Weixi Gu,Zheng Yang,Longfei Shangguan,Xiaoyu Ji,Yiyang Zhao

DOI: https://doi.org/10.1109/trustcom.2014.34

2014-01-01

Abstract:Near field authentication is of great importance for a range of applications, and has attracted many research efforts in the past decades. Several approaches have been developed and demonstrated their feasibility. The state-of-art works, however, still have much room to improve their automation and usability. First, user assistance is required in most existing approaches, which will be easily observed and imitated by attackers. Second, the authentications of several works heavily depend on special hardware, e.g., Server or high resolution screen, which greatly restricts their application scenarios. In this paper, we present a near field authentication system Tooth that needs little human assistance and is compatible with most smart phones. ToAuth is based on the key insight that the acceleration traces are similar for a pair of smart phones when they are contacting physically and vibrating. The random vibration patterns are sufficiently uncertain to provide high entropy to generate a pair of cryptographic keys yet are inimitable for a third party who does not get in touch with the vibration source. ToAuth leverages the keys to make authentication for smart phones. We implement ToAuth on Android platform and evaluate its performance under various scenarios. Extensive experiments demonstrate ToAuth could achieve around 90% success rate in stable environment, and prevent attacks depended on vibration noise.

Dan Liu,Qian Wang,Man Zhou,Peipei Jiang,Qi Li,Chao Shen,Cong Wang

DOI: https://doi.org/10.1109/tdsc.2022.3162718

2023-01-01

Abstract:Mobile two-factor authentication (TFA), which uses mobile devices as a second security layer of protection to online accounts, has been widely applied with the proliferation of mobile phones. Currently, many studies propose to use acoustic fingerprints as the second factor. However, these solutions ignore the variations of the extracted static acoustic fingerprints incurred by the acoustic propagation process, which we show can be leveraged to develop an enhanced man-in-the-middle (MITM) attack to compromise the security strength of these systems, while hiding the traces of the attacking devices. To address this newly-uncovered vulnerability, we propose SoundID, a secure and novel authentication system that introduces a dual challenge-response design through the acoustic signals of the enrolled phone and the login device. Specifically, the enrolled phone first evaluates its proximity to the login device by the similarity of their audio recordings, and then the login authentication server compares the calculated dynamic acoustic fingerprint with the one received from the enrolled phone. To the best of our knowledge, SoundID is the first scheme that extracts dynamic acoustic fingerprints and can effectively defend against the enhanced MITM attack. SoundID combines the benefits of unpredictable influencing factors of acoustic propagation processes and the stable frequency response of the acoustic hardware, whose high complexity prevents attackers from predicting or impersonating them. We build a prototype of SoundID with off-the-shelf smartphones to validate its robustness and effectiveness. Our results show that SoundID is user-friendly and achieves over 96.62% accuracy with an equal error rate around 4.27%.

Li Lü,Jiadi Yu,Yingying Chen,Yan Wang

DOI: https://doi.org/10.1145/3397320

2020-01-01

Proceedings of the ACM on Interactive Mobile Wearable and Ubiquitous Technologies

Abstract:Recent years have witnessed the surge of biometric-based user authentication for mobile devices due to its promising security and convenience. As a natural and widely-existed behavior, human speaking has been exploited for user authentication. Existing voice-based user authentication explores the unique characteristics from either the voiceprint or mouth movements, which is vulnerable to replay attacks and mimic attacks. During speaking, the vocal tract, including the static shape and dynamic movements, also exhibits the individual uniqueness, and they are hardly eavesdropped and imitated by adversaries. Hence, our work aims to employ the individual uniqueness of vocal tract to realize user authentication on mobile devices. Moreover, most voice-based user authentications are passphrase-dependent, which significantly degrade the user experience. Thus, such user authentications are pressed to be implemented in a passphrase-independent manner while being able to resist various attacks. In this paper, we propose a user authentication system, VocalLock, which senses the whole vocal tract during speaking to identify different individuals in a passphrase-independent manner on smartphones leveraging acoustic signals. VocalLock first utilizes FMCW on acoustic signals to characterize both the static shape and dynamic movements of the vocal tract during speaking, and then constructs a passphrase-independent user authentication model based on the unique characteristics of vocal tract through GMM-UBM. The proposed VocalLock can resist various spoofing attacks, while achieving a satisfactory user experience. Extensive experiments in real environments demonstrate VocalLock can accurately authenticate user identity in a passphrase-independent manner and successfully resist various attacks.

