research-article

SwipePass: Acoustic-based Second-factor User Authentication for Smartphones

Authors:

Yongliang Chen,

Tao GuAuthors Info & Claims

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, Volume 6, Issue 3

Article No.: 106, Pages 1 - 25

https://doi.org/10.1145/3550292

Published: 07 September 2022 Publication History

Abstract

Pattern lock-based authentication has been widely adopted in modern smartphones. However, this scheme relies essentially on passwords, making it vulnerable to various side-channel attacks such as the smudge attack and the shoulder-surfing attack. In this paper, we propose a second-factor authentication system named SwipePass, which authenticates a smartphone user by examining the distinct physiological and behavioral characteristics embedded in the user's pattern lock process. By emitting and receiving modulated audio using the built-in modules of the smartphone, SwipePass can sense the entire unlocking process and extract discriminative features to authenticate the user from the signal variations associated with hand dynamics. Moreover, to alleviate the burden of data collection in the user enrollment phase, we conduct an in-depth analysis of users' behaviors under different conditions and propose two augmentation techniques to significantly improve identification accuracy even when only a few training samples are available. Finally, we design a robust authentication model based on CNN-LSTM and One-Class SVM for user identification and spoofer detection. We implement SwipePass on three off-the-shelf smartphones and conduct extensive evaluations in different real-world scenarios. Experiments involving 36 participants show that SwipePass achieves an average identification accuracy of 96.8% while maintaining a false accept rate below 0.45% against various attacks.

Supplementary Material

chen (chen.zip)

Supplemental movie, appendix, image and software files for, SwipePass: Acoustic-based Second-factor User Authentication for Smartphones

Download
53.80 MB

References

[1]

2014. How to Fool a Fingerprint Security System As Easy As ABC. https://www.instructables.com/How-To-Fool-a-Fingerprint-Security-System-As-Easy-/.

[2]

2017. Galaxy S8 face recognition already defeated with a simple picture. https://arstechnica.com/gadgets/2017/03/video-shows-galaxy-s8-face-recognition-can-be-defeated-with-a-picture/.

[3]

Alibaba. 2022. Alipay. https://intl.alipay.com.

[4]

Julio Angulo and Erik Wästlund. 2011. Exploring touch-screen biometrics for user identification on smart phones. In Privacy and Identity Management for Life. Springer, 130--143.

[5]

Adam J Aviv, Katherine L Gibson, Evan Mossop, Matt Blaze, and Jonathan M Smith. 2010. Smudge attacks on smartphone touch screens. Woot 10 (2010), 1--7.

Digital Library

[6]

Chao Cai, Rong Zheng, and Jun Luo. 2022. Ubiquitous Acoustic Sensing on Commodity IoT Devices: A Survey. IEEE Communications Surveys & Tutorials (2022).

[7]

Huijie Chen, Fan Li, Wan Du, Song Yang, Matthew Conn, and Yu Wang. 2020. Listen to Your Fingers: User Authentication Based on Geometry Biometrics of Touch Gesture. ACM IMWUT 4, 3 (2020), 1--23.

[8]

Huangxun Chen, Wei Wang, Jin Zhang, and Qian Zhang. 2019. Echoface: Acoustic sensor-based media attack detection for face authentication. IEEE IoTJ 7, 3 (2019), 2152--2159.

[9]

Xiaoran Fan, Longfei Shangguan, Siddharth Rupavatharam, Yanyong Zhang, Jie Xiong, Yunfei Ma, and Richard Howard. 2021. HeadFi: bringing intelligence to all headphones. In ACM MobiCom. 147--159.

[10]

Google. 2022. Android Developers. https://developer.android.com/.

[11]

Rosa González Hautamäki, Tomi Kinnunen, Ville Hautamäki, Timo Leino, and Anne-Maria Laukkanen. 2013. I-vectors meet imitators: on vulnerability of speaker verification systems against voice mimicry. In Interspeech. 930--934.

[12]

Bettina Laugwitz, Theo Held, and Martin Schrepp. 2008. Construction and evaluation of a user experience questionnaire. In Symposium of the Austrian HCI and usability engineering group. Springer, 63--76.

Digital Library

[13]

Dong Li, Jialin Liu, Sunghoon Ivan Lee, and Jie Xiong. 2020. FM-track: pushing the limits of contactless multi-target tracking using acoustic signals. In Proceedings of the 18th Conference on Embedded Networked Sensor Systems. 150--163.

Digital Library

[14]

Chao-Liang Liu, Cheng-Jung Tsai, Ting-Yi Chang, Wang-Jui Tsai, and Po-Kai Zhong. 2015. Implementing multiple biometric features for a recall-based graphical keystroke dynamics authentication system on a smart phone. Journal of Network and Computer Applications 53 (2015), 128--139.

