skip to main content


Title: AEROKEY: Using Ambient Electromagnetic Radiation for Secure and Usable Wireless Device Authentication
Wireless connectivity is becoming common in increasingly diverse personal devices, enabling various interoperation- and Internet-based applications and services. More and more interconnected devices are simultaneously operated by a single user with short-lived connections, making usable device authentication methods imperative to ensure both high security and seamless user experience. Unfortunately, current authentication methods that heavily require human involvement, in addition to form factor and mobility constraints, make this balance hard to achieve, often forcing users to choose between security and convenience. In this work, we present a novel over-the-air device authentication scheme named AEROKEY that achieves both high security and high usability. With virtually no hardware overhead, AEROKEY leverages ubiquitously observable ambient electromagnetic radiation to autonomously generate spatiotemporally unique secret that can be derived only by devices that are closely located to each other. Devices can make use of this unique secret to form the basis of a symmetric key, making the authentication procedure more practical, secure and usable with no active human involvement. We propose and implement essential techniques to overcome challenges in realizing AEROKEY on low-cost microcontroller units, such as poor time synchronization, lack of precision analog front-end, and inconsistent sampling rates. Our real-world experiments demonstrate reliable authentication as well as its robustness against various realistic adversaries with low equal-error rates of 3.4% or less and usable authentication time of as low as 24 s.  more » « less
Award ID(s):
1845469 2107020
NSF-PAR ID:
10326397
Author(s) / Creator(s):
; ; ; ; ; ; ; ;
Date Published:
Journal Name:
Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
Volume:
6
Issue:
1
ISSN:
2474-9567
Page Range / eLocation ID:
1 to 29
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Abstract

    Biometric locking systems offer a seamless integration of an individual's physiological characteristics with secure authentication. However, they suffer from limitations such as false positive and negative authentication, environmental interference, and varying disadvantages across multiple authentication methods. To address these limitations, this study develops a soft smart biopatch for a continuous cardiac biometric wearable device that can continuously gather novel biometric data from an individual's heart sound for authentication with minimal error (less than 0.5%). The device is designed to be discreet and user‐friendly, and it employs soft biocompatible materials to ensure comfort and ease of use. The patch system incorporates a miniaturized microphone to monitor sounds over long periods and multiple dimensions, enhancing the reliability of the biometric data. Furthermore, the use of machine‐learning algorithms has enabled the creation of unique identification keys for individuals based on the continuous monitoring properties of the low‐cost device. These advantages make it more effective and efficient than traditional biometric systems, with the potential to enhance the security of mobile devices and door locks.

     
    more » « less
  2. Passive RFID technology is widely used in user authentication and access control. We propose RF-Rhythm, a secure and usable two-factor RFID authentication system with strong resilience to lost/stolen/cloned RFID cards. In RF-Rhythm, each legitimate user performs a sequence of taps on his/her RFID card according to a self-chosen secret melody. Such rhythmic taps can induce phase changes in the backscattered signals, which the RFID reader can detect to recover the user’s tapping rhythm. In addition to verifying the RFID card’s identification information as usual, the backend server compares the extracted tapping rhythm with what it acquires in the user enrollment phase. The user passes authentication checks if and only if both verifications succeed. We also propose a novel phase-hopping protocol in which the RFID reader emits Continuous Wave (CW) with random phases for extracting the user’s secret tapping rhythm. Our protocol can prevent a capable adversary from extracting and then replaying a legitimate tapping rhythm from sniffed RFID signals. Comprehensive user experiments confirm the high security and usability of RF-Rhythm with false-positive and false-negative rates close to zero. 
    more » « less
  3. null (Ed.)
    User authentication is a critical process in both corporate and home environments due to the ever-growing security and privacy concerns. With the advancement of smart cities and home environments, the concept of user authentication is evolved with a broader implication by not only preventing unauthorized users from accessing confidential information but also providing the opportunities for customized services corresponding to a specific user. Traditional approaches of user authentication either require specialized device installation or inconvenient wearable sensor attachment. This article supports the extended concept of user authentication with a device-free approach by leveraging the prevalent WiFi signals made available by IoT devices, such as smart refrigerator, smart TV, and smart thermostat, and so on. The proposed system utilizes the WiFi signals to capture unique human physiological and behavioral characteristics inherited from their daily activities, including both walking and stationary ones. Particularly, we extract representative features from channel state information (CSI) measurements of WiFi signals, and develop a deep-learning-based user authentication scheme to accurately identify each individual user. To mitigate the signal distortion caused by surrounding people’s movements, our deep learning model exploits a CNN-based architecture that constructively combines features from multiple receiving antennas and derives more reliable feature abstractions. Furthermore, a transfer-learning-based mechanism is developed to reduce the training cost for new users and environments. Extensive experiments in various indoor environments are conducted to demonstrate the effectiveness of the proposed authentication system. In particular, our system can achieve over 94% authentication accuracy with 11 subjects through different activities. 
    more » « less
  4. Hara, T. ; Yamaguchi, H. (Ed.)
    Prevalent wearables (e.g., smartwatches and activity trackers) demand high secure measures to protect users' private information, such as personal contacts, bank accounts, etc. While existing two-factor authentication methods can enhance traditional user authentication, they are not convenient as they require participations from users. Recently, manufacturing imperfections in hardware devices (e.g., accelerometers and WiFi interface) have been utilized for low-effort two-factor authentications. However, these methods rely on fixed device credentials that would require users to replace their devices once the device credentials are stolen. In this work, we develop a novel device authentication system, WatchID, that can identify a user's wearable using its vibration-based device credentials. Our system exploits readily available vibration motors and accelerometers in wearables to establish a vibration communication channel to capture wearables' unique vibration characteristics. Compared to existing methods, our vibration-based device credentials are reprogrammable and easy to use. We develop a series of data processing methods to mitigate the impact of noises and body movements. A lightweight convolutional neural network is developed for feature extraction and device authentication. Extensive experimental results using five smartwatches show that WatchID can achieve an average precision and recall of 98% and 94% respectively in various attacking scenarios. 
    more » « less
  5. User authentication is a critical process in both corporate and home environments due to the ever-growing security and privacy concerns. With the advancement of smart cities and home environments, the concept of user authentication is evolved with a broader implication by not only preventing unauthorized users from accessing confidential information but also providing the opportunities for customized services corresponding to a specific user. Traditional approaches of user authentication either require specialized device installation or inconvenient wearable sensor attachment. This paper supports the extended concept of user authentication with a device-free approach by leveraging the prevalent WiFi signals made available by IoT devices, such as smart refrigerator, smart TV and thermostat, etc. The proposed system utilizes the WiFi signals to capture unique human physiological and behavioral characteristics inherited from their daily activities, including both walking and stationary ones. Particularly, we extract representative features from channel state information (CSI) measurements of WiFi signals, and develop a deep learning based user authentication scheme to accurately identify each individual user. Extensive experiments in two typical indoor environments, a university office and an apartment, are conducted to demonstrate the effectiveness of the proposed authentication system. In particular, our system can achieve over 94% and 91% authentication accuracy with 11 subjects through walking and stationary activities, respectively. 
    more » « less