Yanjiao Chen,Meng Xue,Jian Zhang,Qianyun Guan,Zhiyuan Wang,Qian Zhang,Wei Wang

DOI: https://doi.org/10.1145/3494962

2021-01-01

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Abstract:Voice-based authentication is prevalent on smart devices to verify the legitimacy of users, but is vulnerable to replay attacks. In this paper, we propose to leverage the distinctive chest motions during speaking to establish a secure multi-factor authentication system, named ChestLive. Compared with other biometric-based authentication systems, ChestLive does not require users to remember any complicated information (e.g., hand gestures, doodles) and the working distance is much longer (30cm). We use acoustic sensing to monitor chest motions with a built-in speaker and microphone on smartphones. To obtain fine-grained chest motion signals during speaking for reliable user authentication, we derive Channel Energy (CE) of acoustic signals to capture the chest movement, and then remove the static and non-static interference from the aggregated CE signals. Representative features are extracted from the correlation between voice signal and corresponding chest motion signal. Unlike learning-based image or speech recognition models with millions of available training samples, our system needs to deal with a limited number of samples from legitimate users during enrollment. To address this problem, we resort to meta-learning, which initializes a general model with good generalization property that can be quickly fine-tuned to identify a new user. We implement ChestLive as an application and evaluate its performance in the wild with 61 volunteers using their smartphones. Experiment results show that ChestLive achieves an authentication accuracy of 98.31% and less than 2% of false accept rate against replay attacks and impersonation attacks. We also validate that ChestLive is robust to various factors, including training set size, distance, angle, posture, phone models, and environment noises.

Qian Wang,Xiu Lin,Man Zhou,Yanjiao Chen,Cong Wang,Qi Li,Luo Xiangyang

DOI: https://doi.org/10.1109/infocom.2019.8737422

2019-01-01

Abstract:Voice biometrics is widely adopted for identity authentication in mobile devices. However, voice authentication is vulnerable to spoofing attacks, where an adversary may deceive the voice authentication system with pre-recorded or synthesized samples from the legitimate user or by impersonating the speaking style of the targeted user. In this paper, we design and implement VoicePop, a robust software-only anti-spoofing system on smartphones. VoicePop leverages the pop noise, which is produced by the user breathing while speaking close to the microphone. The pop noise is delicate and subject to user diversity, making it hard to record by replay attacks beyond a certain distance and to imitate precisely by impersonators. We design a novel pop noise detection scheme to pinpoint pop noises at the phonemic level, based on which we establish individually unique relationship between phonemes and pop noises to identify legitimate users and defend against spoofing attacks. Our experimental results with 18 participants and three types of smartphones show that VoicePop achieves over 93.5% detection accuracy at around 5.4% equal error rate. VoicePop requires no additional hardware but only the built-in microphones in virtually all smartphones, which can be readily integrated in existing voice authentication systems for mobile devices.

Ping Dong,Namin Hou,Yuting Tang,Yushi Cheng,Xiaoyu Ji

DOI: https://doi.org/10.1016/j.hcc.2024.100222

2024-01-01

High-Confidence Computing

Abstract:The development of wireless communication network technology has provided people with diversified and convenient services. However, with the expansion of network scale and the increase in the number of devices, malicious attacks on wireless communication are becoming increasingly prevalent, causing significant losses. Currently, wireless communication systems authenticate identities through certain data identifiers. However, this software-based data information can be forged or replicated. This article proposes the authentication of device identity using the hardware fingerprint of the terminal’s Radio Frequency (RF) components, which possesses properties of being genuine, unique, and stable, holding significant implications for wireless communication security. Through the collection and processing of raw data, extraction of various features including time-domain and frequency-domain features, and utilizing machine learning algorithms for training and constructing a legal fingerprint database, it is possible to achieve close to a 97% recognition accuracy for Fifth Generation (5G) terminals of the same model. This provides an additional and robust hardware-based security layer for 5G communication security, enhancing monitoring capability and reliability.

