NSF Award
2450046
Smartphones have become our most intimate devices. To protect against unauthorized access, many authentication methods (e.g., PINs, fingerprints, and face IDs) have been deployed. However, by requiring active user efforts to input biometric data, they are unable to cope with many scenarios when user participation is not available at once, such as when the smartphone is shared with others or when notification content is displayed on the screen spontaneously. Furthermore, while biometric data have become more popular for authentication, it can be eavesdropped and reused. This research addresses the two long-standing issues of biometric authentication, obtrusiveness and replay threat, based on gripping-hand sensing. The key insight is that for a handheld device, the user needs to hold the device to use it. The project’s novelties are enabling smartphone users to solve access issues with their own hands unobtrusively, extracting nonreusable biometric features for authentication, and using media sounds to sense the user’s gripping hand. The project's broader significance and importance are that it benefits the huge population of smartphone users by providing enhanced mobile security, disseminates the research outcomes to the public to benefit both industry and academia, and contributes to educational programs, including curriculum development, graduate/undergraduate training, K-12 involvement, and underrepresented student engagement in research. <br/><br/>This project advances the knowledge of mobile device security and privacy. It explores a novel gripping-hand biometric for user identification, which is readily available to acquire visually or acoustically from mobile device users. Deep learning-based algorithms are developed to derive unique biometric features and distinguish people’s hands. The project further devises a technique based on modulated stimulus signals to encode biometric features into each non-repeated biometric code for challenge-response user authentication. Moreover, cross-domain user authentication methods are developed, which leverage commonly used smartphone audio signals (e.g., ringtones) to sense and recognize a user’s gripping hand rather than using dedicated signals. The hard-to-forge physical relationships between the resulting acoustic and vibration responses of such audio signals are explored for achieving replay resistance.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
