Shake-n-Shack: Enabling Secure Data Exchange Between Smart Wearables via Handshakes

Since ancient Greece, handshaking has been commonly practiced between two people as a friendly gesture to express trust and respect, or form a mutual agreement. In this paper, we show that such physical contact can be used to bootstrap secure cyber contact between the smart devices worn by users. The key observation is that during handshaking, although belonged to two different users, the two hands involved in the shaking events are often rigidly connected, and therefore exhibit very similar motion patterns. We propose a novel Shake-n-Shack system, which harvests motion data during user handshaking from the wrist worn smart devices such as smartwatches or fitness bands, and exploits the matching motion patterns to generate symmetric keys on both parties. The generated keys can be then used to establish a secure communication channel for exchanging data between devices. This provides a much more natural and user-friendly alternative for many applications, e.g., exchanging/sharing contact details, friending on social networks, or even making payments, since it doesn't involve extra bespoke hardware, nor require the users to perform pre-defined gestures. We implement the proposed Shake-n-Shack 1 system on off-the-shelf smartwatches, and extensive evaluation shows that it can reliably generate 128-bit symmetric keys just after around 1s of handshaking (with success rate >99%), and is resilient to real-time mimicking attacks: in our experiments the Equal Error Rate (EER) is only 1.6% on average. We also show that the proposed Shake-n-Shack system can be extremely lightweight, and is able to run in-situ on the resource-constrained smartwatches without incurring excessive resource consumption.

[1]  Mario Huemer,et al.  Key Generation Based on Acceleration Data of Shaking Processes , 2007, UbiComp.

[2]  Roger Wattenhofer,et al.  Recognizing text using motion data from a smartwatch , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[3]  Wei-Chi Ku,et al.  Impersonation Attack on a Dynamic ID-Based Remote User Authentication Scheme Using Smart Cards , 2005, IEICE Trans. Commun..

[4]  Vijay Srinivasan,et al.  WatchUDrive: Differentiating drivers and passengers using smartwatches , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[5]  Sanjay Jha,et al.  SeAK: Secure Authentication and Key Generation Protocol Based on Dual Antennas for Wireless Body Area Networks , 2014, RFIDSec.

[6]  Sanjay Jha,et al.  Secure key generation and distribution protocol for wearable devices , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[7]  Neil W. Bergmann,et al.  Gait-Watch: A Context-Aware Authentication System for Smart Watch Based on Gait Recognition , 2017, 2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI).

[8]  Neil W. Bergmann,et al.  Gait-Key , 2017, ACM Trans. Sens. Networks.

[9]  Nicholas D. Lane,et al.  From smart to deep: Robust activity recognition on smartwatches using deep learning , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[10]  René Mayrhofer,et al.  Shake Well Before Use: Intuitive and Secure Pairing of Mobile Devices , 2009, IEEE Transactions on Mobile Computing.

[11]  Ming Li,et al.  ASK-BAN: authenticated secret key extraction utilizing channel characteristics for body area networks , 2013, WiSec '13.

[12]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[13]  Sanjay Jha,et al.  DLINK: Dual link based radio frequency fingerprinting for wearable devices , 2015, 2015 IEEE 40th Conference on Local Computer Networks (LCN).

[14]  Sanjay Jha,et al.  Secret Key Generation by Virtual Link Estimation , 2015, BODYNETS.

[15]  Archan Misra,et al.  Did you take a break today? Detecting playing foosball using your smartwatch , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[16]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[17]  Sanjay Jha,et al.  Mobility Independent Secret Key Generation for Wearable Health-care Devices , 2015, BODYNETS.

[18]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[19]  Swati Rallapalli,et al.  Enabling physical analytics in retail stores using smart glasses , 2014, MobiCom.