Skip to main content

Accelerometer-Based Device Fingerprinting for Multi-factor Mobile Authentication

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 9639)

Abstract

Due to the numerous data breaches, often resulting in the disclosure of a substantial amount of user passwords, the classic authentication scheme where just a password is required to log in, has become inadequate. As a result, many popular web services now employ risk-based authentication systems where various bits of information are requested in order to determine the authenticity of the authentication request. In this risk assessment process, values consisting of geo-location, IP address and browser-fingerprint information, are typically used to detect anomalies in comparison with the user’s regular behavior.

In this paper, we focus on risk-based authentication mechanisms in the setting of mobile devices, which are known to fall short of providing reliable device-related information that can be used in the risk analysis process. More specifically, we present a web-based and low-effort system that leverages accelerometer data generated by a mobile device for the purpose of device re-identification. Furthermore, we evaluate the performance of these techniques and assess the viability of embedding such a system as part of existing risk-based authentication processes.

Keywords

  • Mobile Device
  • Authentication Scheme
  • Accelerometer Data
  • Near Field Communication
  • Authentication System

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-30806-7_7
  • Chapter length: 16 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   54.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-30806-7
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   69.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
Fig. 7.

Notes

  1. 1.

    https://jquerymobile.com/.

References

  1. Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings Of The 16th International Conference on World Wide Web, pp. 657–666. ACM (2007)

    Google Scholar 

  2. Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  3. Spooren, J., Preuveneers, D., Joosen, W.: Mobile device fingerprinting considered harmful for risk-based authentication. In: Proceedings of the Eighth European Workshop on System Security, pp. 6. ACM (2015)

    Google Scholar 

  4. Hupperich, T., Maiorca, D., Kührer, M., Holz, T., Giacinto, G.: On the robustness of mobile device fingerprinting: can mobile users escape modern web-tracking mechanisms? In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 191–200. ACM (2015)

    Google Scholar 

  5. Mowery, K., Shacham, H.: Pixel perfect: Fingerprinting canvas in html5. Proceedings of W2SP (2012)

    Google Scholar 

  6. Acar, G., Juarez, M., Nikiforakis, N., Diaz, C., Gürses, S., Piessens, F., Preneel, B.: Fpdetective: Dusting the web for fingerprinters. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1129–1140. ACM (2013)

    Google Scholar 

  7. Bojinov, H., Michalevsky, Y., Nakibly, G., Boneh, D.: Mobile device identification via sensor fingerprinting. arXiv preprint (2014). arxiv:1408.1416

  8. Lukas, J., Fridrich, J., Goljan, M.: Digital camera identification from sensor pattern noise. IEEE Trans. Inf. Forensics Secur. 1(2), 205–214 (2006)

    CrossRef  Google Scholar 

  9. Das, A., Borisov, N., Caesar, M.: Do you hear what i hear?: fingerprinting smart devices through embedded acoustic components. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 441–452. ACM (2014)

    Google Scholar 

  10. Dey, S., Roy, N., Xu, W., Choudhury, R.R., Nelakuditi, S.: Accelprint: imperfections of accelerometers make smartphones trackable. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) (2014)

    Google Scholar 

  11. Bonneau, J., Herley, C., van Oorschot, P., Stajano, F.: The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 553–567, May 2012

    Google Scholar 

  12. Das, A., Borisov, N., Caesar, M.: Exploring ways to mitigate sensor-based smartphone fingerprinting. CoRR abs/1503.01874 (2015)

    Google Scholar 

  13. Aloul, F., Zahidi, S., El-Hajj, W.: Two factor authentication using mobile phones. In: IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2009, pp. 641–644. IEEE (2009)

    Google Scholar 

  14. Dodson, B., Sengupta, D., Boneh, D., Lam, M.S.: Secure, consumer-friendly web authentication and payments with a phone. In: Gris, M., Yang, G. (eds.) MobiCASE 2010. LNICST, vol. 76, pp. 17–38. Springer, Heidelberg (2012)

