Multi-factor Authentication Protocol Based on Hardware Fingerprint and Biometrics

doi:10.3969/j.issn.1671-1122.2020.08.002

Abstract

Abstract:

This paper proposes a multi-factor authentication protocol for short-range communication between smart devices. It can prevent the common attacks, such as smartphone lost attack, man-in-the-middle attack, replay attack, by combining the user’s account key as a knowledge factor, the smart device speaker hardware fingerprint as a ownership factor, and the user’s facial information as a biological information factor. This protocol proposes is suitable for no extra hardware short-range communication methods. This paper uses the high-security features of audio channel to continuously authentication while authentication side received data signals. Security analysis and experiments prove that the protocol has high application value in high security scenario, such as smart home, mobile payment, and contactless access control.

Key words: multi-factor authentication, hardware fingerprint, biometrics, short-range communication security

CLC Number:

TP309

ZHANG Xiao, LIU Jiqiang. Multi-factor Authentication Protocol Based on Hardware Fingerprint and Biometrics[J]. Netinfo Security, 2020, 20(8): 9-15.

Figures/Tables 6

References 20

[1]	DENSO WAVE. What is a QR Code[EB/OL]. https://www.qrcode.com/en/about/, 2020-1-11.
[2]	YUAN Wenjia, DANA K, ASHOK A, et al. Dynamic and Invisible Messaging for Visual MIMO[C]// IEEE. 2012 IEEE Workshop on the Applications of Computer Vision(WACV), January 9-11, 2012, Breckenridge, CO, USA. New Jersey: IEEE, 2012: 345-352.
[3]	NANDAKUMAR R, CHINTALAPUDI K K, PADMANABHAN V, et al. Dhwani: Secure Peer-to-Peer Acoustic NFC[J]. ACM SIGCOMM Computer Communication Review, 2013,43(4):63-74. doi: 10.1145/2534169.2486037 URL
[4]	LAMPORT L. Password Authentication with Insecure Communication[J]. Communications of the ACM, 1981,24(11):770-772.
[5]	GUNSON N, MARSHALL D, MORTON H, et al. User Perceptions of Security and Usability of Single-factor and Two-factor Authentication in Automated Telephone Banking[J]. Computers & Security, 2011,30(4):208-220.
[6]	NIMMY K, SANKARAN S, ACHUTHAN K. A Novel Multi-factor Authentication Protocol for Smart Home Environments[C]// Springer. International Conference on Information Systems Security, ICISS 2018, December 17-19, 2018, Bengaluru, India. New York: Springer, 2018: 44-63.
[7]	FERNANDES E, JUNG J, PRAKASH A. Security Analysis of Emerging Smart Home Applications[C]// IEEE. 2016 IEEE Symposium on Security and Privacy(SP), May 23-25, 2016, FAIRMONT, SAN JOSE, CA. New Jersey: IEEE, 2016: 636-654.
[8]	WANG Anran, LI Zhuoran, PENG Chunyi, et al. InFrame++ Achieve Simultaneous Screen-Human Viewing and Hidden Screen-Camera Communication[C]// SIGMOBILE. The 13th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys’15, May 18-22, 2015, Florence, Italy. New York: Association for Computing Machinery, 2015: 181-195.
[9]	ZHANG Xiao, LIU Jiqiang, CHEN Si, et al. PriWhisper+: An Enhanced Acoustic Short-range Communication System for Smartphones[J]. IEEE Internet of Things Journal, 2018,6(1):614-627.
[10]	YU Yi, HE Jingsha, ZHU Nafei, et al. A New Method for Identity Authentication Using Mobile Terminals[EB/OL]. https://doi.org/10.1007/978-3-030-22277-2_31, 2020-1-1.
[11]	SARKAR A, SINGH B K. A Novel Session Key Generation and Secure Communication Establishment Protocol Using Fingerprint Biometrics[M]. Switzerland: Springer, Cham, 2020.
[12]	SUN Jianguo, ZHONG Qi, KOU Liang, et al. A Lightweight Multi-factor Mobile User Authentication Scheme[C]// IEEE. INFOCOM 2018-IEEE Conference on Computer Communications Workshops(INFOCOM WKSHPS), April 15-19, 2018, Honolulu, HI, USA. New Jersey: IEEE, 2018: 831-836.
[13]	BHUVANESWARI M, PARAMASIVAN B, ALDABBAS H. A Two-Level Authentication Protocol for Vehicular Adhoc Networks[C]// Springer. Intelligent Computing Paradigm and Cutting-edge Technologies: Proceedings of the First International Conference on Innovative Computing and Cutting-edge Technologies(ICICCT 2019), April 29-30, 2019, Namakkal, Tamil Nadu, India. New York: Springer, 2019: 139-147.
[14]	CHALLA S, DAS A K, ODELU V, et al. An Efficient ECC-based Provably Secure Three-factor User Authentication and Key Agreement Protocol for Wireless Healthcare Sensor Networks[EB/OL]. http://www.socolar.com/Article/Index?aid=100056319114&jid=100000003579, 2020-2-10.
[15]	CAPROLU M, SCIANCALEPORE S, DI PIETRO R, Short-range Audio Channels Security: Survey of Mechanisms, Applications,Research Challenges[EB/OL]. https://arxiv.org/abs/2001.02877, 2020-2-10.
[16]	BA Zhongjie, QIN Zhan, FU Xinwen, et al. CIM: Camera in Motion for Smartphone Authentication[J]. IEEE Transactions on Information Forensics and Security, 2019,14(11):2987-3002.
[17]	CHEN Dajiang, ZHANG Ning, QIN Zhiguang, et al. S2M: A Lightweight Acoustic Fingerprints-based Wireless Device Authentication Protocol[J]. IEEE Internet of Things Journal, 2016,4(1):88-100.
[18]	PALANISWAMY B, CAMTEPE S, FOO E, et al. Continuous Authentication for VANET[EB/OL]. https://doi.org/10.1016/j.vehcom.2020.100255, Vehicular Communications, 2020-4-16.
[19]	FENG Huan, FAWAZ K, SHIN K G. Continuous Authentication for Voice Assistants[C]// ACM. 23rd Annual International Conference on Mobile Computing and Networking, October 16-20, 2017, Snowbird, Utah, USA. New York: ACM, 2017: 343-355.
[20]	BURROWS M, ABADI M, NEEDHAM R M. A Logic of Authentication[J]. ACM Transactions on Computer System, 1990,8(1):18-36.

符号	含义
${{R}_{k}}$	密钥随机数
${{R}_{t}}$	时间戳随机数
$I{{D}_{u}}$	用户账号
${{P}_{{}}}$	用户设定的密码
${{F}_{f}}$	用户面部特征
${{F}_{h}}$	扬声器硬件指纹
${{A}_{i}}$	第i次声音信号
$D$	硬件指纹学习音频

	S2M^[17]	ABC^[16]	SUN^[12]	本文协议
抗窃听攻击	Yes	Yes	Yes	Yes
抗重放攻击	No	Yes	Yes	Yes
抗设备被盗攻击	No	No	Yes	Yes
抗中间人攻击	Yes	Yes	No	Yes
抗密码猜测攻击	Yes	Yes	Yes	Yes
抗伪造攻击	No	Yes	Yes	Yes
持续认证	No	No	No	Yes
基于信道特点优化	Yes	Yes	No	Yes