Li Lu,Jiadi Yu,Yingying Chen,Hongbo Liu,Yanmin Zhu,Yunfei Liu,Minglu Li

DOI: https://doi.org/10.1109/infocom.2018.8486283

2018-01-01

Abstract:To prevent users' privacy from leakage, more and more mobile devices employ biometric-based authentication approaches, such as fingerprint, face recognition, voiceprint authentications, etc., to enhance the privacy protection. However, these approaches are vulnerable to replay attacks. Although state-of-art solutions utilize liveness verification to combat the attacks, existing approaches are sensitive to ambient environments, such as ambient lights and surrounding audible noises. Towards this end, we explore liveness verification of user authentication leveraging users' lip movements, which are robust to noisy environments. In this paper, we propose a lip reading-based user authentication system, LipPass, which extracts unique behavioral characteristics of users' speaking lips leveraging build-in audio devices on smartphones for user authentication. We first investigate Doppler profiles of acoustic signals caused by users' speaking lips, and find that there are unique lip movement patterns for different individuals. To characterize the lip movements, we propose a deep learning-based method to extract efficient features from Doppler profiles, and employ Support Vector Machine and Support Vector Domain Description to construct binary classifiers and spoofer detectors for user identification and spoofer detection, respectively. Afterwards, we develop a binary tree-based authentication approach to accurately identify each individual leveraging these binary classifiers and spoofer detectors with respect to registered users. Through extensive experiments involving 48 volunteers in four real environments, LipPass can achieve 90.21% accuracy in user identification and 93.1% accuracy in spoofer detection.

Xiaoyu Ji,Xinyan Zhou,Chen Yan,Jiangyi Deng,Wenyuan Xu

DOI: https://doi.org/10.1109/tmc.2020.3025023

IF: 6.075

2022-01-01

IEEE Transactions on Mobile Computing

Abstract:With the proliferation of mobile devices, face-to-face device-to-device (D2D) communication has been applied to a variety of daily scenarios such as mobile payment and short distance file transfer. In D2D communications, a critical security problem is to verify the device legitimacy when they share no secrets in advance. Previous research proposed device authentication schemes based on pre-built database or exploiting physical properties. However, a remaining challenge is to secure face-to-face D2D communication even in the middle of a crowd, within which an attacker may hide. In this paper, we present NAuth, a nonlinearity-enhanced, location-sensitive authentication mechanism. Especially, we target at the secure authentication within a limited range such as 20 cm, which is typical for face-to-face scenarios. NAuth designs a verification scheme based on the nonlinear distortion of speaker-microphone systems and a location-based validation model. The verification scheme guarantees device authentication consistency by extracting acoustic nonlinearity patterns (ANP) while the validation model ensures device legitimacy by measuring the time difference of arrival (TDOA) at two microphones. We analyze the feasibility and security of NAuth theoretically and evaluate its performance experimentally. Results demonstrate that NAuth can verify the device legitimacy in the presence of nearby attackers.

Si Chen,Muyuan Li,Zhan Qin,Bingsheng Zhang,Kui Ren

DOI: https://doi.org/10.1109/INFCOMW.2014.6849232

2014-01-01

Abstract:Short-range wireless communication technologies have been used in many security-sensitive smartphone applications and services such as contactless micro payment and device pairing. Typically, the data confidentiality of existing short-range communication systems relies on key-exchange then encryption mechanism, which is inefficient, especially for short communication sessions. In this work, we present AcousAuth, a smartphone empowered system designed for personal authentication. AcousAuth adopts the emerging friendly jamming technique from radio communication for data confidentiality and it features a seamless, faster, easier and safer user authentication process without the need for special infrastructure. Our system is intended to provide security assurances comparable to or greater than that of conventional authentication systems while offering the same user experience as inputing a password alone. AcousAuth provides a purely software-based solution to secure smartphone short-range communication without key agreement phase and it is potentially well suited for legacy mobile devices. Despite the computational restrictions and bandwidth of mobile device, our mobile application is able to maintain real-time performance.

Dajiang Chen,XuFei Mao,Zhen Qin,Weiyi Wang,Xiang-Yang Li,Zhiguang Qin

DOI: https://doi.org/10.1007/978-3-319-22047-5_16

2015-01-01

Abstract:Authentication between wireless devices is critical for many wireless network applications, especially in some secure wireless communication scenarios. One of ingenious solutions is to extract a fingerprint to perform device authentication by exploiting variations in the transmitted signal caused by hardware and manufacturing inconsistencies. In this work, we propose a device identification protocol (named S2M) by leveraging the frequency response of a speaker and a microphone from two wireless devices as an acoustic hardware fingerprint. S2M authenticates the legitimate user based on the results of matching the fingerprint extracted at the learning process with the one extracted at the verification process. We design and implement S2M for both mobile phones and PCs and the extensive experimental results show that S2M achieves both a low false negative rate and a low false positive rate in various of scenarios under different attacks.

