SCR-Auth: Secure Call Receiver Authentication on Smartphones Using Outer Ear Echoes

TL;DR

SCR-Auth is a novel smartphone authentication method that uses outer ear echoes to verify the user during call reception, enhancing security without extra hardware.

Contribution

It introduces a passive, hardware-efficient biometric authentication scheme based on outer ear echoes for securing call reception on smartphones.

Findings

Achieves 96.95% balanced accuracy in diverse conditions.

Demonstrates resilience against potential attacks.

Operates without extra hardware or user burden.

Abstract

Receiving calls is one of the most universal functions of smartphones, involving sensitive information and critical operations. Unfortunately, to prioritize convenience, the current call receiving process bypasses smartphone authentication mechanisms (e.g., passwords, fingerprint recognition, and face recognition), leaving a significant security gap. To address this issue, we propose SCR-Auth, a secure call receiver authentication scheme for smartphones that leverages outer ear echoes. It sends inaudible acoustic signals through the earpiece speaker to actively sense the call receiver's outer ear structure and records the resulting echoes using the top microphone. These echoes are then analyzed to extract unique outer ear biometric information for authentication. It operates implicitly, without requiring extra hardware or imposing additional burden. Comprehensive experiments conducted under diverse conditions demonstrate SCR-Auth's effectiveness and security, showing an average balanced accuracy of 96.95% and resilience against potential attacks.