skip to main content

Title: WatchID: Wearable Device Authentication via Reprogrammable Vibration
Prevalent wearables (e.g., smartwatches and activity trackers) demand high secure measures to protect users' private information, such as personal contacts, bank accounts, etc. While existing two-factor authentication methods can enhance traditional user authentication, they are not convenient as they require participations from users. Recently, manufacturing imperfections in hardware devices (e.g., accelerometers and WiFi interface) have been utilized for low-effort two-factor authentications. However, these methods rely on fixed device credentials that would require users to replace their devices once the device credentials are stolen. In this work, we develop a novel device authentication system, WatchID, that can identify a user's wearable using its vibration-based device credentials. Our system exploits readily available vibration motors and accelerometers in wearables to establish a vibration communication channel to capture wearables' unique vibration characteristics. Compared to existing methods, our vibration-based device credentials are reprogrammable and easy to use. We develop a series of data processing methods to mitigate the impact of noises and body movements. A lightweight convolutional neural network is developed for feature extraction and device authentication. Extensive experimental results using five smartwatches show that WatchID can achieve an average precision and recall of 98% and 94% respectively in various attacking scenarios.  more » « less
Award ID(s):
Author(s) / Creator(s):
; ; ; ; ;
Hara, T.; Yamaguchi, H.
Date Published:
Journal Name:
Mobile and Ubiquitous Systems: Computing, Networking and Services. MobiQuitous 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Continuous location authentication (CLA) seeks to continuously and automatically verify the physical presence of legitimate users in a protected indoor area. CLA can play an important role in contexts where access to electrical or physical resources must be limited to physically present legitimate users. In this paper, we present WearRF-CLA, a novel CLA scheme built upon increasingly popular wrist wearables and UHF RFID systems. WearRF-CLA explores the observation that human daily routines in a protected indoor area comprise a sequence of human-states (e.g., walking and sitting) that follow predictable state transitions. Each legitimate WearRF-CLA user registers his/her RFID tag and also wrist wearable during system enrollment. After the user enters a protected area, WearRF-CLA continuously collects and processes the gyroscope data of the wrist wearable and the phase data of the RFID tag signals to verify three factors to determine the user's physical presence/absence without explicit user involvement: (1) the tag ID as in a traditional RFID authentication system, (2) the validity of the human-state chain, and (3) the continuous coexistence of the paired wrist wearable and RFID tag with the user. The user passes CLA if and only if all three factors can be validated. Extensive user experiments on commodity smartwatches and UHF RFID devices confirm the very high security and low authentication latency of WearRF-CLA. 
    more » « less
  2. null (Ed.)
    Smart bracelets able to interpret the wearer's emotional state and communicate it to a remote decision-support facility will have broad applications in healthcare, elder care, the military, and other fields. While there are existing commercial embedded devices, such as the Apple Watch, that have health-monitoring sensors, such devices cannot sufficiently support a real-time health-monitoring system with battery-efficient remote data delivery. Ongoing R&D is developing solutions capable of monitoring multiple psycho-physiological signals. Possible hardware configurations include wrist-worn devices and sensors across an augmented reality headset (e.g., HoloLens 2). The device should carry an array of sensors of psycho-physiological signals, including a galvanic skin response sensor, motion sensor, skin temperature sensor, and a heart rate sensor. Output from these sensors can be intelligently fused to monitor the affective state and to determine specific trigger events for the wearer. To enable real-time remote monitoring applications, the device needs to be low-power to allow persistent monitoring while prolonging usage before recharging. For many applications, specialized sensor arrays are required, e.g. a galvanic skin response sensor. An application-flexible device would allow adding/removing sensors and would provide a choice of communication modules (e.g., Bluetooth 5.0 low-energy vs ZigBee). Appropriate configurations of the device would support applications in military health monitoring, drug-addiction mitigation, autistic trigger monitoring, and augmented reality exploration. A configuration example is: motion sensors (3-axis accelerometers, gyroscopes, and magnetometers to track steps, falls, and energy usage), a heart-rate sensor (e.g., an optical-based heart rate sensor with a single monitoring zone using the process of photoplethysmography (PPS)), at least a Bluetooth 5.0 (but a different communication device may be needed depending on the use case), and flash memory to temporarily store data when the device is not remotely communicating. The wearables field has greatly advanced in the quality of sensors; the fusion of multi-sensor data is the current frontier. 
