Robust smartphone fingerprint by mixing device sensors features for mobile strong authentication

In the next coming years, many of our basic activities such as reading an e-mail, checking our bank account, buying on-line, etc., will be performed by using a smartphone in a mobile environment. It is quite obvious that the degree of security granted by a classic username-password access is not sufficient and that a stronger level of safeness is required. However, usually adopted additional instruments such as smart cards, USB sticks and OTP generators are not always available or usable in mobility. In this paper a possible solution which envisages the use of the user’s own smartphone as a mean to grant a safer and easy mobile access is presented. The objective is to introduce a novel methodology to obtain a robust smartphone fingerprint by opportunely combining different intrinsic characteristics of each sensor. Modern mobile phones, in fact, have several kinds of sensors such as accelerometer, gyroscope, magnetometer, microphone and camera; such sensors can be used to uniquely identify each phone by measuring the specific anomalies left onto the signals they acquire. Satisfactory results have been obtained when the sensors are used in combination, especially accelerometer and digital camera, achieving a significant level of smartphone distinctiveness. Introduction Nowadays, and probably always more in the next coming years, many of our basic activities such as reading an e-mail, checking our bank account, buying on-line, etc., are performed by using a smartphone to access our personal accounts in a mobile environment. Generally, our actual degree of security is granted by the classic username and password access (something that the user knows). When a stronger level of safeness is required, additional instruments are usually adopted such as smart cards, USB sticks, OTP generators and so on (something that the user has got) in a two-factor authentication protocol [1]. Anyway, such means are not always available (must be carried around by the user at all times) or usable (they are not pluggable in a mobile device easily); so the need of a superior degree of security often conflicts with feasibility and usability. A possible solution could envisage the use of the user’s own smartphone and its intrinsic characteristics as a mean to grant a safer mobile access by reducing the end-user involvement. The basic idea is to investigate and understand if it is possible to generate a specific fingerprint that allows to distinctively and reliably characterize each smartphone so to be used as a univocal security component when a strong authentication is needed. As a matter of fact, modern mobile phones are equipped with several kinds of sensors such as accelerometer, gyroscope, magnetometer, camera, etc. These sensors are characterized by peculiar anomalies left onto the acquired signals due to the imperfections generated during the manufacturing process [2]. Therefore, it is possible to measure these anomalies and exploit them as an asset for uniquely identifying each phone. The objective of this work is to present a methodology to obtain a robust smartphone fingerprint by opportunely combining different sensor fingerprints. The proposed methodology to create the smartphone fingerprint is firstly based on the individuation and definition of a set of distinctive features for each sensor; in our experiments we considered the accelerometer, the gyroscope and the camera. For the accelerometer and the gyroscope we considered two subsets of features both in the temporal and in the spectral domain, calculated onto the output data (x, y, z) acquired by each sensor [3, 4]. Concerning the camera, we computed spatial features derived from the 2D photo response non-uniformity (PRNU) noise [5, 6, 7], extracted from the R, G, B channels. All these features, organized in a vector, constitute the fingerprint of each device. According to these fingerprints, a classifier has been trained and some experimental tests to evaluate detection performances of the method have been carried out. Also different sub-combinations of the sensors have been considered in creating the fingerprint (e.g., only the accelerometer, accelerometer and the camera, accelerometer and gyroscope, etc.) to better understand which was the impact of each sensor on distinctiveness. Moreover, to decrease computational complexity, we investigated the possibility of reducing fingerprint size through hashing operations typically used for PRNU [8, 9, 10]. Furthermore, diverse operative conditions have to be analyzed: smartphone position (handheld or posed on a table of different materials), vibration on/off, with or without a cover and so on. Sensors overview Most smartphone devices, besides the photo-camera sensor, have built-in sensors that measure motion, orientation and various environmental conditions. These sensors are capable of providing raw data and are useful if you want to monitor three-dimensional device movement or positioning, or you want to monitor changes in the environment near a device. In general, both Android and iOS platforms, support three categories of sensors: motion sen©2016 Society for Imaging Science and Technology DOI: 10.2352/ISSN.2470-1173.2016.8.MWSF-088 IS&T International Symposium on Electronic Imaging 2016 Media Watermarking, Security, and Forensics 2016 MWSF-088.1 sors, environmental sensors and position sensors. The first kind of sensors measures acceleration forces and rotational forces along three axes. This category includes accelerometer, gravity sensor, gyroscope and rotational vector sensor. The environmental sensors measure various parameters, such as ambient temperature and pressure, illumination and humidity. This category includes barometer, photometer and thermometer. The last kind of sensors measure the physical position of a device. This category includes orientation sensor, GPS and magnetometer. Some of these sensors are hardware-based and some are software-based. Hardwarebased sensors are physical components built into a smartphone or a tablet device. They derive their data by directly measuring specific environmental properties, such as acceleration, geomagnetic field strength or angular change. With regard to iOS platform many sensors are implemented such as TouchID, barometer, magnetometer, gyroscope, accelerometer, illumination and proximity. Regarding Android-powered devices, few of them have every type of sensor; for example, most handset devices and tablets have an accelerometer, a gyroscope and a magnetometer, but fewer devices have barometer or thermometer. On the other side, regarding operative system, all the sensors are supported by Android 4.0 and beyond (see Figure 1). Figure 1. Sensors vs Android versions.