User-Silicon Entangled Mobile Identity Authentication

  • PDF / 3,113,775 Bytes
  • 22 Pages / 595.224 x 790.955 pts Page_size
  • 50 Downloads / 194 Views

DOWNLOAD

REPORT

User-Silicon Entangled Mobile Identity Authentication Timothy Dee1

· Ryan Scheel1 · Nicholas Montelibano1 · Akhilesh Tyagi1

Received: 2 August 2019 / Accepted: 12 June 2020 © Springer Nature Switzerland AG 2020

Abstract We explore mobile device touchscreen characteristics to build a user-device (UD) biometric physical unclonable function (PUF). Human user touchscreen interaction induces dynamic capacitive differences. Sensors detect current differences which are a function of both (1) a human biometric of how a shape is traced and (2) silicon foundry process transistorlevel variability embedded in the touchscreen grid. This forms a physical function with input x defining a shape and output y abstracted from the measured current value stream. We argue and establish that this physical function has PUF attributes. Moreover, it provides a robust user-device biometric-based authentication mechanism. Authentication is based on geometric shapes (challenges) drawn on the touchscreen. Users trace them. The authentication layer creates a response abstract, and validates it against a user profile. Authentication accuracy is affected by the complexity of geometric shapes as well as the validation algorithm. We consider polyline shapes (simple gestures) and complex closed geometric shapes (complex gestures). Complex gestures offer higher response entropy, but are computationally less efficient with a slightly lower validation accuracy. Complex gestures achieve 99.6% accuracy compared with 100% for simple gestures. User profiles exhibit physical unclonable function (PUF) properties. Touchscreen gestures are quantized into binary strings. Gesture hamming distance is 60+ bits for 128-bit strings for different user-device profiles; it is 0 bits for the same profile. This demonstrates variability and reproducibility respectively. Montreal TestU01 tests binary string pseudorandom characteristics; the majority of tests pass showing pseudorandom number generator (PRG) characteristics. Keywords Physical unclonable function (PUF) · Mobile device · Authentication · Security

1 Introduction Mobile devices are becoming the primary user interface terminals of the modern world with the computing servers infrastructure being pushed to the cloud. With wearable

 Timothy Dee

[email protected] Ryan Scheel [email protected] Nicholas Montelibano [email protected] Akhilesh Tyagi [email protected] 1

Iowa State University, Ames, IA 50011, USA

devices on the horizon, the number of mobile devices per capita is likely to explode. Securing a mobile device is significantly more challenging. Physical possession allows for side-channel attacks. Mobility limits device network connectivity making authentication more difficult. Not being able to rely upon constant connectivity also reduces the options available to implement a mobile root of trust. Biometrics enhance authentication; they provide a basis for trust. A biometric profile captures what data is generated and how. Profiles must be reproducible (invariable) for the same user and variable

Data Loading...