Liang Kou,Yiqi Shi,Liguo Zhang,Duo Liu,Qing Yang

DOI: https://doi.org/10.32604/cmc.2019.03760

2019-01-01

Abstract:With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.

Fan Wu,Xiong Li,Lili Xu,Saru Kumari,Marimuthu Karuppiah,Jian Shen

DOI: https://doi.org/10.1016/j.compeleceng.2017.04.012

IF: 4.152

2017-01-01

Computers & Electrical Engineering

Abstract:As a popular technology for Internet of Things (IoT), wearable devices are accepted widely by people. Classic wearable devices including glasses and watches collect wearers’ information which is usually private. Often, a single wearable device is not enough to see the data of the user and a mobile terminal such as a smart phone is used to match the wearable device. Also, the gathered data are often stored in the remote cloud server. Security issues become the emergent tasks and they have not been solved perfectly. Until now, there are weaknesses in traditional authentication ways, and such ways are not fit for the communication. Therefore, we propose a new and lightweight authentication scheme for wearable devices with help of cloud server. This scheme reaches mutual authentication and keeps anonymous for the devices. Compared to two recent schemes of the similar kind, ours is more secure and applicable.

Pei Huang,Xiaonan Zhang,Sihan Yu,Linke Guo,Ming Li

DOI: https://doi.org/10.1109/jiot.2021.3134667

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The increasing deployment of wireless sensors enables a broad spectrum of health-related wearable applications. Due to the sensitivity of collected personal health information, these wearables should be authenticated together with their users as “wearable-user pairs” to ensure that they are attached to legitimate users. However, various devices are equipped with dedicated sensing abilities and wireless protocols corresponding to data characteristics in practice. Traditional authentication methodologies may not work in this heterogeneous environment because of protocol incompatibility. For example, how to verify a new ZigBee-enabled monitor when the existing trusted device is Wi-Fi-enabled? Therefore, to achieve authentication across protocols, in this article, we leverage the unique cross-technology interference (CTI), triggered by heterogeneous wireless transmissions, along with human physiological activity measurements (e.g., respiration patterns) to design an authentication scheme between wearables and users. Specifically, the authentication from an unknown ZigBee wearable to a trusted Wi-Fi device is achieved by monitoring the channel state information (CSI) changes according to human respiration. Our approach not only successfully recognizes a legitimate wearable-user pair but also blocks illegal access from adversaries. Extensive experiments have been conducted to demonstrate both the security and feasibility of the proposed scheme. The designed mechanism can achieve over 92% authentication accuracy with human subjects.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shuhua Zhu,Xiaojie Li,Chunsheng Zhu,Lei Shu,Wei Sun

DOI: https://doi.org/10.1155/2015/846739

IF: 1.938

2015-01-01

International Journal of Distributed Sensor Networks

Abstract:We address the problem of authentication and secure communication between wearable devices. As people rely heavily on such mobile and wearable devices, the need for seamless and secure communication across these spectra of devices becomes increasingly important. In order to provide secure communication, mutually trusted authentication becomes the first line of protection to guard our personal information. We propose an acoustic-based signcryption mutual authentication (ASMA), which is a key-agreement protocol by employing timestamp and owning functions of multiple-times identity authentication, password change, and devices addition and alteration. Through series of experiments verifying the reliability and accuracy, the protocol shows that it can ensure secure data transmission and data sharing for multiwearable devices.

