Abstract
[Paper accepted at ACNS 2020]
In this paper, we propose a simple and effective attack on the recently
introduced Smartphone Authentication with Built-in Camera Protocol,
called ABC. The ABC protocol uses the photo-response non-uniformity
(PRNU) as the main authentication factor in combination with
anti-forgery detection systems. The ABC protocol interprets the PRNU as
a fingerprint of the camera sensor built-in a smartphone device. The
protocol works as follows: during the authentication process, the user
is challenged with two QR codes (sent by the server) that need to be
photographed with a pre-registered device. In each QR code, the server
embeds a unique pattern noise (not visible to the naked eye), called
probe signal, that is used to identify potential forgeries. The inserted
probe signal is very similar to a genuine fingerprint. The photos of QR
codes taken by the user are then sent to the server for verification.
The server checks (i) if the photos contain the user’s camera
fingerprint (used to authenticate the pre-registered device) and (ii) if
the photos contain the embedded probe signal. If an adversary tries to
remove (subtract) his own camera fingerprint and replace it with the
victim’s camera fingerprint (computed from photos shared on social
media), then he will implicitly remove the embedded probe signal and the
attack will fail. The ABC protocol is able to detect these attacks with
a false acceptance rate (FAR) of 0.5%. However, the ABC protocol
wrongly assumes that the attacker can only determine his own camera
fingerprint from the photos of the presented QR codes. The attack
proposed in our work is able to get past the anti-forgery detection
system with a FAR of 54.1%, simply by estimating the attacker’s camera
fingerprint from a different set of photos (e.g. five photos) owned by
the attacker. This set of photos can be trivially obtained before the
attack, allowing the adversary to compute his camera fingerprint
independently of the attack. The key to the success of our attack is
that the independently computed adversary’s camera fingerprint does not
contain the probe signal embedded in the QR codes. Therefore, when we
subtract the adversary’s camera fingerprint and add the victim’s camera
fingerprint, the embedded probe signal will remain in place. For this
reason, the proposed attack can successfully pass through the
anti-forgery detection system of the ABC protocol. In this paper, we
also propose a potential fix based on analyzing signals from built-in
motion sensors, which are not typically shared on social media.