Skip to main content

Advertisement

SpringerLink
Log in

User-Silicon Entangled Mobile Identity Authentication

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

We explore mobile device touchscreen characteristics to build a user-device (UD) biometric physical unclonable function (PUF). Human user touchscreen interaction induces dynamic capacitive differences. Sensors detect current differences which are a function of both (1) a human biometric of how a shape is traced and (2) silicon foundry process transistor-level variability embedded in the touchscreen grid. This forms a physical function with input x defining a shape and output y abstracted from the measured current value stream. We argue and establish that this physical function has PUF attributes. Moreover, it provides a robust user-device biometric-based authentication mechanism. Authentication is based on geometric shapes (challenges) drawn on the touchscreen. Users trace them. The authentication layer creates a response abstract, and validates it against a user profile. Authentication accuracy is affected by the complexity of geometric shapes as well as the validation algorithm. We consider polyline shapes (simple gestures) and complex closed geometric shapes (complex gestures). Complex gestures offer higher response entropy, but are computationally less efficient with a slightly lower validation accuracy. Complex gestures achieve 99.6% accuracy compared with 100% for simple gestures. User profiles exhibit physical unclonable function (PUF) properties. Touchscreen gestures are quantized into binary strings. Gesture hamming distance is 60+ bits for 128-bit strings for different user-device profiles; it is 0 bits for the same profile. This demonstrates variability and reproducibility respectively. Montreal TestU01 tests binary string pseudorandom characteristics; the majority of tests pass showing pseudorandom number generator (PRG) characteristics.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. (2002) FIPS-180-2: Secure Hash Standard. National Institute of Standards and Technology (NIST), available online at http://www.itl.nist.gov/fipspubs/

  2. Aysu A, Ghalaty NF, Franklin Z, Yali MP, Schaumont P (2013) Digital fingerprints for low-cost platforms using MEMS sensors. In: Proceedings of the Workshop on Embedded Systems Security, ACM, New York, NY, USA, WESS ’13, pp 2:1–2:6. https://doi.org/10.1145/2527317.2527319

  3. Baldini G, Steri G (2017) A survey of techniques for the identification of mobile phones using the physical fingerprints of the built-in components. IEEE Communications Surveys & Tutorials 19(3):1761–1789

    Article  Google Scholar 

  4. Bojinov H, Michalevsky Y, Nakibly G, Boneh D (2014) Mobile device identification via sensor fingerprinting. arXiv:14081416

  5. Clark GD, Lindqvist J (2015) Engineering gesture-based authentication systems. IEEE Pervasive Computing 14(1):18–25

    Article  Google Scholar 

  6. Devadas S (2009) Physical unclonable functions and secure processors. In: Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems. https://doi.org/10.1007/978-3-642-04138-9_5. Springer, Berlin, CHES ’09, pp 65–65

  7. Dey S, Roy N, Xu W, Nelakuditi S (2013) ACM hotmobile 2013 poster: leveraging imperfections of sensors for fingerprinting smartphones. SIGMOBILE Mob Comput Commun Rev 17(3):21–22. https://doi.org/10.1145/2542095.2542107

    Article  Google Scholar 

  8. Feng T, Liu Z, Kwon KA, Shi W, Carbunar B, Jiang Y, Nguyen NK (2012) Continuous mobile authentication using touchscreen gestures. In: 2012 IEEE Conference on Technologies for Homeland Security (HST). IEEE, pp 451–456

  9. Gassend B, Clarke D, van Dijk M, Devadas S (2002) Controlled physical random functions. In: Proceedings of the 18th Annual Computer Security Applications Conference, IEEE Computer Society, Washington, DC, USA, ACSAC ’02, pp 149–. http://dl.acm.org/citation.cfm?id=784592.784802

  10. Gassend B, Clarke D, van Dijk M, Devadas S (2002) Silicon physical random functions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, ACM, New York, NY, USA, CCS ’02, pp 148–160. https://doi.org/10.1145/586110.586132

  11. Guajardo J, Kumar SS, Schrijen GJ, Tuyls P (2007) FPGA intrinsic PUFs and their use for IP protection. In: Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems. CHES ’07, pp 63–80. https://doi.org/10.1007/978-3-540-74735-2_5. Springer, Berlin

