Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SCR-Auth: Secure Call Receiver Authentication on Smartphones Using Outer Ear Echoes

Xiping Sun, Jing Chen, Kun He, Zhixiang He, Ruiying Du, Yebo Feng, Qingchuan Zhao, Cong Wu

TL;DR

SCR-Auth addresses the security gap in smartphone call reception by providing implicit authentication based on outer-ear echoes generated via inaudible chirps from the earpiece and captured by the top microphone. It introduces a two-step denoising pipeline and a learning-based feature extractor to compensate for smartphone positioning, followed by a one-class classifier to verify legitimacy. Across extensive multi-device and multi-condition experiments, SCR-Auth achieves an average balanced accuracy of 96.95% and an equal error rate of 1.53%, while resisting zero-effort and mimicry attacks. The approach offers secure, convenient call authentication on commodity smartphones without extra hardware, enabling widespread deployment and real-time protection during call reception.

Abstract

Receiving calls is one of the most universal functions of smartphones, involving sensitive information and critical operations. Unfortunately, to prioritize convenience, the current call receiving process bypasses smartphone authentication mechanisms (e.g., passwords, fingerprint recognition, and face recognition), leaving a significant security gap. To address this issue, we propose SCR-Auth, a secure call receiver authentication scheme for smartphones that leverages outer ear echoes. It sends inaudible acoustic signals through the earpiece speaker to actively sense the call receiver's outer ear structure and records the resulting echoes using the top microphone. These echoes are then analyzed to extract unique outer ear biometric information for authentication. It operates implicitly, without requiring extra hardware or imposing additional burden. Comprehensive experiments conducted under diverse conditions demonstrate SCR-Auth's effectiveness and security, showing an average balanced accuracy of 96.95% and resilience against potential attacks.

SCR-Auth: Secure Call Receiver Authentication on Smartphones Using Outer Ear Echoes

TL;DR

SCR-Auth addresses the security gap in smartphone call reception by providing implicit authentication based on outer-ear echoes generated via inaudible chirps from the earpiece and captured by the top microphone. It introduces a two-step denoising pipeline and a learning-based feature extractor to compensate for smartphone positioning, followed by a one-class classifier to verify legitimacy. Across extensive multi-device and multi-condition experiments, SCR-Auth achieves an average balanced accuracy of 96.95% and an equal error rate of 1.53%, while resisting zero-effort and mimicry attacks. The approach offers secure, convenient call authentication on commodity smartphones without extra hardware, enabling widespread deployment and real-time protection during call reception.

Abstract

Receiving calls is one of the most universal functions of smartphones, involving sensitive information and critical operations. Unfortunately, to prioritize convenience, the current call receiving process bypasses smartphone authentication mechanisms (e.g., passwords, fingerprint recognition, and face recognition), leaving a significant security gap. To address this issue, we propose SCR-Auth, a secure call receiver authentication scheme for smartphones that leverages outer ear echoes. It sends inaudible acoustic signals through the earpiece speaker to actively sense the call receiver's outer ear structure and records the resulting echoes using the top microphone. These echoes are then analyzed to extract unique outer ear biometric information for authentication. It operates implicitly, without requiring extra hardware or imposing additional burden. Comprehensive experiments conducted under diverse conditions demonstrate SCR-Auth's effectiveness and security, showing an average balanced accuracy of 96.95% and resilience against potential attacks.
Paper Structure (26 sections, 3 equations, 18 figures, 6 tables)

This paper contains 26 sections, 3 equations, 18 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Call Receiver Authentication
  4. Acoustic Sensing
  5. Preliminaries
  6. Outer Ear Echoes
  7. Motivating Examples
  8. Speaker and Microphone Selection
  9. Overview of SCR-Auth
  10. System Overview
  11. Threat Model
  12. Design Goals
  13. Design of SCR-Auth
  14. Data capturer
  15. Data Preprocessor
  16. ...and 11 more sections

Figures (18)

  • Figure 1: Illustration of SCR-Auth. When a call comes in, the earpiece speaker and top microphone serve as an active sonar, authenticating the call receiver's identity by analyzing echoes from the outer ear.
  • Figure 2: The acoustic profiles of outer ear echoes for two users. (a) Magnitude spectrums for the same user at two times. (b) Magnitude spectrums for two users. (c) Phase spectrums for the same user at two times. (d) Phase spectrums for two users.
  • Figure 3: The structure of the outer ear: auricle and ear canal.
  • Figure 4: The typical layout of speakers and microphones on smartphones.
  • Figure 5: Workflow of SCR-Auth.
  • ...and 13 more figures