Li Lu,Jiadi Yu,Yingying Chen,Hongbo Liu,Yanmin Zhu,Linghe Kong,Minglu Li

DOI: https://doi.org/10.1109/tnet.2019.2891733

2019-01-01

IEEE/ACM Transactions on Networking

Abstract:To prevent users’ privacy from leakage, more and more mobile devices employ biometric-based authentication approaches, such as fingerprint, face recognition, voiceprint authentications, and so on, to enhance the privacy protection. However, these approaches are vulnerable to replay attacks. Although the state-of-art solutions utilize liveness verification to combat the attacks, existing approaches are sensitive to ambient environments, such as ambient lights and surrounding audible noises. Toward this end, we explore liveness verification of user authentication leveraging users’ mouth movements, which are robust to noisy environments. In this paper, we propose a lip reading-based user authentication system, LipPass, which extracts unique behavioral characteristics of users’ speaking mouths through acoustic sensing on smartphones for user authentication. We first investigate Doppler profiles of acoustic signals caused by users’ speaking mouths and find that there are unique mouth movement patterns for different individuals. To characterize the mouth movements, we propose a deep learning-based method to extract efficient features from Doppler profiles and employ softmax function, support vector machine, and support vector domain description to construct multi-class identifier, binary classifiers, and spoofer detectors for mouth state identification, user identification, and spoofer detection, respectively. Afterward, we develop a balanced binary tree-based authentication approach to accurately identify each individual leveraging these binary classifiers and spoofer detectors with respect to registered users. Through extensive experiments involving 48 volunteers in four real environments, LipPass can achieve 90.2% accuracy in user identification and 93.1% accuracy in spoofer detection.

Xinyan Zhou,Xiaoyu Ji,Chen Yan,Jiangyi Deng,Wenyuan Xu

DOI: https://doi.org/10.1109/infocom.2019.8737572

2019-01-01

Abstract:With the increasing prevalence of mobile devices, face-to-face device-to-device (D2D) communication has been applied to a variety of daily scenarios such as mobile payment and short distance file transfer. In D2D communications, a critical security problem is verifying the legitimacy of devices when they share no secrets in advance. Previous research addressed the problem with device authentication and pairing schemes based on user intervention or exploiting physical properties of the radio or acoustic channels. However, a remaining challenge is to secure face-to-face D2D communication even in the middle of a crowd, within which an attacker may hide. In this paper, we present Nhuth, a nonlinearity-enhanced, location-sensitive authentication mechanism for such communication. Especially, we target at the secure authentication within a limited range such as 20 cm, which is the common case for face-to-face scenarios. Nhuth contains averification scheme based on the nonlinear distortion of speaker-microphone systems and a location-based-validation model. The verification scheme guarantees device authentication consistency by extracting acoustic nonlinearity patterns (ANP) while the validation model ensures device legitimacy by measuring the time difference of arrival (TDOA) at two microphones. We analyze the security of Nhuth theoretically and evaluate its performance experimentally. Results show that Nhuth can verify the device legitimacy in the presence of nearby attackers.

Namin Hou,Yushi Cheng,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603286

2024-01-01

Abstract:The advancement of Fifth-Generation (5G) technology has greatly enriched individuals' access to a broad array of convenient services, offering significant benefits in mobile communications, autonomous driving, smart homes, and the Internet of Things. However, with the increase in the number of network access devices, large and frequent data interactions have brought potential security risks to wireless networks, which are related to user privacy security, traffic safety, and even social security. Malicious intrusions targeting wireless communications have resulted in significant disruptions and incurred substantial losses. Presently, user identities in wireless communications rely on software-based data identifiers, which can be forged easily. This paper proposes a hardware-level device authentication mechanism that uses the intrinsic hardware characteristics of the transmitter (shown as impairments in the radio signal of the transmission link) for identity authentication. The resulting fingerprint is naturally distinctive and highly resistant to counterfeiting attempts. We use 5 devices across different models and 10 devices of the same model for experimental evaluation. Then we apply machine learning algorithms to construct a fingerprint database and device authentication, achieving an average of 82.4% precision, 89.9% recall, and 85.9% F1-score, which can help to safeguard the security of 5G communication.

