SoundID: Securing Mobile Two-Factor Authentication via Acoustic Signals

Mobile two-factor authentication (TFA), which uses mobile devices as a second security layer to online accounts, has been widely applied with the proliferation of mobile phones. Currently, many studies propose to use acoustic fingerprints as the second factor. However, these solutions ignore the variations of the extracted static acoustic fingerprints incurred by the acoustic propagation process. In this paper, we propose SoundID, a secure and novel authentication system that introduces a dual challenge-response design via the acoustic signals of the enrolled phone and the login device. In SoundID, the enrolled phone evaluates its proximity to the login device by the similarity of their audio recordings, and then the server compares the calculated dynamic acoustic fingerprint with the one received from the enrolled phone. To the best of our knowledge, SoundID is the first scheme that extracts dynamic acoustic fingerprints and can effectively defend against the enhanced MITM attack. We build a prototype of SoundID with off-the-shelf smartphones to validate its robustness and effectiveness. Our results show that SoundID is user-friendly and achieves over 96.62% accuracy at around 4.27% equal error rate.

© 2022 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.