Liang Kou,Yiqi Shi,Liguo Zhang,Duo Liu,Qing Yang

DOI: https://doi.org/10.32604/cmc.2019.03760

2019-01-01

Abstract:With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.

Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

Yuanchao Shu,Yu Gu,Jiming Chen

DOI: https://doi.org/10.1109/MASS.2012.6502522

2012-01-01

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges can not be transferred among trusted users. In this work, we introduce a sensory-data-enhanced authentication for access control systems. By combining sensory-data obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss and stolen. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with simple sensor data and empirically demonstrate simple rotations can increase key space by more than 30, 000 times with an authentication accuracy of 95%. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Zhenyu Guan,Jiawei Li,Hao Liu,Dawei Li

DOI: https://doi.org/10.1007/978-3-030-34083-4_2

2019-01-01

Abstract:We develop a new wearable situational awareness and trusted collaboration system to solve several problems with existing wearable devices: a low degree of functional integration and use efficiency, the credibility of data and depending on some external facilities (such as the Internet and servers). We implement a variety of features on a wearable device, improve interaction efficiency by introducing Mixed Reality (MR) to the system. Besides, unlike existing infrastructure-dependent (e.g., for positioning or identification) devices, we use ad hoc network and embedded local modules to reach a offline implementation of information analysis and processing. Moreover, to guarantee the credibility of information in the ad hoc network, we use a lightweight blockchain among the devices. In this way, each device in the network can conduct local situational awareness and instant interaction with the user, and the information passed among users can also be considered credible.

Zhenyang Guo,Jin Cao,Xiaomeng Bai,Ang Li,Ben Niu,Hui Li

DOI: https://doi.org/10.1109/jsen.2023.3315523

IF: 4.3

2023-01-01

IEEE Sensors Journal

Abstract:Information security and user comfort are the games that smartphone manufacturers have always had to face. The explicit authentication methods, including password, fingerprint recognition, and face recognition, have become the most popular ways to unlock smartphones. However, these methods also incur some troubles in users’ daily lives and even suffer from security problems like shoulder surfing attacks and password reuse attacks. Unlike the explicit authentication methods, the implicit authentication methods employ the user’s behavior, posture, etc., to confirm who the user is. The "Smart Lock (SL)," as a new implicit authentication introduced by the biggest smartphone system manufacturer, Google, has effectively increased user comfort while ensuring user information security. However, we found that the SL is not secure enough, where anyone wearing a smart device can be authenticated. In this paper, based on the "Trusted Devices (DEVICE)" approach in SL, we design a band with sensors commonly found on smart wearables and two authentication models to improve the security of SL scenarios. We use our designed band to collect data in order to evaluate our models. The experimental results show that our designed band is universal. Our authentication model for power-constrained devices such as wearables has 97.01% accuracy and a power overhead of 0.0195mAh per time. The designed authentication model for smartphones has an accuracy of 99.67% and power consumption of 0.83mAh per time. Therefore, our scheme can meet the implicit authentication for different security requirements in different scenarios.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Fan Wu,Xiong Li,Lili Xu,Saru Kumari,Marimuthu Karuppiah,Jian Shen

DOI: https://doi.org/10.1016/j.compeleceng.2017.04.012

IF: 4.152

2017-01-01

Computers & Electrical Engineering

Abstract:As a popular technology for Internet of Things (IoT), wearable devices are accepted widely by people. Classic wearable devices including glasses and watches collect wearers’ information which is usually private. Often, a single wearable device is not enough to see the data of the user and a mobile terminal such as a smart phone is used to match the wearable device. Also, the gathered data are often stored in the remote cloud server. Security issues become the emergent tasks and they have not been solved perfectly. Until now, there are weaknesses in traditional authentication ways, and such ways are not fit for the communication. Therefore, we propose a new and lightweight authentication scheme for wearable devices with help of cloud server. This scheme reaches mutual authentication and keeps anonymous for the devices. Compared to two recent schemes of the similar kind, ours is more secure and applicable.