Zhenyang Guo,Jin Cao,Xiaomeng Bai,Ang Li,Ben Niu,Hui Li

DOI: https://doi.org/10.1109/jsen.2023.3315523

IF: 4.3

2023-01-01

IEEE Sensors Journal

Abstract:Information security and user comfort are the games that smartphone manufacturers have always had to face. The explicit authentication methods, including password, fingerprint recognition, and face recognition, have become the most popular ways to unlock smartphones. However, these methods also incur some troubles in users’ daily lives and even suffer from security problems like shoulder surfing attacks and password reuse attacks. Unlike the explicit authentication methods, the implicit authentication methods employ the user’s behavior, posture, etc., to confirm who the user is. The "Smart Lock (SL)," as a new implicit authentication introduced by the biggest smartphone system manufacturer, Google, has effectively increased user comfort while ensuring user information security. However, we found that the SL is not secure enough, where anyone wearing a smart device can be authenticated. In this paper, based on the "Trusted Devices (DEVICE)" approach in SL, we design a band with sensors commonly found on smart wearables and two authentication models to improve the security of SL scenarios. We use our designed band to collect data in order to evaluate our models. The experimental results show that our designed band is universal. Our authentication model for power-constrained devices such as wearables has 97.01% accuracy and a power overhead of 0.0195mAh per time. The designed authentication model for smartphones has an accuracy of 99.67% and power consumption of 0.83mAh per time. Therefore, our scheme can meet the implicit authentication for different security requirements in different scenarios.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Hong Liu,Huansheng Ning,Yinliang Yue,Yueliang Wan,Laurence T. Yang

DOI: https://doi.org/10.1016/j.future.2017.04.014

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:Along with the development of user-centric wireless communications, wearable devices appear to be popular for real-time collecting a user’s private data to provide intelligent service support. Compared with traditional short-range communications, the wearable devices confront more severe system vulnerabilities and security threats during interactions. Considering the limitations of computational capabilities and communication resources, it brings more challenges to design privacy-preserving authentication schemes for the resource-constrained wearable devices. In this work, local authentication and remote authentication are respectively designed for cloud assisted wearable devices. In the local authentication mode, hash based selective disclosure mechanism and Chebyshev chaotic map are jointly applied to achieve mutual authentication between a wearable device and a smart phone. In the remote authentication mode, Merkle hash tree based selective disclosure mechanism is designed to improve the structure of data fields in the certificate, and a yoking-proof is established to realize interactions between two wearable devices and a smart phone, and is further transmitted to the cloud server for simultaneous verification. Meanwhile, security formal analysis is performed based on the BAN logic for proving that the proposed remote authentication protocol has theoretical design correctness. It indicates that the proposed authentication scheme is available and flexible for ubiquitous wearable devices.

Abdulrahman Alhothaily,Chunqiang Hu,Arwa Alrawais,Tianyi Song,Xiuzhen Cheng,Dechang Chen

DOI: https://doi.org/10.1109/access.2017.2717862

IF: 3.9

2017-01-01

IEEE Access

Abstract:Authentication plays a critical role in securing any online banking system, and many banks and various services have long relied on username/password combos to verify users. Memorizing usernames and passwords for a lot of accounts becomes a cumbersome and inefficient task. Furthermore, legacy authentication methods have failed over and over, and they are not immune against a wide variety of attacks that can be launched against users, networks, or authentication servers. Over the years, data breach reports emphasize that attackers have created numerous high-tech techniques to steal users' credentials, which can pose a serious threat. In this paper, we propose an efficient and practical user authentication scheme using personal devices that utilize different cryptographic primitives, such as encryption, digital signature, and hashing. The technique benefits from the widespread usage of ubiquitous computing and various intelligent portable and wearable devices that can enable users to execute a secure authentication protocol. Our proposed scheme does not require an authentication server to maintain static username and password tables for identifying and verifying the legitimacy of the login users. It not only is secure against password-related attacks, but also can resist replay attacks, shoulder-surfing attacks, phishing attacks, and data breach incidents.

Minghui Yang,Junqi Guo,Ziyun Zhao,Tianyou Xu,Ludi Bai

DOI: https://doi.org/10.1016/j.procs.2020.06.095

2020-01-01

Procedia Computer Science

Abstract:In recent years, the fitness problems of adolescents have attracted increasing attention from all walks of life. It has become an irreversible trend to use new technical means to supervise and guide young students’ behaviour. Smart wearable devices have become a better choice because of its simple usage and convenient wearing. But its lightness also brings the shortcoming of being vulnerable to attack. This research proposes a scheme to protect the privacy of smart wearable users. There are two main aspects: (1) Perturb the data collected by smart wearing devices before sending information to prevent third-party servers from leakage of users’ privacy; and a scheme of data reconstruction is proposed using SVD (Singular Value Decomposition) method to decompose eigenvalues; (2) During data publishing, we proposed a personalized k-anonymity publishing scheme based on entropy weight method, which has brilliant adaptability as well as preventing privacy leakage. Experiments show that the proposed method can effectively improve the safety of smart wearable devices, so that adolescents and parents can use it safely.

