Secure pairing between smartphone and smartwatch based on gait biometrics

How can we provide secure pairing of devices worn on the same body that does not need any user interaction while still providing protection against active Man-in-the-Middle attacks? Instead of using passwords or numeric comparison, we thought about other secrets which could be obtained on both devices to protect the pairing process. Our idea is to record the user’s gait - the individual unique pattern how someone walks - and use it for authentication.

Bluetooth Security

Bluetooth is the most widely deployed device-to-device communication protocol in use nowadays. It is used for pairing smartphones with smartwatches, smart shoes, smart glasses, and even smart thermometers. While we are sharing more and more private information between these devices, nobody seems to bother asking: Are these connections properly protected against attackers?

Today’s Bluetooth security mechanisms are called “Secure Simple Pairing” and allow for secure pairing via entering passkeys, comparing numbers, out of band verification via NFC, or without any user input (“Just works” profile). Everyone of us has used them, one way or another. All these methods provide protection against passive attackers eavesdropping on the Bluetooth channel during the pairing process. For best usability, the “Just works” profile can be used. It requires no display and thus no user interaction except pressing a pairing button on both devices. Unfortunately, it is not secure against an active Man-in-the-Middle attack, where an attacker is placing herself in the middle of the connection relaying messages between the devices.

Use the Gait!

How can we provide secure pairing of devices worn on the same body that does not need any user interaction while still providing protection against active Man-in-the-Middle attacks? Instead of using passwords or numeric comparison, we thought about other secrets which could be obtained on both devices to protect the pairing process. Our idea is to record the user’s gait - the individual unique pattern how someone walks - and use it for authentication.

Our hope was, that the gait pattern could be obtained independently of the device’s location on the user’s body. Ideally, a fingerprint generated from accelerometer’s raw data on your forearm (smartwatch) should be the same as the one generated on your waist (smartphone). Thus, your smartphone could now be paired securely with your smartwatch authenticated by a secret fingerprint that is unique to your body and its specific movement at a specific time. In contrast, fingerprints generated on bodies nearby should be sufficiently different to the ones generated on your body. Furthermore, an attacker should not be able to guess your fingerprint by trying out all possible combinations (brute force attack). This creates implicit security barriers between persons as depicted in our scenario:

Signal Coherence

After pre-processing the data to correct the rotation error of accelerometers and applying some signal filtering, we found significant signal coherence between devices on the same body, while devices on different bodies showed no correlation:

Generating Secrets from User’s Gait

For the generation of fingerprints, the recorded accelerometer data is first separated into individual steps using auto correlation:

These individual steps are now used to calculate the average step’s acceleration, which is required in the following. The fingerprint is a binary vector generated by looking at the differences between the individual steps in comparison to this calculated average - if the acceleration is higher than the average value on point in the gait cycle, we denote 1, and 0 otherwise. An example is given in the figure below, under a). As can be seen, the acquired fingerprints do not match perfectly. To improve the similarity between fingerprints - remember, these need to be calculated on each device independently - we discard fingerprint bits that are prone to differing. We assume, that bits are more unlikely to flip the greater the difference to the averaged acceleration. In our final specification we generate 192 bit fingerprints and reduce them to 128 bit, disregarding 64 bit.

In the following picture, acceleration values bigger than average are shown as blue, those below as red. The fingerprint derived from these comparison is shown in a), reliability values are in b) (darker blue -> higher reliability). In c), fingerprints are sorted based on the reliability of the forearm and the least reliable bits are thrown away (striked through bits).

Applying these steps, we get a mean similarity of 82% between fingerprints generated on devices worn on the same body, while similarities between fingerprints generated on different bodies are indistinguishable from random (50%). The details of how we calculated these mean values are explained in our publication.

Fuzzy Extractor

Since we need to achieve perfect similarity between fingerprints, we propose the usage of a Fuzzy Extractor scheme, such as Fuzzy Commitment. The Fuzzy Extractor can be configured to only correct a specific amount of bits, suitable for the chosen bit length and scenario. This accounts for the last 18% of differing bits.

Secure Pairing

Finally, the error-corrected fingerprints can be used as secrets to authenticate the Bluetooth pairing. Our method not only works without any user input, it es even possible to employ periodic re-pairing to dynamically authenticate with new devices attached to a body making it fully interaction-free.