Mahdi Nikooghadam,Haleh Amintoosi,Saru Kumari

DOI: https://doi.org/10.1007/s11277-021-08430-2

IF: 2.017

2021-04-03

Wireless Personal Communications

Abstract:The advent of smart and pervasive devices have paved the way for the development of Internet of Things in which, various smart devices collect information about the daily life of people and share it to the scientists and specialists. There are numerous applications in the domain of IoT such as smart healthcare systems in which, wearable devices collect health-related data from the users and transmit it for further processes. However, security challenges are a major concern in the success of smart healthcare applications. Specifically, to protect the security of communications among the wearable sensor devices and the gateways/servers, a secure and lightweight authentication scheme is needed. Recently, Li et al. proposed a lightweight authentication scheme for smart wearable systems (IEEE Internet Things J. 10.1109/JIOT.2020.2984618). Their protocol makes use of fuzzy extractor technique and lightweight operations such as bitwise XOR operations and cryptographic hash function. However, in this comment, we prove that Li et al.'s scheme is prone to the stolen wearable device attack and user impersonation attack. We also discuss the causes and provide some suggestions as the remedy.

telecommunications

Pei Huang,Xiaonan Zhang,Sihan Yu,Linke Guo,Ming Li

DOI: https://doi.org/10.1109/jiot.2021.3134667

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The increasing deployment of wireless sensors enables a broad spectrum of health-related wearable applications. Due to the sensitivity of collected personal health information, these wearables should be authenticated together with their users as “wearable-user pairs” to ensure that they are attached to legitimate users. However, various devices are equipped with dedicated sensing abilities and wireless protocols corresponding to data characteristics in practice. Traditional authentication methodologies may not work in this heterogeneous environment because of protocol incompatibility. For example, how to verify a new ZigBee-enabled monitor when the existing trusted device is Wi-Fi-enabled? Therefore, to achieve authentication across protocols, in this article, we leverage the unique cross-technology interference (CTI), triggered by heterogeneous wireless transmissions, along with human physiological activity measurements (e.g., respiration patterns) to design an authentication scheme between wearables and users. Specifically, the authentication from an unknown ZigBee wearable to a trusted Wi-Fi device is achieved by monitoring the channel state information (CSI) changes according to human respiration. Our approach not only successfully recognizes a legitimate wearable-user pair but also blocks illegal access from adversaries. Extensive experiments have been conducted to demonstrate both the security and feasibility of the proposed scheme. The designed mechanism can achieve over 92% authentication accuracy with human subjects.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiaojun Wen,Genping Wang,Yongzhi Chen,Zhengzhong Yi,Zoe L. Jiang,Junbin Fang

DOI: https://doi.org/10.1177/1550147718779678

IF: 1.938

2018-01-01

International Journal of Distributed Sensor Networks

Abstract:Currently, wearable devices are developing prosperously in the fields of global communication electronic products and personal intelligent terminals, but their information security problem cannot be ignored. Based on quantum security communication principle and combined with the special requirements of wearable devices for information security technology, this article gives a safe transmission scheme used for protecting the sensitive information of wearable devices. This scheme is to realize the safe transmission of sensitive information about wearable devices through quantum key distribution, quantum teleportation, and other quantum information security technologies and this scheme has an unconditional security than the traditional encryption methods based on algorithmic complexity.

张亮,刘建伟

DOI: https://doi.org/10.3969/j.issn.1002-0802.2009.01.091

2009-01-01

Abstract:With the improvement of wireless network, there are increasing users wirelessly accessing the Internet through mobile phones. So it is very important to solve the identity authentication problems of wireless access users. Dynamic password has become the new development trend for the Identity Authentication mechanism. It offers stronger security than the static password. In this article, a dynamic password authentication protocol based on callenge/rsponse mechanism is designed. According to this protocol, a dynamic password identity authentication system based on mobile phone token is designed. The composition and authentication processes of this system are described in detail, and its security is analyzed as wel1. The analysis indicates that this system features high security and wide application. It can be conveniently used and implemented in low cost.

Yongzhi Chen,Xiaojun Wen,Zhiwei Sun,Zoe L. Jiang,Junbin Fang

DOI: https://doi.org/10.1177/1550147718808487

IF: 1.938

2018-01-01

International Journal of Distributed Sensor Networks

Abstract:At present, wearable devices are in the ascendant in the field of personal smart communication terminals across the globe, but their information security issues deserve attention. We hereby propose a secure transmission solution that addresses the special requirements of wearable devices in information security. It is based on the principle of quantum secure communication and works well to protect sensitive information on wearable devices. The solution utilizes the coherence properties of quantum entanglement and uses quantum information security techniques such as quantum key distribution and non-orthogonal base measurement to realize secure transmission of sensitive information on wearable devices. Unlike traditional encryption methods based on the complexity of the mathematical algorithm, the solution has unconditional security.

Shuhua Zhu,Xiaojie Li,Chunsheng Zhu,Lei Shu,Wei Sun

DOI: https://doi.org/10.1155/2015/846739

IF: 1.938

2015-01-01

International Journal of Distributed Sensor Networks

Abstract:We address the problem of authentication and secure communication between wearable devices. As people rely heavily on such mobile and wearable devices, the need for seamless and secure communication across these spectra of devices becomes increasingly important. In order to provide secure communication, mutually trusted authentication becomes the first line of protection to guard our personal information. We propose an acoustic-based signcryption mutual authentication (ASMA), which is a key-agreement protocol by employing timestamp and owning functions of multiple-times identity authentication, password change, and devices addition and alteration. Through series of experiments verifying the reliability and accuracy, the protocol shows that it can ensure secure data transmission and data sharing for multiwearable devices.

