LSU Computer Science Faculty Furthering Research Into Smartphone Security

BATON ROUGE, La., March 07, 2023 (GLOBE NEWSWIRE) — Every day, smartphone users utilize biometric data like their fingerprint, facial ID, PIN number, and/or voice recognition to unlock their devices. They also use such data to login to apps, make online purchases, pay bills, etc.

But what if that information could be duplicated and reused? Because such biometrics are static and unchanged, once they are leaked, they would never be secure to use for future authentication.

That dilemma is at the heart of LSU Computer Science Assistant Professor Chen Wang’s developing research into hand gripping as a verification method. Last year, with the help of a grant from the Louisiana Board of Regents, Wang’s research focused on notification privacy and using a smartphone’s own musical sounds/vibrations during notification for verification. This time around, and with the backing of a National Science Foundation grant of more than $470,000, his focus has expanded to include a variety of smartphone functions, as well as notification privacy.

“This research focuses on addressing two long-standing issues in mobile device authentication, obtrusiveness and replay threats,” Wang said. “The aim is to reduce the user effort involved in authentication so that they can handle in-situation privacy provisions and to make biometric data not reusable so that an adversary cannot replay your biometrics to spoof your identity.

“The current 3D scanning and printing technologies can forge your fingers, hands, and face. Besides, if the transmission and the storage of your biometric data are not carefully secured, such data could be leaked and reused by an adversary. The biometric data required [for authentication] is all static and never changed. This means that if the biometric data is leaked, an adversary can reuse it to access your device and online accounts.”

So, how does using one’s hand grip for authentication work? When authentication is requested, the smartphone sends barely inaudible ultrasounds encoded into multiple narrow frequency bands within 17-22 KHz. This encoded acoustic signal propagates on the phone’s surface and is absorbed and reflected by the user’s hand. Because of the hand’s unique biometric…