphone, which calls for secure and usable device authentication schemes. In this article, we propose to authenticate a device through tracking the hardware fingerprint of its built-in sensor. We first review the existing hardware-rooted identification methods and discuss the merits of applying a hardware fingerprint as a smartphone's unique identity. Then, we analyze the security issues underlying these methods and identify two security requirements for the identification methods to be used in an authentication scheme: Fingerprint Leakage Resilience and Fingerprint Forgery Resilience. Finally, we look into a specific hardware fingerprint originally used for digital cameras. We analyze the feasibility of applying this fingerprint to differentiate off-the-shelf smartphones and list several challenging practical issues underlying this method.
Authentication, Cameras, Fingerprint recognition, Hardware, Forgery, Resilience
Z. Ba and K. Ren, "Addressing Smartphone-Based Multi-factor Authentication via Hardware-Rooted Technologies," 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), Atlanta, Georgia, USA, 2017, pp. 1910-1914.