SCR-Auth: Secure Call Receiver Authentication on Smartphones Using Outer Ear Echoes

Receiving calls is one of the most universal functions of smartphones, involving sensitive information and critical operations. Unfortunately, to prioritize convenience, the current call receiving process bypasses smartphone authentication mechanisms (e.g., passwords, fingerprint recognition, and face recognition), leaving a significant security gap. To address this issue, we propose SCR-Auth, a secure call receiver authentication scheme for smartphones that leverages outer ear echoes. It sends inaudible acoustic signals through the earpiece speaker to actively sense the call receiver's outer ear structure and records the resulting echoes using the top microphone. These echoes are then analyzed to extract unique outer ear biometric information for authentication. It operates implicitly, without requiring extra hardware or imposing additional burden. Comprehensive experiments conducted under diverse conditions demonstrate SCR-Auth's effectiveness and security, showing an average balanced accuracy of 96.95% and resilience against potential attacks.