Publications

generated by

• Group by
  • Year
  • Author
  • Type
  • Keyword
  • Downloads
• • Expand/Collapse All
  • Download BibTeX
  • RSS Feed

Excellent! Next you can create a new website with this list, or embed it in an existing web page by copying & pasting any of the following snippets.

JavaScript (easiest)

<script src="https://bibbase.org/show?bib=http://ambientintelligence.aalto.fi/bibtex/LiteraturAll&folding=0&filter=project:bandana&jsonp=1"></script>

PHP

<?php $contents = file_get_contents("https://bibbase.org/show?bib=http://ambientintelligence.aalto.fi/bibtex/LiteraturAll&folding=0&filter=project:bandana"); print_r($contents); ?>

iFrame (not recommended)

<iframe src="https://bibbase.org/show?bib=http://ambientintelligence.aalto.fi/bibtex/LiteraturAll&folding=0&filter=project:bandana"></iframe>

For more details see the documention.

This is a preview! To use this list on your own web site or create a new web site from it, create a free account. The file will be added and you will be able to edit it in the File Manager. We will show you instructions once you've created your account.

To the site owner:

Action required! Mendeley is changing its API. In order to keep using Mendeley with BibBase past April 14th, you need to:

1. renew the authorization for BibBase on Mendeley, and
2. update the BibBase URL in your page the same way you did when you initially set up this page.

Fix it now

  2019 (1)

Security Properties of Gait for Mobile Device Pairing. Bruesch, A.; Nguyen, L. N.; Schuermann, D.; Sigg, S.; and Wolf, L. IEEE Transactions on Mobile Computing. 2019.
doi   link   bibtex   abstract  

@article{Schuermann_2019_tmc,
author={Arne Bruesch and Le Ngu Nguyen and Dominik Schuermann and Stephan Sigg and Lars Wolf},
journal={IEEE Transactions on Mobile Computing},
title={Security Properties of Gait for Mobile Device Pairing},
year={2019},
abstract = {Gait has been proposed as a feature for mobile device pairing across arbitrary positions on the human body. Results indicate that the correlation in gait-based features across different body locations is sufficient to establish secure device pairing. However, the population size of the studies is limited and powerful attackers with e.g. capability of video recording are not considered. We present a concise discussion of security properties of gait-based pairing schemes including quantization, classification and analysis of attack surfaces, of statistical properties of generated sequences, an entropy analysis, as well as possible threats and security weaknesses. For one of the schemes considered, we present modifications to fix an identified security flaw. As a general limitation of gait-based authentication or pairing systems, we further demonstrate that an adversary with video support can create key sequences that are sufficiently close to on-body generated acceleration sequences to breach gait-based security mechanisms.},
doi = {10.1109/TMC.2019.2897933},
  project = {bandana},
group = {ambience}}

Gait has been proposed as a feature for mobile device pairing across arbitrary positions on the human body. Results indicate that the correlation in gait-based features across different body locations is sufficient to establish secure device pairing. However, the population size of the studies is limited and powerful attackers with e.g. capability of video recording are not considered. We present a concise discussion of security properties of gait-based pairing schemes including quantization, classification and analysis of attack surfaces, of statistical properties of generated sequences, an entropy analysis, as well as possible threats and security weaknesses. For one of the schemes considered, we present modifications to fix an identified security flaw. As a general limitation of gait-based authentication or pairing systems, we further demonstrate that an adversary with video support can create key sequences that are sufficiently close to on-body generated acceleration sequences to breach gait-based security mechanisms.

  2018 (2)

Moves like Jagger: Exploiting variations in instantaneous gait for spontaneous device pairing . Schürmann, D.; Brüsch, A.; Nguyen, N.; Sigg, S.; and Wolf, L. Pervasive and Mobile Computing , 47. July 2018.
paper   doi   link   bibtex   abstract   4 downloads  