Xiong Li,Maged Hamada Ibrahim,Saru Kumari,Rahul Kumar

DOI: https://doi.org/10.1007/s11235-017-0340-1

2017-01-01

Abstract:The mobility and openness of wireless communication technologies make Mobile Healthcare Systems (mHealth) potentially exposed to a number of potential attacks, which significantly undermines their utility and impedes their widespread deployment. Attackers and criminals, even without knowing the context of the transmitted data, with simple eavesdropping on the wireless links, may benefit a lot from linking activities to the identities of patient's sensors and medical staff members. These vulnerabilities apply to all tiers of the mHealth system. A new anonymous mutual authentication scheme for three-tier mobile healthcare systems with wearable sensors is proposed in this paper. Our scheme consists of three protocols: Protocol-1 allows the anonymous authentication nodes (mobile users and controller nodes) and the HSP medical server in the third tier, while Protocol-2 realizes the anonymous authentication between mobile users and controller nodes in the second tier, and Protocol-3 achieves the anonymous authentication between controller nodes and the wearable body sensors in the first tier. In the design of our protocols, the variation in the resource constraints of the different nodes in the mHealth system are taken into consideration so that our protocols make a better trade-off among security, efficiency and practicality. The security of our protocols are analyzed through rigorous formal proofs using BAN logic tool and informal discussions of security features, possible attacks and countermeasures. Besides, the efficiency of our protocols are concretely evaluated and compared with related schemes. The comparisons show that our scheme outperforms the previous schemes and provides more complete and integrated anonymous authentication services. Finally, the security of our protocols are evaluated by using the Automated Validation of Internet Security Protocols and Applications and the SPAN animator software. The simulation results show that our scheme is secure and satisfy all the specified privacy and authentication goals.

Zhan-bin LIU,Hong LIU,Xiao-fei CAO

DOI: https://doi.org/10.3969/j.issn.1671-1122.2015.09.031

2015-01-01

Abstract:Along with the development of cloud computing and wireless communications, wearable devices become emerging terminals for providing intelligent service support. Due to the openness of cloud environments and limitations of communication channels, it makes that the wearable devices confront severe security issues during the user data monitoring. In this work, a yoking-proofs based authentication protocol is proposed for the wearable devices to realize that a user's smart phone simultaneously identiifes and veriifes two wearable devices. The proposed protocol establishes yoking-proofs to integrate two wearable devices' main parameters, and achieve security properties of data conifdentiality and integrity, forward security, and dual authentication. It indicates that the proposed protocol is lfexible for resource-constrained interactive applications.

Mahdi Nikooghadam,Haleh Amintoosi,Saru Kumari

DOI: https://doi.org/10.1007/s11277-021-08430-2

IF: 2.017

2021-04-03

Wireless Personal Communications

Abstract:The advent of smart and pervasive devices have paved the way for the development of Internet of Things in which, various smart devices collect information about the daily life of people and share it to the scientists and specialists. There are numerous applications in the domain of IoT such as smart healthcare systems in which, wearable devices collect health-related data from the users and transmit it for further processes. However, security challenges are a major concern in the success of smart healthcare applications. Specifically, to protect the security of communications among the wearable sensor devices and the gateways/servers, a secure and lightweight authentication scheme is needed. Recently, Li et al. proposed a lightweight authentication scheme for smart wearable systems (IEEE Internet Things J. 10.1109/JIOT.2020.2984618). Their protocol makes use of fuzzy extractor technique and lightweight operations such as bitwise XOR operations and cryptographic hash function. However, in this comment, we prove that Li et al.'s scheme is prone to the stolen wearable device attack and user impersonation attack. We also discuss the causes and provide some suggestions as the remedy.