Zhe Zhou,Wenrui Diao,Xiangyu Liu,Kehuan Zhang

DOI: https://doi.org/10.1145/2660267.2660300

2014-01-01

Abstract:The popularity of mobile devices has made people's lives more convenient, but threatened people's privacy at the same time. As end users are becoming more and more concerned on the protection of their private information, it is even harder for hackers to track a specific user by using conventional technologies. For example, cookies might be cleared by users regularly. Besides, OS designers have developed a series of measures to cope with tracker. Apple has stopped apps accessing UDIDs, and Android phones use some special permissions to protect IMEI code. However, some recent studies showed that attackers are able to find new ways to get around those limitations, even though these new methods should be improved in order to be practically deployed in large scale. For example, attackers can trace smart phones by using the hardware features resulting from the imperfect manufacturing process of accelerometers. In this paper, we will present another new and more practical method for the adversaries to generate stable and unique device ID stealthily for the smartphone by exploiting the frequency response of the speaker. With carefully selected audio frequencies and special sound wave patterns, we can reduce the impact of non-linear effects and noises, and keep our feature extraction process un-noticeable to phone owners. The extracted feature is not only very stable for a given smart phone, but also unique to that phone. The feature contains rich information, which is even enough to differentiate millions of smart phones of the same model. We have built a prototype to evaluate our method, and the results show that the generated device ID can be used to track users practically.

Zhanglei Shu,Zhangsen Wang,Guozheng Yang,Cheng Zang,Zhe Ma,Feng Lin,Kui Ren

DOI: https://doi.org/10.1109/ICPADS56603.2022.00013

2023-01-01

Abstract:Fingerprint recognition technology is the most widely used technology in the field of biometrics and is also the preferred solution for mobile devices and the financial industry. However, traditional fingerprint recognition technology requires expensive sensors on the one hand and risks leaking fingerprint images on the other hand. In this paper, we propose Fingersound, a low-cost and deployable authentication system that utilizes the sound generated by finger sliding as an identity feature. We use a microphone array to record continuous sliding sound and extract multiple features in the frequency and time domains. Then we use various algorithms including a deep neural network to perform user authentication. We also design a mobile phone application that can interact with the embedded system to manage users and record authentication history. In our experiments, 100 participants used this system and achieved an equal error rate of 5.2%. Additionally, we investigate the system’s robustness within different sliding materials, texturesand under noise disturbances. We further demonstrate the resistance of Fingersound to replay attack.

Yuxi Liu,Dimitrios Hatzinakos

DOI: https://doi.org/10.1109/ICASSP.2014.6854309

2014-01-01

ICASSP

Abstract:Recently, the demand for more robust protection against unauthorized use of mobile devices has been rapidly growing. This paper presents a novel biometric modality Transient Evoked Otoacoustic Emission (TEOAE) for mobile security. Prior works have investigated TEOAE for biometrics in a setting where an individual is to be identified among a pre-enrolled identity gallery. However, this limits the applicability to mobile environment, where attacks in most cases are from imposters unknown to the system before. Therefore, we employ an unsupervised learning approach based on Autoencoder Neural Network to tackle such blind recognition problem. The learning model is trained upon a generic dataset and used to verify an individual in a random population. We also introduce the framework of mobile biometric system considering practical application. Experiments show the merits of the proposed method and system performance is further evaluated by cross-validation with an average EER 2.41% achieved.

Dajiang Chen,Ning Zhang,Zhen Qin,Xufei Mao,Zhiguang Qin,Xuemin Shen,Xiang-Yang Li

DOI: https://doi.org/10.1109/jiot.2016.2619679

IF: 10.6

2016-01-01

IEEE Internet of Things Journal

Abstract:Device authentication is a critical and challenging issue for the emerging Internet of Things (IoT). One promising solution to authenticate IoT devices is to extract a fingerprint to perform device authentication by exploiting variations in the transmitted signal caused by hardware and manufacturing inconsistencies. In this paper, we propose a lightweight device authentication protocol [named speaker-to-microphone (S2M)] by leveraging the frequency response of a speaker and a microphone from two wireless IoT devices as the acoustic hardware fingerprint. S2M authenticates the legitimate user by matching the fingerprint extracted in the learning process and the verification process, respectively. To validate and evaluate the performance of S2M, we design and implement it in both mobile phones and PCs and the extensive experimental results show that S2M achieves both low false negative rate and low false positive rate in various scenarios under different attacks.