Digital Library

[15]

Chris Xiaoxuan Lu, Bowen Du, Hongkai Wen, Sen Wang, Andrew Markham, Ivan Martinovic, Yiran Shen, and Niki Trigoni. 2018. Snoopy: Sniffing your smartwatch passwords via deep sequence learning. ACM IMWUT 1, 4 (2018), 1--29.

[16]

Li Lu, Jiadi Yu, Yingying Chen, Hongbo Liu, Yanmin Zhu, Yunfei Liu, and Minglu Li. 2018. Lippass: Lip reading-based user authentication on smartphones leveraging acoustic signals. In IEEE INFOCOM. IEEE, 1466--1474.

[17]

Li Lu, Jiadi Yu, Yingying Chen, and Yan Wang. 2020. Vocallock: Sensing vocal tract for passphrase-independent user authentication leveraging acoustic signals on smartphones. ACM IMWUT 4, 2 (2020), 1--24.

[18]

Rajalakshmi Nandakumar, Vikram Iyer, Desney Tan, and Shyamnath Gollakota. 2016. Fingerio: Using active sonar for fine-grained finger tracking. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems. 1515--1525.

Digital Library

[19]

Adam Paszke, Sam Gross, Soumith Chintala, Gregory Chanan, Edward Yang, Zachary DeVito, Zeming Lin, Alban Desmaison, Luca Antiga, and Adam Lerer. 2017. Automatic differentiation in pytorch. (2017).

[20]

Fabian Pedregosa, Gaël Varoquaux, Alexandre Gramfort, Vincent Michel, Bertrand Thirion, Olivier Grisel, Mathieu Blondel, Peter Prettenhofer, Ron Weiss, Vincent Dubourg, et al. 2011. Scikit-learn: Machine learning in Python. the Journal of machine Learning research 12 (2011), 2825--2830.

[21]

Google Play. 2022. AppLock. https://play.google.com/store/apps/details?id=com.sp.protector.free&hl=en&gl=US.

[22]

Aditya Singh Rathore, Weijin Zhu, Afee Daiyan, Chenhan Xu, Kun Wang, Feng Lin, Kui Ren, and Wenyao Xu. 2020. Sonicprint: a generally adoptable and secure fingerprint biometrics in smart devices. In ACM MobiSys. 121--134.

[23]

Wenjie Ruan, Quan Z Sheng, Lei Yang, Tao Gu, Peipei Xu, and Longfei Shangguan. 2016. AudioGest: enabling fine-grained hand gesture detection by decoding echo signal. In ACM UbiComp. 474--485.

[24]

Raul Sanchez-Reillo, Carmen Sanchez-Avila, and Ana Gonzalez-Marcos. 2000. Biometric identification through hand geometry measurements. IEEE TPAMI 22, 10 (2000), 1168--1171.

Digital Library

[25]

Stefan Schneegass, Youssef Oualil, and Andreas Bulling. 2016. SkullConduct: Biometric user identification on eyewear computers using bone conduction through the skull. In ACM CHI. 1379--1384.

[26]

Cong Shi, Jian Liu, Hongbo Liu, and Yingying Chen. 2017. Smart user authentication through actuation of daily activities leveraging WiFi-enabled IoT. In ACM MobiHoc. 1--10.

[27]

Dai Shi, Dan Tao, Jiangtao Wang, Muyan Yao, Zhibo Wang, Houjin Chen, and Sumi Helal. 2021. Fine-Grained and Context-Aware Behavioral Biometrics for Pattern Lock on Smartphones. ACM IMWUT 5, 1 (2021), 1--30.

[28]

Xingzhe Song, Boyuan Yang, Ge Yang, Ruirong Chen, Erick Forno, Wei Chen, and Wei Gao. 2020. SpiroSonic: monitoring human lung function via acoustic sensing on commodity smartphones. In ACM MobiCom. 1--14.

[29]

Yunpeng Song, Zhongmin Cai, and Zhi-Li Zhang. 2017. Multi-touch authentication using hand geometry and behavioral information. In IEEE S&P. IEEE, 357--372.

[30]

Youngbae Song, Geumhwan Cho, Seongyeol Oh, Hyoungshick Kim, and Jun Ho Huh. 2015. On the effectiveness of pattern lock strength meters: Measuring the strength of real world pattern locks. In ACM CHI. 2343--2352.

[31]

Statcounter. 2022. Mobile Operating System Market Share Worldwide. https://gs.statcounter.com/os-market-share/mobile/worldwide.