telecommunications

Sajaad Ahmed Lone,Ajaz Hussain Mir

DOI: https://doi.org/10.1108/ijpcc-04-2021-0097

2021-08-19

International Journal of Pervasive Computing and Communications

Abstract:Purpose Because of the continued use of mobile, cloud and the internet of things, the possibility of data breaches is on the increase. A secure authentication and authorization strategy is a must for many of today’s applications. Authentication schemes based on knowledge and tokens, although widely used, lead to most security breaches. While providing various advantages, biometrics are also subject to security threats. Using multiple factors together for authentication provides more certainty about a user’s identity; thus, leading to a more reliable, effective and more difficult for an adversary to intrude. This study aims to propose a novel, secure and highly stable multi-factor one-time password (OTP) authentication solution for mobile environments, which uses all three authentication factors for user authentication. Design/methodology/approach The proposed authentication scheme is implemented as a challenge-response authentication where three factors (username, device number and fingerprint) are used as a secret key between the client and the server. The current scheme adopts application-based authentication and guarantees data confidentiality and improved security because of the integration of biometrics with other factors and each time new challenge value by the server to client for OTP generation. Findings The proposed authentication scheme is implemented on real android-based mobile devices, tested on real users; experimental results show that the proposed authentication scheme attains improved performance. Furthermore, usability evaluation proves that proposed authentication is effective, efficient and convenient for users in mobile environments. Originality/value The proposed authentication scheme can be adapted as an effective authentication scheme to accessing critical information using android smartphones.

English Else

Mengxia Shuai,Bin Liu,Nenghai Yu,Ling Xiong

DOI: https://doi.org/10.1155/2019/8145087

IF: 1.968

2019-01-01

Security and Communication Networks

Abstract:On-body wireless networks (oBWNs) play a crucial role in improving the ubiquitous healthcare services. Using oBWNs, the vital physiological information of the patient can be gathered from the wearable sensor nodes and accessed by the authorized user like the health professional or the doctor. Since the open nature of wireless communication and the sensitivity of physiological information, secure communication has always been the vital issue in oBWNs-based systems. In recent years, several authentication schemes have been proposed for remote patient monitoring. However, most of these schemes are so susceptible to security threats and not suitable for practical use. Specifically, all these schemes using lightweight cryptographic primitives fail to provide forward secrecy and suffer from the desynchronization attack. To overcome the historical security problems, in this paper, we present a lightweight and secure three-factor authentication scheme for remote patient monitoring using oBWNs. The proposed scheme adopts one-time hash chain technique to ensure forward secrecy, and the pseudonym identity method is employed to provide user anonymity and resist against desynchronization attack. The formal and informal security analyses demonstrate that the proposed scheme not only overcomes the security weaknesses in previous schemes but also provides more excellent security and functional features. The comparisons with six state-of-the-art schemes indicate that the proposed scheme is practical with acceptable computational and communication efficiency.

Qi Lyu,Zhifeng Kong,Chao Shen,Tianwei Yue

DOI: https://doi.org/10.48550/arXiv.1710.07941

2017-10-22

Abstract:The growing trend of using wearable devices for context-aware computing and pervasive sensing systems has raised its potentials for quick and reliable authentication techniques. Since personal writing habitats differ from each other, it is possible to realize user authentication through writing. This is of great significance as sensible information is easily collected by these devices. This paper presents a novel user authentication system through wrist-worn devices by analyzing the interaction behavior with users, which is both accurate and efficient for future usage. The key feature of our approach lies in using much more effective Savitzky-Golay filter and Dynamic Time Wrapping method to obtain fine-grained writing metrics for user authentication. These new metrics are relatively unique from person to person and independent of the computing platform. Analyses are conducted on the wristband-interaction data collected from 50 users with diversity in gender, age, and height. Extensive experimental results show that the proposed approach can identify users in a timely and accurate manner, with a false-negative rate of 1.78\%, false-positive rate of 6.7\%, and Area Under ROC Curve of 0.983 . Additional examination on robustness to various mimic attacks, tolerance to training data, and comparisons to further analyze the applicability.

