| As smartphones have become more and more powerful,large numbers of apps involving property security and personal privacy have been widely used.Thus,smartphones need secure authentication mechanisms for identity verification during device unlocking and sensitive function execution.Although existing mechanisms can prevent unauthorized access to smartphones,attackers still aim to steal,copy,and forge authentication credentials to bypass the authentication.Recently,acoustic sensing with smartphones has attracted wide attention due to its high availability and strong antiinterference ability.This thesis studies the application of acoustic sensing in the attack of pattern lock,the security enhancement of PIN authentication,and the liveness detection of face authentication.This study can further improve the security of smartphones' authentication mechanisms under increasing threats.First,to address the concerns that existing works on cracking pattern lock are not robust and stealthy,this thesis proposes a finger tracking-based pattern lock attack scheme via acoustic sensing.We propose the coherent detection and dynamic/static interference elimination algorithms to remove multipath interference and environmental noise effectively.Based on the geometric characteristics of the unlock pattern,we further propose a signal segmentation algorithm based on turning point recognition and a multitree structure-based unlock pattern inference algorithm.This attack does not require the adversary to approach target phones physically and can infer the pattern locks of a large number of users at the same time.Thus,it is imperceptible and can efficiently crack the pattern lock with high success rates.Then,to address the concerns that the traditional PIN authentication is susceptible to shoulder surfing attacks,this thesis proposes a pressure sensing-based PIN enhancement scheme using structure-borne sounds.We design a parameter calibration method based on position coordinates,which reduces the cost of parameter initialization for different keys.When the user presses the keys on the smartphone's screen,structure-borne sounds will be degraded.The pressure curve is initially obtained by calculating the degradation rate for each key.We further propose the pressure code extraction algorithm to identify different pressure states.This solution gets rid of the hardware dependence on the pressure-sensitive touch screen and can be applied to existing smartphones,which improves the security of PIN authentication greatly.Finally,to address the concerns that existing face liveness detection methods cannot resist3 D dynamic attacks,this thesis proposes a lip motion-based face liveness detection scheme via acoustic sensing.We utilize randomly generated acoustic signals to capture the user's unique lip motion patterns in real-time,which ensures the face authentication cannot be bypassed or manipulated.We propose a series of signal robustness enhancement algorithms to sense the subtle lip motions accurately in different authentication ranges.This solution only uses the smartphone's speaker,microphone,and front-facing camera to defend against various attacks including 3D dynamic attacks,and provides a strong security guarantee for face authentication on smartphones. |
PDF Full Text Request