@article{Schuermann_2018_pmc,
title = "Moves like Jagger: Exploiting variations in instantaneous gait for spontaneous device pairing ",
journal = "Pervasive and Mobile Computing ",
year = "2018",
volume = "47",
month = "July",
doi = "https://doi.org/10.1016/j.pmcj.2018.03.006",
url_Paper = {https://authors.elsevier.com/c/1WufU5bwSmo0nk},
author = "Dominik Schürmann and Arne Brüsch and Ngu Nguyen and Stephan Sigg and Lars Wolf",
abstract = "Abstract Seamless device pairing conditioned on the context of use fosters novel application domains and ease of use. Examples are automatic device pairings with objects interacted with, such as instrumented shopping baskets, electronic tourist guides (e.g. tablets), fitness trackers or other fitness equipment. We propose a cryptographically secure spontaneous authentication scheme, BANDANA, that exploits correlation in acceleration sequences from devices worn or carried together by the same person to extract always-fresh secure secrets. On two real world datasets with 15 and 482 subjects, \{BANDANA\} generated fingerprints achieved intra- (50%) and inter-body ( > 75 % ) similarity sufficient for secure key generation via fuzzy cryptography. Using \{BCH\} codes, best results are achieved with 48 bit fingerprints from 12 gait cycles generating 16 bit long keys. Statistical bias of the generated fingerprints has been evaluated as well as vulnerabilities towards relevant attack scenarios. ",
  project = {bandana},
  group = {ambience}
  }

Abstract Seamless device pairing conditioned on the context of use fosters novel application domains and ease of use. Examples are automatic device pairings with objects interacted with, such as instrumented shopping baskets, electronic tourist guides (e.g. tablets), fitness trackers or other fitness equipment. We propose a cryptographically secure spontaneous authentication scheme, BANDANA, that exploits correlation in acceleration sequences from devices worn or carried together by the same person to extract always-fresh secure secrets. On two real world datasets with 15 and 482 subjects, \BANDANA\ generated fingerprints achieved intra- (50%) and inter-body ( > 75 % ) similarity sufficient for secure key generation via fuzzy cryptography. Using \BCH\ codes, best results are achieved with 48 bit fingerprints from 12 gait cycles generating 16 bit long keys. Statistical bias of the generated fingerprints has been evaluated as well as vulnerabilities towards relevant attack scenarios.

Demo of BANDANA – Body Area Network Device-to-device Authentication Using Natural gAit. Nguyen, L. N.; Kaya, C. Y.; Bruesch, A.; Schuermann, D.; Sigg, S.; and Wolf, L. In 2018 IEEE International Conference on Pervasive Computing and Communication (Demo), March 2018.
link   bibtex  

@INPROCEEDINGS{Le_2018_PerComDemo,
author={Le Ngu Nguyen and Caglar Yuce Kaya and Arne Bruesch and Dominik Schuermann and Stephan Sigg and Lars Wolf},
booktitle={2018 IEEE International Conference on Pervasive Computing and Communication (Demo)},
title={Demo of BANDANA -- Body Area Network Device-to-device Authentication Using Natural gAit},
year={2018},
month={March},
  project = {bandana},
group = {ambience}}

  2017 (1)

BANDANA – Body Area Network Device-to-device Authentication using Natural gAit. Schuermann, D.; Bruesch, A.; Sigg, S.; and Wolf, L. In 2017 IEEE International Conference on Pervasive Computing and Communication, March 2017.
link   bibtex   abstract  

@INPROCEEDINGS{Schuermann_2017_PerCom,
author={Dominik Schuermann and Arne Bruesch and Stephan Sigg and Lars Wolf},
booktitle={2017 IEEE International Conference on Pervasive Computing and Communication},
title={BANDANA – Body Area Network Device-to-device Authentication using Natural gAit},
year={2017},
abstract={Abstract—Secure spontaneous authentication between devices worn at arbitrary location on the same body is a challenging, yet unsolved problem. We propose BANDANA, the first-ever implicit secure device-to-device authentication scheme for devices worn on the same body. Our approach leverages instantaneous variation
in acceleration patterns from gait sequences to extract always-fresh secure secrets. It enables secure spontaneous pairing of
devices worn on the same body or interacted with. The method is robust against noise in sensor readings and active attackers. We
demonstrate the robustness of BANDANA on two gait datasets and discuss the discriminability of intra- and inter-body cases,
robustness to statistical bias, as well as possible attack scenarios.},
%doi={10.1109/PERCOMW.2016.7457119},
month={March},
project = {bandana},
group = {ambience}}

Abstract—Secure spontaneous authentication between devices worn at arbitrary location on the same body is a challenging, yet unsolved problem. We propose BANDANA, the first-ever implicit secure device-to-device authentication scheme for devices worn on the same body. Our approach leverages instantaneous variation in acceleration patterns from gait sequences to extract always-fresh secure secrets. It enables secure spontaneous pairing of devices worn on the same body or interacted with. The method is robust against noise in sensor readings and active attackers. We demonstrate the robustness of BANDANA on two gait datasets and discuss the discriminability of intra- and inter-body cases, robustness to statistical bias, as well as possible attack scenarios.