CIM: Camera in Motion for Smartphone Authentication

The photo response non-uniformity of a smartphone camera is a reliable hardware fingerprint that can he used to authenticate the smartphone owner. This type of camera-based authentication is convenient and of low cost since it requires only pictures taken by a smartphone. However, as shown in this paper, existing camera-based authentication systems are either impractical or subject to fingerprint forgery attacks, in which an adversary intentionally submits forged pictures with fake fingerprints. We propose Camera in Motion (CIM), a practical and reliable camera-based smartphone authentication system. In CIM, a user is asked to move his/her smartphone along a specific route, take pictures of QR codes displayed on the verifier's interface in burst mode, and submit particular burst pictures to the verifier for authentication. We find that, because burst images are captured in rapid succession, the random noise components of a captured image can be partially preserved across multiple images that are captured in a row. The preserved noise forms a forgery-sensitive noisechain embedded in burst images. We also find that there exists various correlations between the movement of the camera and the noise components of the captured images. The noisechain and these correlations are then explored for forgery detection. We performed extensive experiments with 22 smartphones of 5 different models. Our experiment results show that CIM can achieve 100% true acceptance rate at 0% false acceptance rate in both fingerprint matching and forgery detection.