SoundID : Securing Mobile Two-Factor Authentication via Acoustic Signals

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalpeer-review

View graph of relations

Author(s)

  • Dan Liu
  • Qian Wang
  • Man Zhou
  • Peipei Jiang
  • Qi Li
  • Chao Shen

Related Research Unit(s)

Detail(s)

Original languageEnglish
Journal / PublicationIEEE Transactions on Dependable and Secure Computing
Publication statusOnline published - 28 Mar 2022

Abstract

Mobile two-factor authentication (TFA), which uses mobile devices as a second security layer to online accounts, has been widely applied with the proliferation of mobile phones. Currently, many studies propose to use acoustic fingerprints as the second factor. However, these solutions ignore the variations of the extracted static acoustic fingerprints incurred by the acoustic propagation process. In this paper, we propose SoundID, a secure and novel authentication system that introduces a dual challenge-response design via the acoustic signals of the enrolled phone and the login device. In SoundID, the enrolled phone evaluates its proximity to the login device by the similarity of their audio recordings, and then the server compares the calculated dynamic acoustic fingerprint with the one received from the enrolled phone. To the best of our knowledge, SoundID is the first scheme that extracts dynamic acoustic fingerprints and can effectively defend against the enhanced MITM attack. We build a prototype of SoundID with off-the-shelf smartphones to validate its robustness and effectiveness. Our results show that SoundID is user-friendly and achieves over 96.62% accuracy at around 4.27% equal error rate.

Research Area(s)

  • acoustic fingerprints, acoustic propagation, Acoustics, Authenticaction, Authentication, Frequency response, Microphones, Security, Smart phones, Ultrasonic imaging