Human-Computer Interaction,Cryptography and Security,Machine Learning

Sugang Li,Ashwin Ashok,Yanyong Zhang,Chenren Xu,Janne Lindqvist,Macro Gruteser

DOI: https://doi.org/10.1109/PERCOM.2016.7456514

2016-01-01

Abstract:In this paper, we present the design, implementation and evaluation of a user authentication system, Headbanger, for smart head-worn devices, through monitoring the user's unique head-movement patterns in response to an external audio stimulus. Compared to today's solutions, which primarily rely on indirect authentication mechanisms via the user's smartphone, thus cumbersome and susceptible to adversary intrusions, the proposed head-movement based authentication provides an accurate, robust, light-weight and convenient solution.Through extensive experimental evaluation with 95 participants, we show that our mechanism can accurately authenticate users with an average true acceptance rate of 95.57% while keeping the average false acceptance rate of 4.43%. We also show that even simple head-movement patterns are robust against imitation attacks. Finally, we demonstrate our authentication algorithm is rather light-weight: the overall processing latency on Google Glass is around 1.9 seconds.

Attaullah Buriro,Zahid Akhtar,Francesco Ricci,Flaminia L. Luccio

DOI: https://doi.org/10.1109/access.2024.3395128

IF: 3.9

2024-05-07

IEEE Access

Abstract:Multi-modal biometric schemes, which leverage more than one sensor, offer significant advantages over uni-modal schemes in terms of accuracy and robustness against attacks. In this paper, we present a novel behavioral multi-biometric user authentication scheme that employs data fusion for biometric-based authentication. The proposed scheme extracts two types of data (Electromyography (EMG) and movements) from a single user's clapping action type, via a worn smartwatch. During the user enrollment phase, the scheme creates a digital identity of the user based on the arm's movement and EMG signatures generated through the entire period of clapping action. In the verification phase, the scheme authenticates users based on the detected combined EMG and movement signature. The experimental analysis of the proposed scheme employing a Deep Neural Network classifier demonstrates its efficacy; our classifier achieves a True Accept Rate of 94.37%, a False Accept Rate of just 0.11%, and an accuracy of 97.13%. Furthermore, it is experimentally demonstrated that augmenting the training dataset via Generative Adversarial Networks leads to even better performance; with improved TAR (up to %) and accuracy (up to 97.94%), while decreasing FAR (from 0.11% to 0.082%). These results showcase the effectiveness and robustness of the proposed bi-modal behavioral biometric scheme for smartwatch user authentication.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chao Shen,Zhao Wang,Chengxiang Si,Yufei Chen,Xiaojie Su

DOI: https://doi.org/10.1109/mnet.001.1900184

IF: 10.294

2020-01-01

IEEE Network

Abstract:The increasing popularity of wearable devices has brought great convenience to human life and business. As wearable devices have become widely used personal computing platforms, more and more private information gets accessed by them, which stresses an urgent need for feasible and reliable authentication mechanisms in the current mobile computing environment. However, traditional memory- based authentication methods like PINs have been proven easy to crack or steal. Based on the fact that hand-waving patterns vary among different users, we propose a novel hand-waving- based unlocking system using smartwatches, which consists of data acquisition, data preprocessing, feature extraction, and authentication modules. Furthermore, we established a 150-person-time hand-waving dataset with a smartwatch, and conducted a systematic performance evaluation, achieving an equal error rate of 4.27 percent in the zero-effort attacking scenario and 14.46 percent in the imitation-attack scenarios. Additional experiments on usability to operation length and sensitivity to sampling frequency are offered to explore the applicability and effectiveness.

