Accelerometer and Fuzzy Vault-Based Secure Group Key Generation and Sharing Protocol for Smart Wearables

The increased usage of smart wearables in various applications, specifically in health-care, emphasizes the need for secure communication to transmit sensitive health-data. In a practical scenario, where multiple devices are carried by a person, a common secret key is essential for secure group communication. Group key generation and sharing among wearables have received very little attention in the literature due to the underlying challenges: 1) difficulty in obtaining a good source of randomness to generate strong cryptographic keys, and 2) finding a common feature among all the devices to share the key. In this paper, we present a novel solution to generate and distribute group secret keys by exploiting on-board accelerometer sensor and the unique walking style of the user, i.e., gait. We propose a method to identify the suitable samples of accelerometer data during all routine activities of a subject to generate the keys with high entropy. In our scheme, the smartphone placed on waist employs fuzzy vault, a cryptographic construct, and utilizes the acceleration due to gait, a common characteristic extracted on all wearable devices to share the secret key. We implement our solution on commercially available off-the-shelf smart wearables, measure the system performance, and conduct experiments with multiple subjects. Our results demonstrate that the proposed solution has a bit rate of 750 b/s, low system overhead, distributes the key securely and quickly to all legitimate devices, and is suitable for practical applications.

[1]  Yantian Hou,et al.  Chorus: scalable in-band trust establishment for multiple constrained devices over the insecure wireless channel , 2013, WiSec '13.

[2]  Sanjay Jha,et al.  I Am Alice, I Was in Wonderland: Secure Location Proof Generation and Verification Protocol , 2016, 2016 IEEE 41st Conference on Local Computer Networks (LCN).

[3]  Neil W. Bergmann,et al.  Walkie-Talkie: Motion-Assisted Automatic Key Generation for Secure On-Body Device Communication , 2016, 2016 15th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN).

[4]  Sanjay Jha,et al.  Mobility Independent Secret Key Generation for Wearable Health-care Devices , 2015, BODYNETS.

[5]  Dharma P. Agrawal,et al.  The Human Key: Identification and Authentication in Wearable Devices Using Gait , 2015 .

[6]  Hugo Krawczyk,et al.  Cryptographic Extraction and Key Derivation: The HKDF Scheme , 2010, IACR Cryptol. ePrint Arch..

[7]  Kevin Fu,et al.  They can hear your heartbeats: non-invasive security for implantable medical devices , 2011, SIGCOMM.

[8]  Yuefeng Ji,et al.  Low Mismatch Key Agreement Based on Wavelet-Transform Trend and Fuzzy Vault in Body Area Network , 2013, Int. J. Distributed Sens. Networks.

[9]  René Mayrhofer,et al.  SAPHE: simple accelerometer based wireless pairing with heuristic trees , 2012, MoMM '12.

[10]  Danilo Gligoroski,et al.  Walk the Walk: Attacking Gait Biometrics by Imitation , 2010, ISC.

[11]  Sanjay Jha,et al.  Secret Key Generation by Virtual Link Estimation , 2015, BODYNETS.

[12]  Sanjay Jha,et al.  DLINK: Dual link based radio frequency fingerprinting for wearable devices , 2015, 2015 IEEE 40th Conference on Local Computer Networks (LCN).

[13]  Erkki Oja,et al.  Independent Component Analysis , 2001 .

[14]  Wade Trappe,et al.  Information-Theoretically Secret Key Generation for Fading Wireless Channels , 2009, IEEE Transactions on Information Forensics and Security.

[15]  René Mayrhofer,et al.  Shake Well Before Use: Intuitive and Secure Pairing of Mobile Devices , 2009, IEEE Transactions on Mobile Computing.

[16]  Moustafa Youssef,et al.  It's the Human that Matters: Accurate User Orientation Estimation for Mobile Computing Applications , 2014, MobiQuitous.

[17]  Sanjay Jha,et al.  Secure key generation and distribution protocol for wearable devices , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[18]  Aapo Hyvärinen,et al.  Fast and robust fixed-point algorithms for independent component analysis , 1999, IEEE Trans. Neural Networks.

[19]  Farinaz Koushanfar,et al.  Heart-to-heart (H2H): authentication for implanted medical devices , 2013, CCS.

[20]  Bernt Schiele,et al.  Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts , 2001, UbiComp.

[21]  Einar Snekkenes,et al.  Robustness of Biometric Gait Authentication Against Impersonation Attack , 2006, OTM Workshops.

[22]  Teng-Sheng Moh,et al.  Privacy and security in biomedical applications of wireless sensor networks , 2008, 2008 First International Symposium on Applied Sciences on Biomedical and Communication Technologies.

[23]  Anil K. Jain,et al.  Multibiometric Template Security Using Fuzzy Vault , 2008, 2008 IEEE Second International Conference on Biometrics: Theory, Applications and Systems.

[24]  Mario Huemer,et al.  Key Generation Based on Acceleration Data of Shaking Processes , 2007, UbiComp.

[25]  Sharath Pankanti,et al.  Fingerprint-Based Fuzzy Vault: Implementation and Performance , 2007, IEEE Transactions on Information Forensics and Security.

[26]  Wei Jia,et al.  Survey of Gait Recognition , 2009, ICIC.

[27]  Cédric Lauradoux,et al.  Entropy harvesting from physical sensors , 2013, WiSec '13.

[28]  Prasant Mohapatra,et al.  Exploiting Multiple-Antenna Diversity for Shared Secret Key Generation in Wireless Networks , 2010, 2010 Proceedings IEEE INFOCOM.

[29]  Melissa J. B. Rogers,et al.  Accelerometer Data Analysis and Presentation Techniques , 1997 .

[30]  Sanjay Jha,et al.  SeAK: Secure Authentication and Key Generation Protocol Based on Dual Antennas for Wireless Body Area Networks , 2014, RFIDSec.

[31]  Bendik Bjørklid Mjaaland Gait Mimicking : Attack Resistance Testing of Gait Authentication Systems , 2009 .

[32]  David Kotz,et al.  Recognizing whether sensors are on the same body , 2011, Pervasive Mob. Comput..

[33]  Ming Li,et al.  ASK-BAN: authenticated secret key extraction utilizing channel characteristics for body area networks , 2013, WiSec '13.

[34]  Nitesh Saxena,et al.  Accelerometers and randomness: perfect together , 2011, WiSec '11.

[35]  Sanjay Jha,et al.  Poster: Were You in the Cafe Yesterday?: Location Proof Generation & Verification for Mobile Users , 2015, SenSys.

[36]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[37]  Athanasios V. Vasilakos,et al.  ECG-Cryptography and Authentication in Body Area Networks , 2012, IEEE Transactions on Information Technology in Biomedicine.

[38]  Ayan Banerjee,et al.  PSKA: Usable and Secure Key Agreement Scheme for Body Area Networks , 2010, IEEE Transactions on Information Technology in Biomedicine.

[39]  Deokjai Choi,et al.  Secure and Privacy Enhanced Gait Authentication on Smart Phone , 2014, TheScientificWorldJournal.