Abstract
Recent years have witnessed a remarkable growth in the number of smart wearable devices. For many of these devices, an important security issue is to establish an authenticated communication channel between legitimate devices to protect the subsequent communications. Due to the wireless nature of the communication and the extreme resource constraints of sensor devices, providing secure, efficient, and user-friendly device pairing is a challenging task. Traditional solutions for device pairing mostly depend on key predistribution, which is unsuitable for wearable devices in many ways. In this article, we design Gait-Key, a shared secret key generation scheme that allows two legitimate devices to establish a common cryptographic key by exploiting users’ walking characteristics (gait). The intuition is that the sensors on different locations on the same body experience similar accelerometer signals when the user is walking. However, one main challenge is that the accelerometer also captures motion signals produced by other body parts (e.g., swinging arms). We address this issue by using the blind source separation technique to extract the informative signal produced by the unique gait patterns. Our experimental results show that Gait-Key can generate a common 128-bit key for two legitimate devices with 98.3% probability. To demonstrate the feasibility, the proposed key generation scheme is implemented on modern smartphones. The evaluation results show that the proposed scheme can run in real time on modern mobile devices and incurs low system overhead.
- Louis Atallah, Omer Aziz, Benny Lo, and Guang-Zhong Yang. 2009. Detecting walking gait impairment with an ear-worn sensor. In Proceedings of the BSN Conference (BSN’09). IEEE, Los Alamitos, CA, 175--180. Google ScholarDigital Library
- Charles H. Bennett, Gilles Brassard, and Jean-Marc Robert. 1988. Privacy amplification by public discussion. SIAM Journal on Computing 17, 2, 210--229. Google ScholarDigital Library
- Daniel Bichler, Guido Stromberg, Mario Huemer, and Manuel Löw. 2007. Key Generation Based on Acceleration Data of Shaking Processes. Springer. Google ScholarCross Ref
- Vince D. Calhoun, Jingyu Liu, and Tülay Adali. 2009. A review of group ICA for fMRI data and ICA for joint inference of imaging, genetic, and ERP data. Neuroimage 45, 1, S163--S172. Google ScholarCross Ref
- Brent Carrara and Carlisle Adams. 2010. You are the key: Generating cryptographic keys from voice biometrics. In Proceedings of the PST Conference (PST’10). IEEE, Los Alamitos, CA, 213--222. Google ScholarCross Ref
- Jianyong Chen, Guihua Wu, and Zhen Ji. 2011. Secure interoperation of identity managements among different circles of trust. Computer Standards and Interfaces 33, 6, 533--540. Google ScholarDigital Library
- George C. Clark Jr. and J. Bibb Cain. 2013. Error-Correction Coding for Digital Communications. Springer Science 8 Business Media.Google Scholar
- Cory T. Cornelius and David F. Kotz. 2012. Recognizing whether sensors are on the same body. Pervasive and Mobile Computing 8, 6, 822--836. Google ScholarDigital Library
- B. De Moor, P. De Gersem, B. De Schutter, and W. Favoreel. 1997. DAISY: A database for identification of systems. Journal A 38, 3, 4--5.Google Scholar
- Arnaud Delorme and Scott Makeig. 2004. EEGLAB: An open source toolbox for analysis of single-trial EEG dynamics including independent component analysis. Journal of Neuroscience Methods 134, 1, 9--21. Google ScholarCross Ref
- Whitfield Diffie and Martin E. Hellman. 1976. New directions in cryptography. IEEE Transactions on Information Theory 22, 6, 644--654. Google ScholarDigital Library
- Ken Hinckley. 2003. Synchronous gestures for multiple persons and computers. In Proceedings of the the UIST Conference (UIST’03). ACM, New York, NY, 149--158. Google ScholarDigital Library
- Thang Hoang and Deokjai Choi. 2014. Secure and privacy enhanced gait authentication on smart phone. Scientific World Journal 2014, Article No. 438254. Google ScholarCross Ref
- Lars Erik Holmquist, Friedemann Mattern, Bernt Schiele, Petteri Alahuhta, Michael Beigl, and Hans-W. Gellersen. 2001. Smart-its friends: A technique for users to easily establish connections between smart artefacts. In Proceedings of Ubicomp (Ubicomp’01). 116--122. Google ScholarCross Ref
- Aapo Hyvärinen. 1999. Fast and robust fixed-point algorithms for independent component analysis. IEEE Transactions on Neural Networks 10, 3, 626--634. Google ScholarDigital Library
- Aapo Hyvärinen, Juha Karhunen, and Erkki Oja. 2004. Independent Component Analysis. Vol. 46. John Wiley 8 Sons.Google Scholar
- Anil K. Jain, Karthik Nandakumar, and Abhishek Nagar. 2008. Biometric template security. EURASIP Journal on Advances in Signal Processing 2008, 113. Google ScholarDigital Library
