Securing Cyber-Physical Social Interactions on Wrist-worn Devices

Since ancient Greece, handshaking has been commonly practiced between two people as a friendly gesture to express trust and respect, or form a mutual agreement. In this article, we show that such physical contact can be used to bootstrap secure cyber contact between the smart devices worn by users. The key observation is that during handshaking, although belonged to two different users, the two hands involved in the shaking events are often rigidly connected, and therefore exhibit very similar motion patterns. We propose a novel key generation system, which harvests motion data during user handshaking from the wrist-worn smart devices such as smartwatches or fitness bands, and exploits the matching motion patterns to generate symmetric keys on both parties. The generated keys can be then used to establish a secure communication channel for exchanging data between devices. This provides a much more natural and user-friendly alternative for many applications, e.g., exchanging/sharing contact details, friending on social networks, or even making payments, since it doesn’t involve extra bespoke hardware, nor require the users to perform pre-defined gestures. We implement the proposed key generation system on off-the-shelf smartwatches, and extensive evaluation shows that it can reliably generate 128-bit symmetric keys just after around 1s of handshaking (with success rate >99%), and is resilient to different types of attacks including impersonate mimicking attacks, impersonate passive attacks, or eavesdropping attacks. Specifically, for real-time impersonate mimicking attacks, in our experiments, the Equal Error Rate (EER) is only 1.6% on average. We also show that the proposed key generation system can be extremely lightweight and is able to run in-situ on the resource-constrained smartwatches without incurring excessive resource consumption

Gait-Based Identification Using Wearables in the Personal Fog

Wearables are becoming more computationally powerful, with increased sensing and control capabilities, creating a need for accurate user authentication. Greater control and power allow wearables to become part of a personal fog system, but introduces new attack vectors. An attacker that steals a wearable can gain access to stored personal data on the wearable. However, the new computational power can also be employed to safeguard use through more secure authentication. The wearables themselves can now perform authentication. In this paper, we use gait identification for increased authentication when potentially harmful commands are requested. We show how the relying on the processing and storage inherent in the personal fog allows distributed storage of information about the gait of the wearer and the ability to fully process this data for user authentication locally at the edge. While gait-based authentication has been examined before, we show an additional, low-power method of verification for wearables

LiReK: A lightweight and real-time key establishment scheme for wearable embedded devices by gestures or motions

With the recent trend in wearable technology adoption, the security of these wearable devices has been the subject of scrutiny. Traditional cryptographic schemes such as key establishment schemes are not practical for deployment on the (resource-constrained) wearable devices, due to the limitations in their computational capabilities (e.g. limited battery life). Thus, in this study, we propose a lightweight and real-time key establishment scheme for wearable devices by leveraging the integrated accelerometer. Specifically, we introduce a novel way for users to initialize a shared key using random shakes/movements on their wearable devices. Construction of the real-time key is based on the users’ motion (e.g. walking), which does not require the data source for key construction in different devices worn by the same user to be matching. To address the known limitations on the regularity and predictability of gait, we propose a new quantization method to select data that involve noise and uncertain factors when generating secure random number. This enhances the security of the derived key. Our evaluations demonstrate that the matching rate of the shake-to-generate secret key is up to 91.00% and the corresponding generation rate is 2.027 bit/s, and devices worn on human participant’s chest, waist, wrist and carried in the participant’s pocket can generate 4.405, 4.089, 6.089 and 3.204 bits random number per second for key generation, respectively