TY - GEN
T1 - Enabling secure touch-To-Access device pairing based on human body's electrical response
AU - Wang, Yao
AU - Gu, Tao
AU - Zhang, Yu
AU - Lyu, Minjie
AU - Luan, Tom H.
AU - Li, Hui
PY - 2022/10
Y1 - 2022/10
N2 - Recent efforts in reducing user involvement during device pairing have successfully introduced touch-to-access. To detect whether two devices are being held by the same person, existing touch-to-access solutions extract features from a shared information source to generate pairing keys. They focus on validating the device's authenticity by only requiring the user's simple touching of the device, however, ignore the device holder's legitimacy and pairing intent. Moreover, the pairing keys may be vulnerable to eavesdropping attacks since they are exchanged over an open wireless link (e.g., WiFi or Bluetooth). In this paper, we develop a secure device pairing mechanism that essentially uses the human body to generate and transmit user-specific pairing keys, ensuring the user's legitimacy and pairing intent, as well as improving key transmission reliability. Our work is based on the observation that the human body produces a unique response to the electrical signal flowing through it, and different bodies induce distinct responses to the signal. The built-in microphone on devices captures ambient sound as an entropy source and converts it into an electrical signal, which is subsequently processed and transmitted by the human body for device pairing. We build a prototype using off-The-shelf microphones and conduct extensive experiments with 31 participants to evaluate its security performance and usability. The results show that our system achieves a pairing success rate of 97.74% and an equal error rate of 2.28%.
AB - Recent efforts in reducing user involvement during device pairing have successfully introduced touch-to-access. To detect whether two devices are being held by the same person, existing touch-to-access solutions extract features from a shared information source to generate pairing keys. They focus on validating the device's authenticity by only requiring the user's simple touching of the device, however, ignore the device holder's legitimacy and pairing intent. Moreover, the pairing keys may be vulnerable to eavesdropping attacks since they are exchanged over an open wireless link (e.g., WiFi or Bluetooth). In this paper, we develop a secure device pairing mechanism that essentially uses the human body to generate and transmit user-specific pairing keys, ensuring the user's legitimacy and pairing intent, as well as improving key transmission reliability. Our work is based on the observation that the human body produces a unique response to the electrical signal flowing through it, and different bodies induce distinct responses to the signal. The built-in microphone on devices captures ambient sound as an entropy source and converts it into an electrical signal, which is subsequently processed and transmitted by the human body for device pairing. We build a prototype using off-The-shelf microphones and conduct extensive experiments with 31 participants to evaluate its security performance and usability. The results show that our system achieves a pairing success rate of 97.74% and an equal error rate of 2.28%.
KW - ambient sound
KW - body electrical response
KW - device pairing
UR - https://www.scopus.com/pages/publications/85140930526
U2 - 10.1145/3495243.3564146
DO - 10.1145/3495243.3564146
M3 - Conference proceeding contribution
AN - SCOPUS:85140930526
T3 - Proceedings of the Annual International Conference on Mobile Computing and Networking, MOBICOM
SP - 556
EP - 569
BT - ACM MobiCom 2022 - Proceedings of the 2022 28th Annual International Conference on Mobile Computing and Networking
PB - Association for Computing Machinery (ACM)
CY - New York, NY
T2 - 28th ACM Annual International Conference on Mobile Computing and Networking, MobiCom 2022
Y2 - 17 October 2202 through 21 October 2202
ER -