User And Device Authentication Based On Scattering Characteristics

The rapid development of the mobile IoT（IoT,Internet of Things）has made both user authentication and device authentication increasingly important.On the one hand,more and more people tend to show their daily life in an online social network,which includes some personal pictures and short videos in many cases.These 2D images which are circulated on the network can be easily accessible and utilized by malicious attackers to invade the 2D face recognition system widely deployed on mobile devices^[1].This poses a great threat to user authentication.On the other hand,the lightweight protocols and low-power radio technologies open up many opportunities to facilitate IoT into our daily life,while their minimalist design also makes IoT devices vulnerable to many active attacks due to the lack of sophisticated security protocols^[35].Based on the above problems,we propose to use the scattering characteristics of the sound signal and the wireless signal to solve the above two problems,as follows:First,the face recognition system is widely used in the authentication system of mobile devices.How to solve the problem of using the photo or video on the network to attack the face recognition system is an important issue.We propose an effective and robust liveness detection system to enhance the face authentication in defending against media-based attacks.We use active acoustic sensing to differentiate the uneven stereostructure of the face and the flat forged media.Our proposed scheme effectively extracts the desired reflection profiles from the target.Moreover,we propose effective similarity measurements of reflection profiles to distinguish live users and the forged media,which work robustly under various environment conditions.The system only requires low-cost and universally equipped acoustic sensors without explicit user involvement for liveness detection,which can be easily deployed in variety of application scenarios.Experiment results show our system achieves accuracy higher than 96%across various media attacks and different levels of background noise,which shows its great potential to enhance the security of widely-deployed face authentication systems in real scenarios.In addition,devices pairing or data transmission are often required between IoT devices.How to solve the problem that IoT devices are vulnerable to attacks due to lack of complex security protocols is an important issue.We present a lightweight system that attaches battery-free backscatter tags to single-antenna devices to shield the system from active attacks.The key insight of our system is to intentionally create multi-path propagation signatures with the careful deployment of backscatter tags.These signatures can be used to construct a sensitive profile to identify the location of the signals'arrival,and thus detect the threat.We prototype the system with USRPs and ambient backscatter tags to evaluate our system in various environments.The experimental results show that even when the attacker is located only 15 cm away from the legitimate device,the system with merely three backscatter tags can mitigate 97%of spoofing attack attempts while at the same time trigger false alarms on just 7%of legitimate traffic.In summary,we study user authentication based on face recognition system and device authentication,and propose an effective solution,which plays an important role in information security protection.