Zhan-bin LIU,Hong LIU,Xiao-fei CAO

DOI: https://doi.org/10.3969/j.issn.1671-1122.2015.09.031

2015-01-01

Abstract:Along with the development of cloud computing and wireless communications, wearable devices become emerging terminals for providing intelligent service support. Due to the openness of cloud environments and limitations of communication channels, it makes that the wearable devices confront severe security issues during the user data monitoring. In this work, a yoking-proofs based authentication protocol is proposed for the wearable devices to realize that a user's smart phone simultaneously identiifes and veriifes two wearable devices. The proposed protocol establishes yoking-proofs to integrate two wearable devices' main parameters, and achieve security properties of data conifdentiality and integrity, forward security, and dual authentication. It indicates that the proposed protocol is lfexible for resource-constrained interactive applications.

Hong Liu,Huansheng Ning,Yinliang Yue,Yueliang Wan,Laurence T. Yang

DOI: https://doi.org/10.1016/j.future.2017.04.014

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:Along with the development of user-centric wireless communications, wearable devices appear to be popular for real-time collecting a user’s private data to provide intelligent service support. Compared with traditional short-range communications, the wearable devices confront more severe system vulnerabilities and security threats during interactions. Considering the limitations of computational capabilities and communication resources, it brings more challenges to design privacy-preserving authentication schemes for the resource-constrained wearable devices. In this work, local authentication and remote authentication are respectively designed for cloud assisted wearable devices. In the local authentication mode, hash based selective disclosure mechanism and Chebyshev chaotic map are jointly applied to achieve mutual authentication between a wearable device and a smart phone. In the remote authentication mode, Merkle hash tree based selective disclosure mechanism is designed to improve the structure of data fields in the certificate, and a yoking-proof is established to realize interactions between two wearable devices and a smart phone, and is further transmitted to the cloud server for simultaneous verification. Meanwhile, security formal analysis is performed based on the BAN logic for proving that the proposed remote authentication protocol has theoretical design correctness. It indicates that the proposed authentication scheme is available and flexible for ubiquitous wearable devices.

Wei Wang,Lin Yang,Qian Zhang

DOI: https://doi.org/10.1145/2971648.2971688

2016-01-01

Abstract:Securely pairing wearables with another device is the key to many promising applications, such as mobile payment, sensitive data transfer and secure interactions with smart home devices. This paper presents Touch-And-Guard (TAG), a system that uses hand touch as an intuitive manner to establish a secure connection between a wristband wearable and the touched device. It generates secret bits from hand resonant properties, which are obtained using accelerometers and vibration motors. The extracted secret bits are used by both sides to authenticate each other and then communicate confidentially. The ubiquity of accelerometers and motors presents an immediate market for our system. We demonstrate the feasibility of our system using an experimental prototype and conduct experiments involving 12 participants with 1440 trials. The results indicate that we can generate secret bits at a rate of 7.84 bit/s, which is 58% faster than conventional text input PIN authentication. We also show that our system is resistant to acoustic eavesdroppers in proximity.

Minghui Yang,Junqi Guo,Ziyun Zhao,Tianyou Xu,Ludi Bai

DOI: https://doi.org/10.1016/j.procs.2020.06.095

2020-01-01

Procedia Computer Science

Abstract:In recent years, the fitness problems of adolescents have attracted increasing attention from all walks of life. It has become an irreversible trend to use new technical means to supervise and guide young students’ behaviour. Smart wearable devices have become a better choice because of its simple usage and convenient wearing. But its lightness also brings the shortcoming of being vulnerable to attack. This research proposes a scheme to protect the privacy of smart wearable users. There are two main aspects: (1) Perturb the data collected by smart wearing devices before sending information to prevent third-party servers from leakage of users’ privacy; and a scheme of data reconstruction is proposed using SVD (Singular Value Decomposition) method to decompose eigenvalues; (2) During data publishing, we proposed a personalized k-anonymity publishing scheme based on entropy weight method, which has brilliant adaptability as well as preventing privacy leakage. Experiments show that the proposed method can effectively improve the safety of smart wearable devices, so that adolescents and parents can use it safely.