    CrossRef  Google Scholar 

  15. Alpár, G., Batina, L., Verdult, R.: Using NFC phones for proving credentials. In: Schmitt, J.B. (ed.) Measurement, Modelling, and Evaluation of Computing Systems and Dependability and Fault Tolerance. LNCS, vol. 7201, pp. 317–330. Springer, Heidelberg (2012)

    CrossRef  Google Scholar 

  16. Google: Slicklogin

    Google Scholar 

  17. Preuveneers, D., Joosen, W.: Smartauth: dynamic context fingerprinting for continuous user authentication. In: Proceedings of the 30th Annual ACM Symposium on Applied Computing, SAC 2015, pp. 2185–2191. ACM, New York (2015)

    Google Scholar 

  18. Wang, H., Lymberopoulos, D., Liu, J.: Sensor-based user authentication. In: Abdelzaher, T., Pereira, N., Tovar, E. (eds.) EWSN 2015. LNCS, vol. 8965, pp. 168–185. Springer, Heidelberg (2015)

    Google Scholar 

  19. Mayrhofer, R., Gellersen, H.-W.: Shake well before use: authentication based on accelerometer data. In: LaMarca, A., Langheinrich, M., Truong, K.N. (eds.) Pervasive 2007. LNCS, vol. 4480, pp. 144–161. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  20. Chen, M., Fridrich, J., Goljan, M., Lukáš, J.: Determining image origin and integrity using sensor noise. IEEE Trans. Inf. Forensics Secur. 3(1), 74–90 (2008)

    CrossRef  Google Scholar 

  21. Bertini, F., Sharma, R., Iannì, A., Montesi, D.: Profile resolution across multilayer networks through smartphone camera fingerprint. In: Proceedings of the 19th International Database Engineering & Applications Symposium, pp. 23–32 (2015)

    Google Scholar 

  22. Chen, D., Mao, X., Qin, Z., Wang, W., Li, X.-Y., Qin, Z.: Wireless device authentication using acoustic hardware fingerprints. In: Wang, Y., Xiong, H., Argamon, S., Li, X.Y., Li, J.Z. (eds.) BigCom 2015. LNCS, vol. 9196, pp. 193–204. Springer, Heidelberg (2015)

    CrossRef  Google Scholar 

  23. Michalevsky, Y., Boneh, D., Nakibly, G.: Gyrophone: recognizing speech from gyroscope signals. In: Proc. 23rd USENIX Security Symposium (SEC 2014). USENIX Association (2014)

    Google Scholar 

  24. Fridman, L., Weber, S., Greenstadt, R., Kam, M.: Active authentication on mobile devices via stylometry, application usage, web browsing, and GPS location. CoRR abs/1503.08479 (2015)

    Google Scholar 

  25. Antal, M., Szabo, L.Z., Laszlo, I.: Keystroke dynamics on android platform. Procedia Technol. 19, 820–826 (2015). 8th International Conference Interdisciplinarity in Engineering, INTER-ENG 2014, Tirgu Mures, Romania, 9–10 October 2014

    CrossRef  Google Scholar 

  26. Li, F., Clarke, N.L., Papadaki, M., Dowland, P.: Active authentication for mobile devices utilising behaviour profiling. Int. J. Inf. Sec. 13(3), 229–244 (2014)

    CrossRef  Google Scholar 

  27. Shi, E., Niu, Y., Jakobsson, M., Chow, R.: Implicit authentication through learning user behavior. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 99–113. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

Download references

Acknowledgment

This research is partially funded by the Research Fund KU Leuven, and by the MediaTrust and TRU-BLISS projects funded by iMinds.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Tom Van Goethem .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Van Goethem, T., Scheepers, W., Preuveneers, D., Joosen, W. (2016). Accelerometer-Based Device Fingerprinting for Multi-factor Mobile Authentication. In: Caballero, J., Bodden, E., Athanasopoulos, E. (eds) Engineering Secure Software and Systems. ESSoS 2016. Lecture Notes in Computer Science(), vol 9639. Springer, Cham. https://doi.org/10.1007/978-3-319-30806-7_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-30806-7_7

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-30805-0

  • Online ISBN: 978-3-319-30806-7

  • eBook Packages: Computer ScienceComputer Science (R0)