    more » « less
  3. Vibration is ubiquitous as a mode of haptic communication, and is used widely in handheld devices to convey events and notifications. The miniaturization of electromechanical actuators that are used to generate these vibrations has enabled designers to embed such actuators in wearable devices, conveying vibration at the wrist and other locations on the body. However, the rigid housings of these actuators mean that such wearables cannot be fully soft and compliant at the interface with the user. Fluidic textile-based wearables offer an alternative mechanism for haptic feedback in a fabric-like form factor. To our knowledge, fluidically driven vibrotactile feedback has not been demonstrated in a wearable device without the use of valves, which can only enable low-frequency vibration cues and detract from wearability due to their rigid structure. We introduce a soft vibrotactile wearable, made of textile and elastomer, capable of rendering high-frequency vibration. We describe our design and fabrication methods and the mechanism of vibration, which is realized by controlling inlet pressure and harnessing a mechanical hysteresis. We demonstrate that the frequency and amplitude of vibration produced by our device can be varied based on changes in the input pressure, with 0.3 to 1.4 bar producing vibrations that range between 160 and 260 Hz at 13 to 38 g, the acceleration due to gravity. Our design allows for controllable vibrotactile feedback that is comparable in frequency and outperforms in amplitude relative to electromechanical actuators, yet has the compliance and conformity of fully soft wearable devices. 
    more » « less
  4. User authentication is a critical process in both corporate and home environments due to the ever-growing security and privacy concerns. With the advancement of smart cities and home environments, the concept of user authentication is evolved with a broader implication by not only preventing unauthorized users from accessing confidential information but also providing the opportunities for customized services corresponding to a specific user. Traditional approaches of user authentication either require specialized device installation or inconvenient wearable sensor attachment. This paper supports the extended concept of user authentication with a device-free approach by leveraging the prevalent WiFi signals made available by IoT devices, such as smart refrigerator, smart TV and thermostat, etc. The proposed system utilizes the WiFi signals to capture unique human physiological and behavioral characteristics inherited from their daily activities, including both walking and stationary ones. Particularly, we extract representative features from channel state information (CSI) measurements of WiFi signals, and develop a deep learning based user authentication scheme to accurately identify each individual user. Extensive experiments in two typical indoor environments, a university office and an apartment, are conducted to demonstrate the effectiveness of the proposed authentication system. In particular, our system can achieve over 94% and 91% authentication accuracy with 11 subjects through walking and stationary activities, respectively. 
    more » « less
  5. Biometrics have been widely adopted for enhancing user authentication, benefiting usability by exploiting pervasive and collectible unique characteristics from physiological or behavioral traits of human. However, successful attacks on "static" biometrics such as fingerprints have been reported where an adversary acquires users' biometrics stealthily and compromises non-resilient biometrics. To mitigate the vulnerabilities of static biometrics, we leverage the unique and nonlinear hand-surface vibration response and design a system called Velody to defend against various attacks including replay and synthesis. The Velody system relies on two major properties in hand-surface vibration responses: uniqueness, contributed by physiological characteristics of human hands, and nonlinearity, whose complexity prevents attackers from predicting the response to an unseen challenge. Velody employs a challenge-response protocol. By changing the vibration challenge, the system elicits input-dependent nonlinear "symptoms" and unique spectrotemporal features in the vibration response, stopping both replay and synthesis attacks. Also, a large number of disposable challenge-response pairs can be collected during enrollment passively for daily authentication sessions. We build a prototype of Velody with an off-the-shelf vibration speaker and accelerometers to verify its usability and security through a comprehensive user experiment. Our results show that Velody demonstrates both strong security and long-term consistency with a low equal error rate (EER) of 5.8% against impersonation attack while correctly rejecting all other attacks including replay and synthesis attacks using a very short vibration challenge. 
    more » « less