Yanzhi Ren,Chen Chen,Hongbo Liu,Jiadi Yu,Zhourong Zheng,Yingying Chen,Pengcheng Huang,Hongwei Li

DOI: https://doi.org/10.1109/tmc.2022.3232172

IF: 6.075

2022-01-01

IEEE Transactions on Mobile Computing

Abstract:The two-factor authentication ($2$FA) has drawn increasingly attention as the mobile devices become more prevalent. For example, the user's possession of the enrolled phone could be used by the $2$FA system as the second proof to protect his/her online accounts. Existing $2$FA solutions mainly require some form of user-device interaction, which may severely affect user experience and creates extra burdens to users. In this work, we propose a secure $2$FA system utilizing the proximity of a user's enrolled phone and the login device as the second proof without requiring the user's interactions. The basic idea of our $2$FA system is to derive location signatures based on acoustic beep signals emitted alternately by both devices and sensing the echoes with microphones, and compare the extracted signatures for proximity detection. Moreover, to further enhance the security of our system, we also design a device authentication scheme which derives the acoustic fingerprint between the login device and enrolled phone to verify the identity of two devices. Given the received beep signal, our system designs a period selection scheme to identify two sound segments accurately: the chirp period is the sound segment propagating directly from the speaker to the microphone whereas the echo period is the sound segment reflected back by surrounding objects. To achieve an accurate proximity detection, we develop a new energy loss compensation extraction scheme by utilizing the extracted chirp periods to estimate the intrinsic differences of energy loss between microphones of the enrolled phone and the login device. Our proximity detection component then conducts the similarity comparison between the identified two echo periods after the energy loss compensation to effectively determine whether the enrolled phone and the login device are in proximity for $2$FA. Moreover, to provide higher security, our device fingerprint-assisted proximity detection further utilizes the overall energy loss between the login device and enrolled phone as their hardware fingerprint to authenticate the identity of two devices. Our experimental results show that our system is accurate in providing $2$FA and robust to both man-in-the-middle (MiM) and co-located attacks across different scenarios and device models.

computer science, information systems,telecommunications

Anupam Das,Nikita Borisov,Matthew Caesar

DOI: https://doi.org/10.48550/arXiv.1403.3366

2014-03-14

Abstract:The widespread use of smart devices gives rise to both security and privacy concerns. Fingerprinting smart devices can assist in authenticating physical devices, but it can also jeopardize privacy by allowing remote identification without user awareness. We propose a novel fingerprinting approach that uses the microphones and speakers of smart phones to uniquely identify an individual device. During fabrication, subtle imperfections arise in device microphones and speakers which induce anomalies in produced and received sounds. We exploit this observation to fingerprint smart devices through playback and recording of audio samples. We use audio-metric tools to analyze and explore different acoustic features and analyze their ability to successfully fingerprint smart devices. Our experiments show that it is even possible to fingerprint devices that have the same vendor and model; we were able to accurately distinguish over 93% of all recorded audio clips from 15 different units of the same model. Our study identifies the prominent acoustic features capable of fingerprinting devices with high success rate and examines the effect of background noise and other variables on fingerprinting accuracy.

Cryptography and Security

Feiyu Han,Panlong Yang,Haohua Du,Xiang-Yang Li

DOI: https://doi.org/10.1145/3560905.3568522

2022-01-01

Abstract:Most existing voice-based user authentication systems mainly rely on microphones to capture the unique vocal characteristics of an individual, which makes these systems vulnerable to various acoustic attacks and suffer high-security risks. In this work, we present Accuth , a novel authentication system that takes advantage of a low-cost accelerometer to verify the user's identity and resist spoofing acoustic attacks. Accuth captures unique sound vibrations during the human pronunciation process and extracts multi-level features to verify the user's identity. Specifically, we analyze and model the differences between the physical sound field of human beings and loudspeakers, and extract a novel sound-field-level liveness feature to defend against spoofing attacks. Accuth is an effective complement to existing authentication approaches as it only leverages a ubiquitous, low-cost, and small-size accelerometer. In real-world experiments, Accuth achieves over 90% identification accuracy among 15 human participants and an average equal error rate (EER) of 3.02% for spoofing attack detection.