Securing Cyber-Physical Social Interactions on Wrist-Worn Devices

Since ancient Greece, handshaking has been commonly practiced between two people as a friendly gesture to express trust and respect, or form a mutual agreement. In this article, we show that such physical contact can be used to bootstrap secure cyber contact between the smart devices worn by users. The key observation is that during handshaking, although belonged to two different users, the two hands involved in the shaking events are often rigidly connected, and therefore exhibit very similar motion patterns. We propose a novel key generation system, which harvests motion data during user handshaking from the wrist-worn smart devices such as smartwatches or fitness bands, and exploits the matching motion patterns to generate symmetric keys on both parties. The generated keys can be then used to establish a secure communication channel for exchanging data between devices. This provides a much more natural and user-friendly alternative for many applications, e.g., exchanging/sharing contact details, friending on social networks, or even making payments, since it doesn’t involve extra bespoke hardware, nor require the users to perform pre-defined gestures. We implement the proposed key generation system on off-the-shelf smartwatches, and extensive evaluation shows that it can reliably generate 128-bit symmetric keys just after around 1s of handshaking (with success rate >99%), and is resilient to different types of attacks including impersonate mimicking attacks, impersonate passive attacks, or eavesdropping attacks. Specifically, for real-time impersonate mimicking attacks, in our experiments, the Equal Error Rate (EER) is only 1.6% on average. We also show that the proposed key generation system can be extremely lightweight and is able to run in-situ on the resource-constrained smartwatches without incurring excessive resource consumption.

[1]  Shuangquan Wang,et al.  Gesture-Enabled Remote Control for Healthcare , 2017, 2017 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE).

[2]  Roger Wattenhofer,et al.  Recognizing text using motion data from a smartwatch , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[3]  Sanjay Jha,et al.  SeAK: Secure Authentication and Key Generation Protocol Based on Dual Antennas for Wireless Body Area Networks , 2014, RFIDSec.

[4]  Neil W. Bergmann,et al.  Walkie-Talkie: Motion-Assisted Automatic Key Generation for Secure On-Body Device Communication , 2016, 2016 15th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN).

[5]  J. Bibb Cain,et al.  Error-Correction Coding for Digital Communications , 1981 .

[6]  Yunhao Liu,et al.  A Quantitative and Comparative Study of Network-Level Efficiency for Cloud Storage Services , 2019, ACM Trans. Model. Perform. Evaluation Comput. Syst..

[7]  Vijay Srinivasan,et al.  WatchUDrive: Differentiating drivers and passengers using smartwatches , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[8]  Ming Li,et al.  ASK-BAN: authenticated secret key extraction utilizing channel characteristics for body area networks , 2013, WiSec '13.

[9]  Sanjay Jha,et al.  Mobility Independent Secret Key Generation for Wearable Health-care Devices , 2015, BODYNETS.

[10]  Mario Huemer,et al.  Key Generation Based on Acceleration Data of Shaking Processes , 2007, UbiComp.

[11]  Claude Castelluccia,et al.  Shake them up!: a movement-based pairing protocol for CPU-constrained devices , 2005, MobiSys '05.

[12]  Gang Zhou,et al.  Toward Sensor-Based Random Number Generation for Mobile and IoT Devices , 2016, IEEE Internet of Things Journal.

[13]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[14]  Nicholas D. Lane,et al.  From smart to deep: Robust activity recognition on smartwatches using deep learning , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[15]  René Mayrhofer,et al.  Shake Well Before Use: Intuitive and Secure Pairing of Mobile Devices , 2009, IEEE Transactions on Mobile Computing.

[16]  Archan Misra,et al.  Did you take a break today? Detecting playing foosball using your smartwatch , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[17]  Wen Hu,et al.  Sensor-Assisted Multi-View Face Recognition System on Smart Glass , 2018, IEEE Transactions on Mobile Computing.

[18]  Wen Hu,et al.  GaitLock: Protect Virtual and Augmented Reality Headsets Using Gait , 2019, IEEE Transactions on Dependable and Secure Computing.

[19]  Sanjay Jha,et al.  Secret Key Generation by Virtual Link Estimation , 2015, BODYNETS.

[20]  Sen Wang,et al.  Snoopy , 2018, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[21]  Neil W. Bergmann,et al.  Gait-Watch: A Context-Aware Authentication System for Smart Watch Based on Gait Recognition , 2017, 2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI).

[22]  Sanjay Jha,et al.  DLINK: Dual link based radio frequency fingerprinting for wearable devices , 2015, 2015 IEEE 40th Conference on Local Computer Networks (LCN).

[23]  Hsiao-Chun Wu,et al.  Physical layer security in wireless networks: a tutorial , 2011, IEEE Wireless Communications.

[24]  Wei-Chi Ku,et al.  Impersonation Attack on a Dynamic ID-Based Remote User Authentication Scheme Using Smart Cards , 2005, IEICE Trans. Commun..

[25]  Sanjay Jha,et al.  Secure key generation and distribution protocol for wearable devices , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[26]  Bowen Du,et al.  Shake-n-Shack: Enabling Secure Data Exchange Between Smart Wearables via Handshakes , 2018, 2018 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[27]  Swati Rallapalli,et al.  Enabling physical analytics in retail stores using smart glasses , 2014, MobiCom.

[28]  Eduardo Tovar,et al.  Design and Implementation of Secret Key Agreement for Platoon-based Vehicular Cyber-physical Systems , 2019, ACM Trans. Cyber Phys. Syst..