- Chitra Javali, Girish Revadigar, Lavy Libman, and Sanjay Jha. 2014. SeAK: Secure authentication and key generation protocol based on dual antennas for wireless body area networks. In Proceedings of the RFID Workshop (RFIDsec’14). Google ScholarCross Ref
- Ari Juels and Martin Wattenberg. 1999. A fuzzy commitment scheme. In Proceedings of the CCS Conference (CCS’99). ACM, New York, NY, 28--36. Google ScholarDigital Library
- Jonathan Lester, Blake Hannaford, and Gaetano Borriello. 2004. “Are you with me?”—using accelerometers to determine if two devices are carried by the same person. In Pervasive Computing. Lecture Notes in Computer Science, Vol. 3001. Springer, 33--50. Google ScholarCross Ref
- Peng Li, Xin Yang, Hua Qiao, Kai Cao, Eryun Liu, and Jie Tian. 2012. An effective biometric cryptosystem combining fingerprints with error correction codes. Expert Systems with Applications 39, 7, 6562--6574. Google ScholarDigital Library
- Yang Lin, Wang Wei, and Zhang Qian. 2017. Secret from muscle: Enabling secure pairing with electromyography. In Proceedings of the Sensys Conference (Sensys’17). ACM, New York, NY.Google Scholar
- Junliang Liu, Fengqin Yu, and Ying Chen. 2014. Speech separation based on improved fast ICA with kurtosis maximization of wavelet packet coefficients. In New Perspectives in Information Systems and Technologies. Vol. 1. Springer, 43--50. Google ScholarCross Ref
- Benny Lo, Fani Deligianni, and Guang-Zhong Yang. 2006. Source recovery for body sensor network. In Proceedings of the BSN Conference (BSN’06). IEEE, Los Alamitos, CA, 1--4. Google ScholarDigital Library
- Chengwen Luo, Long Cheng, Mun Choon Chan, Yu Gu, Jianqiang Li, and Zhong Ming. 2016a. Pallas: Self-bootstrapping fine-grained passive indoor localization using WiFi monitors. IEEE Transactions on Mobile Computing PP, 99, 1--14. Google ScholarCross Ref
- Chengwen Luo, Hande Hong, Long Cheng, Mun Choon Chan, Jianqiang Li, and Zhong Ming. 2016b. Accuracy-aware wireless indoor localization: Feasibility and applications. Journal of Network and Computer Applications 62, 128--136. Google ScholarDigital Library
- Emanuele Maiorana. 2010. Biometric cryptosystem using function based on-line signature recognition. Expert Systems with Applications 37, 4, 3454--3461. Google ScholarDigital Library
- R. Alvarez Marino, F. Hernandez Alvarez, and L. Hernandez Encinas. 2012. A crypto-biometric scheme based on iris-templates with fuzzy extractors. Information Sciences 195, 91--102. Google ScholarDigital Library
- Suhas Mathur, Robert Miller, Alexander Varshavsky, Wade Trappe, and Narayan Mandayam. 2011. Proximate: Proximity-based secure pairing using ambient wireless signals. In Proceedings of the MobiSys Conference (MobiSys’11). ACM, New York, NY, 211--224. Google ScholarDigital Library
- Suhas Mathur, Wade Trappe, Narayan Mandayam, Chunxuan Ye, and Alex Reznik. 2008. Radio-telepathy: Extracting a secret key from an unauthenticated wireless channel. In Proceedings of the MobiCom Conference (MobiCom’08). ACM, New York, NY, 128--139. Google ScholarDigital Library
- Rene Mayrhofer and Hans Gellersen. 2009. Shake well before use: Intuitive and secure pairing of mobile devices. IEEE Transactions on Mobile Computing 8, 6, 792--806. Google ScholarDigital Library
- Martin J. McKeown and Terrence J. Sejnowski. 1998. Independent component analysis of fMRI data: Examining the assumptions. Human Brain Mapping 6, 5--6, 368--372. Google ScholarCross Ref
- Peter Middleton, Peter Kjeldsen, and Jim Tully. 2013. Forecast: The Internet of Things, worldwide, 2013. Retrieved December 20, 2016, from https://www.gartner.com/doc/2625419/forecast-internet-things-worldwideGoogle Scholar
- Nesma Mohssen, Rana Momtaz, Heba Aly, and Moustafa Youssef. 2014. It’s the human that matters: Accurate user orientation estimation for mobile computing applications. In Proceedings of the MobiQuitous Conference (MobiQuitous’14). 70--79. Google ScholarDigital Library
- M. Pat Murray. 1967. Gait as a total pattern of movement: Including a bibliography on gait. American Journal of Physical Medicine and Rehabilitation 46, 1, 290--333.Google Scholar
- Gita Pendharkar, Ganesh R. Naik, and Hung T. Nguyen. 2014. Using blind source separation on accelerometry data to analyze and distinguish the toe walking gait from normal gait in ITW children. Biomedical Signal Processing and Control 13, 41--49. Google ScholarCross Ref
- Girish Revadigar, Chitra Javali, Hassan Asghar, Kasper Rasmussen, and Sanjay Jha. 2015a. Mobility independent secret key generation for wearable health-care devices. In Proceedings of the BodyNets Conference (BodyNets’15). Google ScholarDigital Library