  12. James G, Witten D, Hastie T, Tibshirani R (2013) An introduction to statistical learning, vol 6. Springer, Berlin

    Book  Google Scholar 

  13. Katzenbeisser S, Kocabaş U, Rožić V, Sadeghi AR, Verbauwhede I, Wachsmann C (2012) Pufs: myth, fact or busted? A security evaluation of physically unclonable functions (PUFs) cast in silicon. In: Proceedings of the 14th International Conference on Cryptographic Hardware and Embedded Systems. CHES’12, pp 283–301. https://doi.org/10.1007/978-3-642-33027-8_17. Springer, Berlin

  14. L’Ecuyur P, Simard R (2007) TestU01: AC library for empirical testing of random number generators. ACM Trans Math Softw 33(4):22–40

    MATH  Google Scholar 

  15. Liu J, Zhong L, Wickramasuriya J, Vasudevan V (2009) uWave: accelerometer-based personalized gesture recognition and its applications. Pervasive Mob Comput 5(6):657–675. https://doi.org/10.1016/j.pmcj.2009.07.007

    Article  Google Scholar 

  16. Meng Y, Wong DS, Schlegel R, et al. (2012) Touch gestures based biometric authentication scheme for touchscreen mobile phones. In: International Conference on Information Security and Cryptology. Springer, Berlin, pp 331–350

  17. Merli D, Sigl G, Eckert C (2013) Identities for embedded systems enabled by physical unclonable functions. In: Fischlin M, Katzenbeisser S (eds) Number theory and cryptography, lecture notes in computer science. https://doi.org/10.1007/978-3-642-42001-6_10, vol 8260. Springer, Berlin, pp 125–138

  18. Rührmair U, Sehnke F, Sölter J, Dror G, Devadas S, Schmidhuber J (2010) Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, ACM, New York, NY, USA, CCS ’10, pp 237–249. https://doi.org/10.1145/1866307.1866335

  19. Sae-Bae N, Memon N, Isbister K, Ahmed K (2014) Multitouch gesture-based authentication. IEEE Transactions on Information Forensics and Security 9(4):568–582. https://doi.org/10.1109/TIFS.2014.2302582

    Article  Google Scholar 

  20. Shahzad M, Liu AX, Samuel A (2013) Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it. In: Proceedings of the 19th Annual International Conference on Mobile Computing & Networking. ACM, pp 39–50

  21. Suh GE, Devadas S (2007) Physical unclonable functions for device authentication and secret key generation. In: Proceedings of the 44th Annual Design Automation Conference, ACM, New York, NY, USA, DAC ’07, pp 9–14.https://doi.org/10.1145/1278480.1278484

  22. Suh GE, O’Donnell CW, Sachdev I, Devadas S (2005) Design and implementation of the AEGIS single-chip secure processor using physical random functions. In: Proceedings of the 32nd Annual International Symposium on Computer Architecture, IEEE Computer Society, Washington, DC, USA, ISCA ’05, pp 25–36. https://doi.org/10.1109/ISCA.2005.22,

  23. Suh GE, O’Donnell CW, Devadas S (2007) AEGIS: a single-chip secure processor. IEEE Design & Test of Computers 24(6):570–580

    Article  Google Scholar 

  24. Yang B, Yang K, Zhang Z, Qin Y, Feng D (2016) AEP-M: practical anonymous e-payment for mobile devices using ARM TrustZone and divisible e-cash. In: International conference on information security. Springer, Berlin, pp 130–146

  25. Zhang Y, Zhao S, Qin Y, Yang B, Feng D (2015) TrustTokenF: a generic security framework for mobile two-factor authentication using TrustZone. In: Trustcom/bigdataSE/ISPA, 2015 IEEE, IEEE, vol 1, pp 41–48

Download references

Author information

Authors and Affiliations

  1. Iowa State University, Ames, IA, 50011, USA

    Timothy Dee, Ryan Scheel, Nicholas Montelibano & Akhilesh Tyagi

Authors
  1. Timothy Dee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ryan Scheel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nicholas Montelibano
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Akhilesh Tyagi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Timothy Dee.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Dee, T., Scheel, R., Montelibano, N. et al. User-Silicon Entangled Mobile Identity Authentication. J Hardw Syst Secur 4, 208–229 (2020). https://doi.org/10.1007/s41635-020-00098-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-020-00098-7

Keywords

Search

Navigation