[32]

Statista. 2022. Share of active phones with enabled biometrics in North America, Western Europe & Asia Pacific from 2016 to 2020. https://www.statista.com/statistics/1226088/north-america-western-europe-biometric-enabled-phones/.

[33]

Ke Sun, Ting Zhao, Wei Wang, and Lei Xie. 2018. Vskin: Sensing touch gestures on surfaces of mobile devices using acoustic signals. In ACM MobiCom. 591--605.

Digital Library

[34]

Tencent. 2022. WeChat. https://www.wechat.com.

[35]

David Tse and Pramod Viswanath. 2005. Fundamentals of wireless communication. Cambridge university press.

[36]

Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, and Thorsten Holz. 2013. Quantifying the security of graphical passwords: The case of android unlock patterns. In ACM CCS. 161--172.

[37]

Haoran Wan, Shuyu Shi, Wenyu Cao, Wei Wang, and Guihai Chen. 2021. RespTracker: Multi-user Room-scale Respiration Tracking with Commercial Acoustic Devices. In IEEE INFOCOM. IEEE.

[38]

Yanwen Wang, Jiaxing Shen, and Yuanqing Zheng. 2020. Push the Limit of Acoustic Gesture Recognition. IEEE TMC (2020).

Digital Library

[39]

Weitao Xu, Zhenjiang Li, Wanli Xue, Xiaotong Yu, Bo Wei, Jia Wang, Chengwen Luo, Wei Li, and Albert Y Zomaya. 2021. InaudibleKey: Generic Inaudible Acoustic Signal based Key Agreement Protocol for Mobile Devices. In ACM IPSN. 106--118.

[40]

Weitao Xu, Yiran Shen, Chengwen Luo, Jianqiang Li, Wei Li, and Albert Y Zomaya. 2020. Gait-Watch: A Gait-based context-aware authentication system for smart watch via sparse coding. Ad Hoc Networks 107 (2020), 102218.

[41]

Weitao Xu, Yiran Shen, Yongtuo Zhang, Neil Bergmann, and Wen Hu. 2017. Gait-watch: A context-aware authentication system for smart watch based on gait recognition. In IoTDI. 59--70.

Digital Library

[42]

Guixin Ye, Zhanyong Tang, Dingyi Fang, Xiaojiang Chen, Kwang In Kim, Ben Taylor, and Zheng Wang. 2017. Cracking Android pattern lock in five attempts. In NDSS. Internet Society.

[43]

Fusang Zhang, Zhi Wang, Beihong Jin, Jie Xiong, and Daqing Zhang. 2020. Your Smart Speaker Can" Hear" Your Heartbeat! ACM IMWUT 4, 4 (2020), 1--24.

[44]

Jie Zhang, Xiaolong Zheng, Zhanyong Tang, Tianzhang Xing, Xiaojiang Chen, Dingyi Fang, Rong Li, Xiaoqing Gong, and Feng Chen. 2016. Privacy leakage in mobile sensing: Your unlock passwords can be leaked through wireless hotspot functionality. Mobile Information Systems 2 (2016).

[45]

Xinchen Zhang, Yafeng Yin, Lei Xie, Hao Zhang, Zefan Ge, and Sanglu Lu. 2020. TouchID: User Authentication on Mobile Devices via Inertial-Touch Gesture Analysis. ACM IMWUT 4, 4 (2020), 1--29.

[46]

Bing Zhou, Jay Lohokare, Ruipeng Gao, and Fan Ye. 2018. EchoPrint: Two-factor authentication using acoustics and vision on smartphones. In ACM MobiCom. 321--336.

[47]

Man Zhou, Qian Wang, Jingxiao Yang, Qi Li, Feng Xiao, Zhibo Wang, and Xiaofeng Chen. 2018. Patternlistener: Cracking android pattern lock using acoustic signals. In ACM CCS. 1775--1787.

Digital Library

Cited By

Cao YDhekne AAmmar M(2024)SigningRing: Signature-based Authentication using Inertial Sensors on a Ring Form-factorProceedings of the Workshop on Body-Centric Computing Systems10.1145/3662009.3662019(11-16)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3662009.3662019
Gupta CSridhar SMatthies DJouffrais CNanayakkara S(2024)SonicVista: Towards Creating Awareness of Distant Scenes through SonificationProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36596098:2(1-32)Online publication date: 15-May-2024
https://dl.acm.org/doi/10.1145/3659609
Ni TOkoshi TKo JLiKamWa R(2024)Sensor Security in Virtual Reality: Exploration and MitigationProceedings of the 22nd Annual International Conference on Mobile Systems, Applications and Services10.1145/3643832.3661389(758-759)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3643832.3661389
Show More Cited By