- Girish Revadigar, Chitra Javali, Hassan Asghar, Kasper Rasmussen, and Sanjay Jha. 2015b. Secret Key Generation for Body-Worn Devices by Inducing Artificial Randomness in the Channel. nical Report UNSW-CSE-TR-201506. UNSW, Australia.Google Scholar
- Girish Revadigar, Chitra Javali, Wen Hu, and Sanjay Jha. 2015c. DLINK: Dual link based radio frequency fingerprinting for wearable devices. In Proceedings of the LCN Conference (LCN’15). Google ScholarDigital Library
- Girish Revadigar, Chitra Javali, Weitao Xu, Wen Hu, and Sanjay Jha. 2016. Secure key generation and distribution protocol for wearable devices. In Proceedings of the PerCom Workshop (PerCom Workshops’16). IEEE, Los Alamitos, CA, 1--4. Google ScholarCross Ref
- Masoud Rostami, Ari Juels, and Farinaz Koushanfar. 2013. Heart-to-heart (H2H): Authentication for implanted medical devices. In Proceedings of the CCS Conference (CCS’13). ACM, New York, NY, 1099--1112. Google ScholarDigital Library
- Nirupam Roy, He Wang, and Romit Roy Choudhury. 2014. I am a smartphone and I can tell my user’s walking direction. In Proceedings of the MobiSys Conference (MobiSys’14). ACM, New York, NY, 329--342. Google ScholarDigital Library
- Andrew Rukhin, Juan Soto, James Nechvatal, Miles Smid, and Elaine Barker. 2001. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. Technical Report. DTIC Document.Google Scholar
- Michael Rushanan, Aviel D. Rubin, Denis Foo Kune, and Colleen M. Swanson. 2014. SoK: Security and privacy in implantable medical devices and body area networks. In Proceedings of the SP Symposium (SP’14). IEEE, Los Alamitos, CA, 524--539. Google ScholarDigital Library
- Mikkel N. Schmidt and Rasmus Kongsgaard Olsson. 2006. Single-channel speech separation using sparse non-negative matrix factorization. In Proceedings of the INTERSPEECH Conference (INTERSPEECH’06).Google Scholar
- Lu Shi, Jiawei Yuan, Shucheng Yu, and Ming Li. 2013. ASK-BAN: Authenticated secret key extraction utilizing channel characteristics for body area networks. In Proceedings of the WiSec Conference (WiSec’13). Google ScholarDigital Library
- G. Srivastava, S. Crottaz-Herbette, K. M. Lau, G. H. Glover, and V. Menon. 2005. ICA-based procedures for removing ballistocardiogram artifacts from EEG data acquired in the MRI scanner. Neuroimage 24, 1, 50--60. Google ScholarCross Ref
- Weitao Xu, Guohao Lan, Qi Lin, Sara Khalifa, Neil Bergmann, Mahbub Hassan, and Hu Wen. 2017. KEH-Gait: Towards a mobile healthcare user authentication system by kinetic energy harvesting. In Proceedings of the NDSS Conference (NDSS’17).Google ScholarCross Ref
- Weitao Xu, Girish Revadigar, Chengwen Luo, Neil Bergmann, and Wen Hu. 2016a. Walkie-Talkie: Motion-assisted automatic key generation for secure on-body device communication. In Proceedings of the IPSN Conference (IPSN’16). IEEE, Los Alamitos, CA, 1--12. Google ScholarCross Ref
- Weitao Xu, Yiran Shen, Neil Bergmann, and Wen Hu. 2016b. Sensor-assisted face recognition system on smart glass via multi-view sparse representation classification. In Proceedings of the IPSN Conference (IPSN’16). IEEE, Los Alamitos, CA, 1--12. Google ScholarCross Ref
- Kai Zeng, Daniel Wu, An Chan, and Prasant Mohapatra. 2010. Exploiting multiple-antenna diversity for shared secret key generation in wireless networks. In Proceedings of the IEEE INFOCOM Conference (INFOCOM’10). IEEE, Los Alamitos, CA, 1--9. Google ScholarCross Ref
- Hongying Zheng, Quan Yuan, and Jianyong Chen. 2015. A framework for protecting personal information and privacy. Security and Communication Networks 8, 16, 2867--2874. Google ScholarDigital Library
Index Terms
- Gait-Key: A Gait-Based Shared Secret Key Generation Protocol for Wearable Devices
Recommendations
Auto-Key: Using Autoencoder to Speed Up Gait-based Key Generation in Body Area Networks
With the rising popularity of wearable devices and sensors, shielding Body Area Networks (BANs) from eavesdroppers has become an urgent problem to solve. Since the conventional key distribution systems are too onerous for resource-constrained wearable ...
Walkie-Talkie: motion-assisted automatic key generation for secure on-body device communication
IPSN '16: Proceedings of the 15th International Conference on Information Processing in Sensor NetworksThe ubiquity of wearable and implantable devices has sparked a new set of mobile computing applications that leverage the abundant information from sensors. For many of these applications, ensuring the security of communication between legitimate ...
Secure ad hoc trust initialization and key management in wireless body area networks
The body area network (BAN) is a key enabling technology in e-healthcare. An important security issue is to establish initial trust relationships among the BAN devices before they are actually deployed and generate necessary shared secret keys to ...
Comments