Transparently Authenticating NFC Users with Tapping Gesture Biometrics
The deployment of NFC technology on mobile phones is gaining momentum, enabling many important applications such as NFC payments, access control for building or public transit ticketing. However, (NFC) phones are prone to loss or theft, which allows the attacker with physical access to the phone to fully compromise the functionality provided by the NFC applications. Authenticating a user of an NFC phone using PINs or passwords provides only a weak level of security, and undermines the efficiency and convenience that NFC applications are supposed to provide. In this work, we devise a novel gesture-centric NFC biometric authentication mechanism that is fully transparent to the user. Figure below shows the high level overview of our system. Simply “tapping” the phone with the NFC reader – a natural gesture already performed by the user prior to making the NFC transaction – would unlock the NFC functionality. An unauthorized user cannot unlock the NFC functionality because tapping serves as a “hard-to-mimic” biometric gesture unique to each user. We show how the NFC tapping biometrics can be extracted in a highly robust manner using multiple – motion, position and ambient – phone’s sensors and machine learning classifiers. The use of multiple sensors not only improves the authentication accuracy but also makes active attacks harder since multiple sensor events need to be mimicked simultaneously. Our work significantly enhances the security of NFC transactions without adding any extra burden on the users.
- Babins Shrestha (@UAB; PhD 2016; now Cybersecurity Professional at Visa)
- Manar Mohamed (@UAB; PhD 2016; now Visiting Assistant Professor at Miami University)
- Sandeep Tamrakar (@Aalto University; PhD 2016; now Software Engineer at Bitwards)
- Theft-Resilient Mobile Wallets: Transparently Authenticating NFC Users with Tapping Gesture Biometrics
Babins Shrestha, Manar Mohamed, Sandeep Tamrakar, and Nitesh Saxena.
In Annual Computer Security Applications Conference (ACSAC), December 2016