Index Terms

SwipePass: Acoustic-based Second-factor User Authentication for Smartphones
1. Human-centered computing
  1. Ubiquitous and mobile computing

Recommendations

An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide Web

With the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
Read More
A Measurement-based Study on Application Popularity in Android and iOS App Stores
Mobidata '15: Proceedings of the 2015 Workshop on Mobile Big Data

Mobile application stores (appstores) are emerging digital distribution platforms with explosive growth. Although there have been some observations on the mobile application (app) popularity in Android appstores, there is no report on the app popularity ...
Read More
RubyMotion iOS Development Essentials
Read More

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies Volume 6, Issue 3

September 2022

1612 pages

EISSN:2474-9567

DOI:10.1145/3563014

Issue’s Table of Contents

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 September 2022

Published in IMWUT Volume 6, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tag

User authentication, Acoustic sensing, Smartphone, Deep learning

Qualifiers

Research-article
Research
Refereed

Funding Sources

Changsha International and Regional Science and Technology Cooperation Program
National Natural Science Foundation of China
Shenzhen Science and Technology Funding Fundamental Research Program
Natural Science Foundation of Shandong Province
Research Grants Council of the Hong Kong Special Administrative Region, China
City University of Hong Kong
Chow Sang Sang Holdings International Limited

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
723
Total Downloads

Downloads (Last 12 months)194
Downloads (Last 6 weeks)10

Other Metrics

View Author Metrics

Citations

Cited By

Cao YDhekne AAmmar M(2024)SigningRing: Signature-based Authentication using Inertial Sensors on a Ring Form-factorProceedings of the Workshop on Body-Centric Computing Systems10.1145/3662009.3662019(11-16)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3662009.3662019
Gupta CSridhar SMatthies DJouffrais CNanayakkara S(2024)SonicVista: Towards Creating Awareness of Distant Scenes through SonificationProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36596098:2(1-32)Online publication date: 15-May-2024
https://dl.acm.org/doi/10.1145/3659609
Ni TOkoshi TKo JLiKamWa R(2024)Sensor Security in Virtual Reality: Exploration and MitigationProceedings of the 22nd Annual International Conference on Mobile Systems, Applications and Services10.1145/3643832.3661389(758-759)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3643832.3661389
Xu ZLiu TJiang RHu PGuo ZLiu C(2024)AFaceProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36435108:1(1-33)Online publication date: 6-Mar-2024
https://dl.acm.org/doi/10.1145/3643510
Kaur JDas S(2024)RSPP: Restricted Static Pseudo-Partitioning for Mitigation of Cross-Core Covert Channel AttacksACM Transactions on Design Automation of Electronic Systems10.1145/363722229:2(1-22)Online publication date: 15-Jan-2024
https://dl.acm.org/doi/10.1145/3637222
Stray JHalevy AAssar PHadfield-Menell DBoutilier CAshar ABakalar CBeattie LEkstrand MLeibowicz CMoon Sehat CJohansen SKerlin LVickrey DSingh SVrijenhoek SZhang AAndrus MHelberger NProutskova PMitra TVasan N(2024)Building Human Values into Recommender Systems: An Interdisciplinary SynthesisACM Transactions on Recommender Systems10.1145/36322972:3(1-57)Online publication date: 5-Jun-2024
https://dl.acm.org/doi/10.1145/3632297
Zhang TZhang DWang GLi YHu Ysun QChen Y(2024)RLocProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36314377:4(1-28)Online publication date: 12-Jan-2024
https://dl.acm.org/doi/10.1145/3631437
Han MYang HNi TDuan DRuan MChen YZhang JXu W(2024)mmSign: mmWave-based Few-Shot Online Handwritten Signature VerificationACM Transactions on Sensor Networks10.1145/360594520:4(1-31)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3605945
Zhou MZhou YSu SWang QLi QHu SYu CLi Z(2024)FingerPattern: Securing Pattern Lock via Fingerprint-Dependent Friction SoundIEEE Transactions on Mobile Computing10.1109/TMC.2023.333814823:6(7210-7224)Online publication date: Jun-2024
https://doi.org/10.1109/TMC.2023.3338148
Li YLiu LDeng SQin HEl-Yacoubi MZhou G(2024)Memory-Augmented Autoencoder Based Continuous Authentication on Smartphones With Conditional Transformer GANsIEEE Transactions on Mobile Computing10.1109/TMC.2023.329083423:5(4467-4482)Online publication date: May-2024
https://doi.org/10.1109/TMC.2023.3290834
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents