December 8, 2016
Just when it seemed like nothing can save physical from being consumed or at least massively transformed by digital, bright minds have drawn attention to an interesting idea – using a human body as a layer of security for data transmission. At the beginning of October, Mehrdad Hessar, Vikram Iyer and Shyamnath Gollakota from the University of Washington, published a paper called ‘Enabling On-Body Transmissions With Commodity Devices,’ where authors explored an alternative to wireless data transmission that could make medical devices and wearables more secure.
For the first time, the researchers were able to demonstrate that commodity devices can be used to generate wireless data transmissions that are confined to the human body. Among other things, researchers have evaluated their system in the presence of interference from other wearable devices such as smartwatches and nearby metallic surfaces. By modulating the operations of these input devices, they have demonstrated bitrates of up to 50 bits per second over the human body.
One of the goals of such work is to enable a physical layer of security for devices, which currently does not exist. As the authors specify, a communication primitive that transmits information directly through the body would create links immune to eavesdropping or man in the middle attacks. For example, by simply touching a doorknob, a user could transmit secret credentials from their smartphone through their body to open the door, without leaking secret information over the air.
It can also be used to create secret keys that are necessary for establishing secure wireless connections for wearable devices. For instance, instead of manually typing in a secret serial number or password for wirelessly pairing medical devices such as glucose or blood pressure monitors with smartphones, a smartphone could directly transmit arbitrary secret keys through the human body.
The biggest security challenge with devices currently is their wireless connectivity – devices rely on Bluetooth and Wi-Fi for communication, which, by design, are not aimed to restrict data transmission, but the opposite, to facilitate it for as bigger distance as possible over the air. As a result, modern wireless forms of data transmission are inherently insecure and are highly vulnerable to hackers aiming to intersect transmission.
The researchers emphasize three requirements for on-body communication:
The findings suggest that fingerprint sensors and touchpads that are common on smartphones and laptops satisfy all three requirements – inherent to being input devices, they are in direct contact with the body and they produce characteristic EM signals, which are consistent and at frequencies below 10 MHz. Moreover, the mentioned signals propagate well on the human body but degrade significantly over air, achieving the goal of secure on-body data transmissions.
With that in mind, authors designed an on-body communication system that modulates the EM signals produced by fingerprint sensors and touchpads, as well as receiver algorithms to filter the EM signals and decode the data transmitted by these input devices.
Shyamnath Gollakota, a wireless researcher at the University of Washington, explains the idea, saying that You can hold a phone in your hand and you can have a receiver on your leg, and you can actually receive signals very strongly.
Three key application scenarios outlined by the authors are:
While physical keys in various forms can be easily lost or stolen, on-body transmission system enables secure access to gated spaces by adding a biometric security to a door using fingerprint sensors on phones.
For instance, sending a numerical code with four numbers over the body requires less than 16 bits which can be sent in less than a second using the techniques described in this paper. The feedback for such a system is implicit, as the door will unlock if the code is successfully accepted at the receiver.
We note that our approach would not require storing sensitive fingerprint information at the doorknob, which is necessary for conventional biometric-based electronic lock systems.
Wearable medical devices have become an increasingly important and attractive source for hackers of private medical data and records. Given the rate of adoption of such devices, their vulnerabilities will present a significant challenge for manufacturers over time.
In order to securely communicate over wireless links, these devices encrypt data based on a secret key or password. For example, continuous glucose monitors require patients to enter the sensor’s serial number for pairing. We can envision that a user would touch their fingerprint sensor, which would, in turn, transmit a secret key to medical devices on the body. Once the secret key is transmitted, an encrypted pairing process can be used to establish a traditional wireless communication link, allowing the wearable device to communicate with smartphones or other devices.
Current solutions require transmitting periodic beacon signals from wireless devices or using measurements of physiological parameters such as heart rate for synchronization. Considering an eavesdropper can intercept or interfere with wireless beacons and that signals like heart rate are highly variable, there exists a need for novel synchronization solutions that address these issues. Our system is capable of securely transmitting information through the body with precise timing control, the authors suggest.