Sudip Vhaduri,Christian Poellabauer

DOI: https://doi.org/10.48550/arXiv.1907.06563

2019-07-15

Cryptography and Security

Abstract:The Internet of Things (IoT) is increasingly empowering people with an interconnected world of physical objects ranging from smart buildings to portable smart devices such as wearables. With recent advances in mobile sensing, wearables have become a rich collection of portable sensors and are able to provide various types of services including tracking of health and fitness, making financial transactions, and unlocking smart locks and vehicles. Most of these services are delivered based on users' confidential and personal data, which are stored on these wearables. Existing explicit authentication approaches (i.e., PINs or pattern locks) for wearables suffer from several limitations, including small or no displays, risk of shoulder surfing, and users' recall burden. Oftentimes, users completely disable security features out of convenience. Therefore, there is a need for a burden-free (implicit) authentication mechanism for wearable device users based on easily obtainable biometric data. In this paper, we present an implicit wearable device user authentication mechanism using combinations of three types of coarse-grain minute-level biometrics: behavioral (step counts), physiological (heart rate), and hybrid (calorie burn and metabolic equivalent of task). From our analysis of over 400 Fitbit users from a 17-month long health study, we are able to authenticate subjects with average accuracy values of around .93 (sedentary) and .90 (non-sedentary) with equal error rates of .05 using binary SVM classifiers. Our findings also show that the hybrid biometrics perform better than other biometrics and behavioral biometrics do not have a significant impact, even during non-sedentary periods.

Yetong Cao,Fan Li,Qian Zhang,Song Yang,Yu Wang

DOI: https://doi.org/10.1109/tmc.2021.3133275

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Mobile devices are promising to apply two-factor authentication to improve system security. Existing solutions have certain limits of requiring extra user effort, which might seriously affect user experience and delay authentication time. In this paper, we propose PPGPass, a novel mobile two-factor authentication system, which leverages Photoplethysmography (PPG) sensors available in most wrist-worn wearables. PPGPass simultaneously performs a password/pattern/signature authentication and a physiological-based authentication. To realize both nonintrusive and secure, we design a two-stage algorithm to separate clean heartbeat signals from PPG signals contaminated by motion artifacts so that users do not have to deliberately keep their bodies still. In addition, to deal with noncancelable issues when biometrics are compromised, we design a repeatable and non-invertible method to generate cancelable feature templates as alternative credentials. We leverage the great power of Random Forest and Support Vector Data Description to detect adversaries and verify a user's identity. To the best of our knowledge, PPGPass is the first nonintrusive and secure mobile two-factor authentication based on PPG sensors. Extensive experiments demonstrate that PPGPass can achieve the false acceptance rate of 3.11% and the false recognition rate of 3.71%, which confirms its high effectiveness, security, and usability.

computer science, information systems,telecommunications

Guannan Wu,Jian Wang,Yongrong Zhang,Shuai Jiang

DOI: https://doi.org/10.3390/s18010179

IF: 3.9

2018-01-01

Sensors

Abstract:Wearable devices have flourished over the past ten years providing great advantages to people and, recently, they have also been used for identity authentication. Most of the authentication methods adopt a one-time authentication manner which cannot provide continuous certification. To address this issue, we present a two-step authentication method based on an own-built fingertip sensor device which can capture motion data (e.g., acceleration and angular velocity) and physiological data (e.g., a photoplethysmography (PPG) signal) simultaneously. When the device is worn on the user's fingertip, it will automatically recognize whether the wearer is a legitimate user or not. More specifically, multisensor data is collected and analyzed to extract representative and intensive features. Then, human activity recognition is applied as the first step to enhance the practicability of the authentication system. After correctly discriminating the motion state, a one-class machine learning algorithm is applied for identity authentication as the second step. When a user wears the device, the authentication process is carried on automatically at set intervals. Analyses were conducted using data from 40 individuals across various operational scenarios. Extensive experiments were executed to examine the effectiveness of the proposed approach, which achieved an average accuracy rate of 98.5% and an F1-score of 86.67%. Our results suggest that the proposed scheme provides a feasible and practical solution for authentication.