BANDANA — Body area network device-to-device authentication using natural gAit

Secure spontaneous authentication between devices worn at arbitrary locations on the same body is a challenging, yet unsolved problem. We propose BANDANA, the first-ever implicit secure device-to-device authentication scheme for devices worn on the same body. Our approach leverages instantaneous variations in acceleration patterns from the user's gait to extract always-fresh secure secrets. It enables secure spontaneous pairing of devices worn on the same body or interacted with. The method is robust against noise in sensor readings and active attackers.

[1]  Eyal de Lara,et al.  Amigo: Proximity-Based Authentication of Mobile Devices , 2007, UbiComp.

[2]  Petia Radeva,et al.  Personalization and user verification in wearable systems using biometric walking patterns , 2011, Personal and Ubiquitous Computing.

[3]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[4]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[5]  Neil W. Bergmann,et al.  Walkie-Talkie: Motion-Assisted Automatic Key Generation for Secure On-Body Device Communication , 2016, 2016 15th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN).

[6]  Ngu Nguyen,et al.  Demo of BANDANA - Body Area Network Device-to-device Authentication using Natural gAit , 2018, 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[7]  Rong Jin,et al.  MagPairing: Pairing Smartphones in Close Proximity Using Magnetometers , 2016, IEEE Transactions on Information Forensics and Security.

[8]  D. Neumann Kinesiology of the musculoskeletal system : foundations for physical rehabilitation , 2002 .

[9]  René Mayrhofer,et al.  An Analysis of Different Approaches to Gait Recognition Using Cell Phone Based Accelerometers , 2013, MoMM '13.

[10]  René Mayrhofer,et al.  SAPHE: simple accelerometer based wireless pairing with heuristic trees , 2012, MoMM '12.

[11]  Helmut Hlavacs,et al.  Optimal Derotation of Shared Acceleration Time Series by Determining Relative Spatial Alignment , 2014, iiWAS.

[12]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[13]  Blake Hannaford,et al.  "Are You with Me?" - Using Accelerometers to Determine If Two Devices Are Carried by the Same Person , 2004, Pervasive.

[14]  Feng Hao,et al.  Tap-Tap and Pay (TTP): Preventing the Mafia Attack in NFC Payment , 2015, SSR.

[15]  Feng Hao,et al.  Tap-Tap and Pay (TTP): Preventing Man-In-The-Middle Attacks in NFC Payment Using Mobile Sensors , 2014 .

[16]  Mario Huemer,et al.  Key Generation Based on Acceleration Data of Shaking Processes , 2007, UbiComp.

[17]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[18]  Einar Snekkenes,et al.  Spoof Attacks on Gait Authentication System , 2007, IEEE Transactions on Information Forensics and Security.

[19]  René Mayrhofer,et al.  ShakeUnlock: Securely Transfer Authentication States Between Mobile Devices , 2017, IEEE Transactions on Mobile Computing.

[20]  Zheng Yang,et al.  ToAuth: Towards Automatic Near Field Authentication for Smartphones , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[21]  René Mayrhofer,et al.  Orientation Independent Cell Phone Based Gait Authentication , 2014, MoMM.

[22]  Kai Kunze,et al.  Compensating for On-Body Placement Effects in Activity Recognition , 2012 .

[23]  Paul Lukowicz,et al.  Experimental Evaluation of Variations in Primary Features Used for Accelerometric Context Recognition , 2003, EUSAI.

[24]  Feng Hao,et al.  J-PAKE: Authenticated Key Exchange without PKI , 2010, Trans. Comput. Sci..

[25]  Wouter Joosen,et al.  Accelerometer-Based Device Fingerprinting for Multi-factor Mobile Authentication , 2016, ESSoS.

[26]  René Mayrhofer,et al.  A Survey of User Interaction for Spontaneous Device Association , 2014, CSUR.

[27]  René Mayrhofer,et al.  ShakeUnlock: Securely Unlock Mobile Devices by Shaking them Together , 2014, MoMM.

[28]  René Mayrhofer,et al.  Cross Pocket Gait Authentication Using Mobile Phone Based Accelerometer Sensor , 2015, EUROCAST.

[29]  Stephan Sigg,et al.  Secure Communication Based on Ambient Audio , 2013, IEEE Transactions on Mobile Computing.

[30]  Mario Di Francesco,et al.  Secure bootstrapping of cloud-managed ubiquitous displays , 2014, UbiComp.

[31]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[32]  Sebastian Madgwick,et al.  Estimation of IMU and MARG orientation using a gradient descent algorithm , 2011, 2011 IEEE International Conference on Rehabilitation Robotics.

[33]  René Mayrhofer,et al.  The Candidate Key Protocol for Generating Secret Shared Keys from Similar Sensor Data Streams , 2007, ESAS.

[34]  Yu Liu,et al.  Overlapped-shaking: A local authentication method for mobile applications , 2014, 2014 IEEE Computers, Communications and IT Applications Conference.

[35]  Jiming Chen,et al.  Dynamic Authentication with Sensory Information for the Access Control Systems , 2014, IEEE Transactions on Parallel and Distributed Systems.

[36]  Timo Sztyler,et al.  On-body localization of wearable devices: An investigation of position-aware activity recognition , 2016, 2016 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[37]  David Kotz,et al.  Recognizing whether sensors are on the same body , 2011, Pervasive Mob. Comput..

[38]  Ahmad-Reza Sadeghi,et al.  Context-Based Zero-Interaction Pairing and Key Evolution for Advanced Personal Devices , 2014, CCS.

[39]  David Kotz,et al.  ZEBRA: Zero-Effort Bilateral Recurring Authentication , 2014, IEEE Symposium on Security and Privacy.

[40]  Yasushi Makihara,et al.  The largest inertial sensor-based gait database and performance evaluation of gait-based personal authentication , 2014, Pattern Recognit..

[41]  Mary Baker,et al.  Step-by-step Detection of Personally Collocated Mobile Devices , 2015, HotMobile.

[42]  Thuc Dinh Nguyen,et al.  A Lightweight Gait Authentication on Mobile Phone Regardless of Installation Error , 2013, SEC.

[43]  Thuc Dinh Nguyen,et al.  Gait authentication on mobile phone using biometric cryptosystem and fuzzy commitment scheme , 2015, International Journal of Information Security.

[44]  René Mayrhofer,et al.  Shake Well Before Use: Authentication Based on Accelerometer Data , 2007, Pervasive.

[45]  Guang-Zhong Yang,et al.  Secure key generation using gait features for Body Sensor Networks , 2017, 2017 IEEE 14th International Conference on Wearable and Implantable Body Sensor Networks (BSN).

[46]  N. Asokan,et al.  Security Associations in Personal Networks: A Comparative Analysis , 2007, ESAS.

[47]  Michael W. Whittle Chapter 2 – Normal gait , 2007 .

[48]  Thomas Kunz,et al.  Wireless Fingerprints Inside a Wireless Sensor Network , 2015, ACM Trans. Sens. Networks.