Page 347 - 《软件学报》2025年第5期

P. 347

周满等: 基于声感知的移动终端身份认证综述 2247

系统大多只是对多个认证因子进行简单的逐一认证, 各认证因子之间关联性差, 攻击者可以利用现有的攻击手段
逐个击破, 导致安全性的提升并不显著, 还会使得认证过程变得繁琐, 增加用户操作复杂度. 因此, 双/多因素身份
认证系统无论在安全性还是实用性方面都有很大的提升空间. 目前, 基于声感知的双/多因素身份认证已经取得了
初步的成果. 例如, LVID [106] 利用语音提取声纹特征作为第 1 认证因子, 利用高频声信号捕获用户说话时嘴唇运动
特征作为第 2 身份认证因子. 这对认证因子具有很强的关联性, 很容易进行有机融合组成多生物特征, 从而提高智
能手机语音认证的安全性与鲁棒性. 研究人员应该以兼顾安全性和实用性为核心, 着重探索发现强关联的身份认
证因子, 利用现有的硬件设备实现多模态异构数据的同源感知, 一体化提取多特征认证因子, 建立多认证因子有机
融合的身份认证系统.

6 总结

面对日益严峻的安全威胁, 实现安全可靠的移动终端身份认证是亟待解决的现实问题. 基于声感知的移动终
端身份认证因其高度普适性和低硬件成本, 可以有效提高移动终端身份认证系统的安全性. 本文对移动终端身份
认证和基于声感知的身份认证国内外研究进展进行了分类梳理, 提出了当前研究工作面临的挑战, 探讨了未来基
于声感知的安全身份认证系统的发展趋势. 基于声感知的移动终端身份认证解决方案越来越多样化, 未来的研究
重心将始终以提升安全性和实用性为目标, 逐渐向多因子有机融合的身份认证系统转移.

References:
[1] Ericsson. Ericsson mobility report. 2022. https://www.ericsson.com/49d3a0/assets/local/reports-papers/mobility-report/documents/2022/
ericsson-mobility-report-june-2022.pdf
[2] Ye GX, Tang ZY, Fang DY, Chen XJ, Wolff W, Aviv AJ, Wang Z. A video-based attack for Android pattern lock. ACM Trans. on
Privacy and Security, 2018, 21(4): 19. [doi: 10.1145/3230740]
[3] Chen DJ, Zhao ZH, Qin X, Luo YH, Cao MS, Xu H, Liu AF. MagLeak: A learning-based side-channel attack for password recognition
with multiple sensors in IIoT environment. IEEE Trans. on Industrial Informatics, 2022, 18(1): 467–476. [doi: 10.1109/TII.2020.
3045161]
[4] Yang E, Fang S, Markwood I, Liu Y, Zhao SQ, Lu Z, Zhu HJ. Wireless training-free keystroke inference attack and defense.
IEEE/ACM Trans. on Networking, 2022, 30(4): 1733–1748. [doi: 10.1109/TNET.2022.3147721]
[5] Zhou M, Wang Q, Yang JX, Li Q, Jiang PP, Chen YJ, Wang ZB. Stealing your Android patterns via acoustic signals. IEEE Trans. on
Mobile Computing, 2021, 20(4): 1656–1671. [doi: 10.1109/TMC.2019.2960778]
[6] Qin L, Peng F, Long M, Ramachandra R, Busch C. Vulnerabilities of unattended face verification systems to facial components-based
presentation attacks: An empirical study. ACM Trans. on Privacy and Security, 2022, 25(1): 4. [doi: 10.1145/3491199]
[7] Rathore AS, Shen YJ, Xu CH, Snyderman J, Han JS, Zhang F, Li ZX, Lin F, Xu WY, Ren K. FakeGuard: Exploring haptic response to
mitigate the vulnerability in commercial fingerprint anti-spoofing. In: Proc. of the 29th Annual Network and Distributed System
Security Symp. San Diego: The Internet Society, 2022. 1–17.
[8] Wang C, Wang Y, Chen YY, Liu HB, Liu J. User authentication on mobile devices: Approaches, threats and trends. Computer
Networks, 2020, 170: 107118. [doi: 10.1016/j.comnet.2020.107118]
[9] Bai Y, Lu L, Cheng J, Liu J, Chen YY, Yu JD. Acoustic-based sensing and applications: A survey. Computer Networks, 2020, 181:
107447. [doi: 10.1016/j.comnet.2020.107447]
[10] Lu L, Yu JD, Li ML. Towards a real-time anti-theft method for mobile devices leveraging acoustic sensing. Chinese Journal of
Computers, 2020, 43(10): 2002–2018 (in Chinese with English abstract). [doi: 10.11897/SP.J.1016.2020.02002]
[11] Bonneau J, Preibusch S, Anderson R. A birthday present every eleven wallets? The security of customer-chosen banking pins. In: Proc.
of the 16th Int’l Conf. on Financial Cryptography and Data Security. Kralendijk: Springer, 2012. 25–40. [doi: 10.1007/978-3-642-32946-
3_3]
[12] Zhang Q, Wang D, Zhao R, Yu YG, Shen JJ. Sensing to hear: Speech enhancement for mobile devices using acoustic signals. Proc. of
the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2021, 5(3): 137. [doi: 10.1145/3478093]
[13] Shi D, Tao D, Wang JT, Yao MY, Wang ZB, Chen HJ, Helal S. Fine-grained and context-aware behavioral biometrics for pattern lock
on smartphones. Proc. of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2021, 5(1): 33. [doi: 10.1145/
3448080]

342 343 344 345 346 347 348 349 350 351 352