Dominik Maier, Technische Universität Berlin; Henrik Erb, Patrick Mullan, and Vincent Haupert, Friedrich-Alexander-Universität Erlangen-Nürnberg
Authentication schemes that include smartphones gain popularity. Instead of storing keys in app-private storage — clone-able by privileged malware — recent research proposes authentication with hardware fingerprints, arguing they will be harder for attackers to fake. Notably, the use of camera sensor fingerprints has been discussed, recently. This paper revisits the eligibility of this camera sensor noise for authentication.The so-called Photo Response Non-Uniformity (PRNU) exploits use of production tolerances in the CMOS sensors, commonly used in smartphone cameras, to trace a photo to a specific phone and authenticate its user. We conducted the first large-scale study for PRNU on smartphones, with 56,630 images stemming from individual 3,809 devices across 1036 models. Based on the collected dataset, we reproduce proposed authentication schemes and uncover caveats not discussed in prior work on authentication. In addition, we give constraints an image used for authentication schemes needs to fit, to increase the reliability of the results. We are able to pro-vide novel insights and discuss and implement attacks against the proposed schemes and discuss future improvements.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Dominik Maier and Henrik Erb and Patrick Mullan and Vincent Haupert},
title = {Camera Fingerprinting Authentication Revisited},
booktitle = {23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020)},
year = {2020},
isbn = {978-1-939133-18-2},
address = {San Sebastian},
pages = {31--46},
url = {https://www.usenix.org/conference/raid2020/presentation/maier},
publisher = {USENIX Association},
month = oct
}