Research On User Authentication And Secrue Device Pairing Technology Based On Smartphone

With the development of technology,smart phones have become popular and become portable carriers for people.Compared with traditional devices,smart phones are equipped with many sensors.By using these sensors,the smart phones can obtain the ambient context information(e.g.sound,light,WiFi),the user's behavior information(touch,shake,tap),etc.Since much of these information are unique and their acquisition can be accomplished automatically,this paper focuses on identity authentication and secure device pairing technology based on based on smart phone.For this research,we hope to improve the usability of traditional identity authentication technology and security device pairing technology.The main work of this paper is as follows:(1)A low interaction multi-factor authentication system based on context awarenessAiming at the usability problem faced by traditional mobile two-factor system,this paper proposes a low interaction multi-factor authentication system based on context awareness.In this system,if the user uses a computer browser to log in to his online account,besides password authentication,the server will compare the similarity of WiFi information collected by the logging devices and the user' phone to determine the login attempt is legitimate or fraudulent.If the user uses a phone browser to log in to his online account,besides password authentication,the server will compare whether the device fingerprints collected by the login device and the user' phone is the same to the login attempt is legitimate or fraudulent.The purpose of the WiFi comparison is to determine whether the login device and the user's mobile phone are proximate.The purpose of the device fingerprint comparison is to determine whether the login device and the user's mobile phone are the same device.During the authentication,WiFi comparison and device fingerprint comparison are transparent to the user.The only thing the user does is click the button in the phone app to establish the connection between the phone app and the server.Experimental results show that the average authentication time is less than 5 seconds after the user clicks the app button,and equal error rate is just 0.0172.(2)A low interactive two-factor authentication system to prevent password guessingAiming at the problem of password leakage from the database,this paper proposes a low interactive two-factor authentication system to prevent password guessing.In this system,the server stores the salted password hashing,and the user's phone stores the corresponding salt.In the authentication phase,the server will inform the computer and the phone app to collect ambient WiFi when it receives username and password from the browser.After finishing collection,the browser directly sends collected results to the server,but the phone app locks the salt in the vault with the collected WiFi and sends the vault to the server.Finally the server extracts the salt from the vault by using WiFi information from the browser.And then it checks whether the salted password hashing is correct to determine the validity of login attempts.During the above authentication process,users only need to press the confirm button on the phone app besides enter the usernames and passwords in the browser.Security analysis shows that the system can resist the identity fraud attack caused attackers who have obtained the victim's password.Moreover,it can also resist password guessing attack caused by attackers who have not obtained the victim's password.(3)Implicit re-authentication method based on touch screen behaviorConsidering the problem of low accuracy in authentication of current touch behavior authentication methods,we explore the RUSBoost algorithm authentication method for touch behavior authentication in this paper.Experimental results on public dataset show that compared with the traditional classification algorithms such as SVM,KNN,and decision trees,the RUSBoost classification algorithm can effectively reduce the error rate of touch authentication.In order to further reduce the error rate of touch authentication,we also do research on the method of feature-level fusion and decision-level fusion for authentication.Experimental results show that with the increase of data,the method of decision-making fusion is better.In order to reduce the amount of power consumed during re-authentication,we give a scheduling algorithm based on elastic time.Experimental results show that the method can save energy without reducing the safety of the touch behavior authentication method.(4)A secure device pairing method based on ambient sound and lightAiming at the problem that the traditional security device pairing method cannot be used to establish a secure pairing between a smartphone and a device lacking an explicit external interface,this paper propose a secure device pairing method based on ambient sound and light.In this method,manual authentication are replaced by the automatic comparison of ambient sound and light.As a result users do not need to interact with devices that lack explicit external interfaces during the pairing.The purpose of selecting sound and light is that sound is sensitive to time and light is sensitive to time,so they can prevent attackers replaying old contextual information and collecting similar contextual information.The experimental and security analysis results prove the effectiveness of our scheme.