Beware Of Your Screen: Anonymous Fingerprinting Of Device Screens For Off-Line Payment Protection

QR-code mobile payment becomes increasingly popular, being offered by major banks (e.g., ICBC) and payment service providers (e.g., PayPal). Unlike mobile payment solutions provided by hardware vendors (e.g., Apple Pay and Samsung Pay), QR code payment schemes do not rely on any hardware support and can therefore be easily deployed. However, the security guarantee of the new scheme is less clear: in the absence of hardware protection, users' digital wallet can be vulnerable to an OS-level adversary, who could steal her secret for generating payment tokens.We find that the physical features of a phone's screen can enhance the security protection of this QR-code payment, serving as a second-factor authentication. Due to manufacturing imperfections, the luminance levels of the pixels on the screen vary across the screen's display area, which can be used to uniquely characterize the screen. This physical fingerprint cannot be stolen even when the OS is fully compromised, since the adversary cannot observe the physical features of the screen.However, screen fingerprinting could also undermine the mobile payer's privacy, as less trusted merchants could use it to track customers and infer their purchase history and preferences. In this paper, we propose a new authentication solution that anonymously fingerprints mobile screens. The approach, called AnonPrint obfuscates a screen, which hides its fingerprint from the merchants. In the meantime, the payment provider, who shares a secret with the payer, is able to reconstruct the mask and authenticate the payer through her obfuscated fingerprint.