“We have developed a hardware-based smartphone authentication system utilizing the camera fingerprint of modern smartphones,” Professor Kui Ren, the lead researcher involved in this work, told Digital Trends. “Using this system, a user can simply use her smartphone as a security token to protect her online account.”
The idea, essentially, is that every smartphone produces tiny microscopic imaging flaws whenever a photo is taken. This effect, called photo-response non-uniformity (PRNU), can be used like digital fingerprints as a unique identifier of a particular device. While PRNU has been known about for some time — it’s frequently used to determine authorship in copyright cases — until now it was thought that the analysis of dozens of photos was necessary to come up with a match. The University at Buffalo researchers, on the other hand, demonstrated that this analysis can be done with just one photo. In tests involving 16,000 images from 30 different iPhones and 10 Samsung Galaxy Note devices, their positive identification rate was 99.5 percent.
One way that this technology could be used would involve ensuring that the correct user is using a smartphone by analyzing photos as a security measure. That might mean asking a user to snap a quick photo of a QR code for analysis. While it wouldn’t necessarily be a replacement for current biometrics, it could be a useful extra layer of security.
“We hope our system can be put into practical use in the near future,” Ren continued. “There are a few issues before its mature real-world uses and performing large-scale experiments is one.” Ren said the team would next like to test their discovery using the dual camera system found on high-end smartphones. They also plan to investigate how support could be extended to cover other Internet of Things devices.
The research is due to be presented in February at the 2018 Network and Distributed Systems Security Conference in California.