Babins Shrestha,Manar Mohamed,Nitesh Saxena

DOI: https://doi.org/10.48550/arXiv.1605.00766

2016-05-03

Abstract:Zero-interaction authentication (ZIA) refers to a form of user-transparent login mechanism using which a terminal (e.g., a desktop computer) can be unlocked by the mere proximity of an authentication token (e.g., a smartphone). Given its appealing usability, ZIA has already been deployed in many real-world applications. However, ZIA contains one major security weakness - unauthorized physical access to the token, e.g., during lunch-time or upon theft, allows the attacker to have unfettered access to the terminal. In this paper, we address this gaping vulnerability with ZIA systems by (un)locking the authentication token with the user's walking pattern as she approaches the terminal to access it. Since a user's walking or gait pattern is believed to be unique, only that user (no imposter) would be able to unlock the token to gain access to the terminal in a ZIA session. While walking-based biometrics schemes have been studied in prior literature for other application settings, our main novelty lies in the careful use of: (1) multiple sensors available on the current breed of devices (e.g., accelerometer, gyroscope and magnetometer), and (2) multiple devices carried by the user (in particular, an "in-pocket" smartphone and a "wrist-worn" smartwatch), that all capture unique facets of user's walking pattern. Our contributions are three-fold. First, we introduce, design and implement WUZIA ("Walk-Unlock ZIA"), a multi-modal walking biometrics approach tailored to enhance the security of ZIA systems (still with zero interaction). Second, we demonstrate that WUZIA offers a high degree of detection accuracy, based on multi-sensor and multi-device fusion. Third, we show that WUZIA can resist active attacks that attempt to mimic a user's walking pattern, especially when multiple devices are used.

Cryptography and Security

Qi Zhao,Tongtong Zhai

DOI: https://doi.org/10.1007/978-981-15-1925-3_27

2019-01-01

Abstract:In view of the limited measurement accuracy and short data transmission distance of existing smart wearable devices, this paper designs a wearable multi-information monitoring system. It achieves multi-directional observation of human body via energy consumption, vital signs and location-tracking information. The overall system consists of three parts: data terminal, LoRa communication network and remote monitoring center. Considering the constraint of power and memory cost, the system adopts a set of appropriate chips for hardware design. As the core of the system, data terminal contains a main control module, a signal acquisition module, and a display and transmission module. The microcontroller controls each sensor to collect different original signals which are performed noise reduction, and then these signals are processed by the algorithm embedded on chips to create the final information for monitoring human body. Test results show that the wearable multi-information monitoring system meets the demand for the measurement accuracy of human body information.

Tao Feng,Ziyi Liu,Bogdan Carbunar,Dainis Boumber,Weidong Shi

DOI: https://doi.org/10.1109/microw.2012.9

2012-01-01

Abstract:While enriching the user experiences, the development of mobile devices and applications introduces new security and privacy vulnerabilities for the remote services accessed by mobile device users. A trusted and usable authentication architecture for mobile devices is thus in high demand. In this paper,we leverage a unified structure, consisting of transparent TFT based fingerprint sensors, touchscreen, and display, to propose a novel identity management mechanism that authenticates usersof touch based mobile devices for accessing the local devices and remote services. Our solution differs from the previous one time and enforced authentication approaches through two novel features: (i) user transparent authentication process, requiring neither password nor extra login steps and (ii) continuous identity management based on fingerprint biometric, where each user-to-device touch interaction is used toward authentication.Moreover, we introduce two different security scenarios, one for local identity management, and the second extended solution for remote identity management. Finally we employ TRUST (Trust Reinforcement based on Unified Structural Touch-display) to solve the identity challenge in cyber space.

tao feng,xi zhao,nicholas desalvo,zhimin gao,xi wang,weidong shi

DOI: https://doi.org/10.1109/THS.2015.7225268

2015-01-01

Abstract:Coinciding with the surge in popularity and adoption of mobile devices and the ever-expanding capabilities of these devices, the amount of sensitive information accessed and stored has increased exponentially. Inasmuch, these advancements have, and continue to demand great efforts from researchers and the industry alike in terms of improving security therein. Existing technologies either conduct user identity verification via a login stage or request authentication every time the user accesses a sensitive app. We propose, in this paper, an IdentityTracker. This framework is dedicated to tracking the user's identity, performing app-level access control management. Continuous and implicit tracking of the user's identity is accomplished through monitoring fingerprint authentication logs as well as detecting events when the phone has left the user's hand. This approach leverages multiple onboard sensors. We conducted two user-studies acquiring smartphone users' usage statistics to investigate security and usability needs of our solution. To monitor these subtle gestures in real-world uncontrolled environments, multi-session data collection has been conducted to iteratively improve system performance. The evaluation results have demonstrated the feasibility of IdentityTracker.