Telecommunications

Body-based transmission system keeps passwords secure

View 3 Images
The new system  securely transmits authentication data from a phone's fingerprint scanner through the body to a held or worn device
Mark Stone/University of Washington
The new system  securely transmits authentication data from a phone's fingerprint scanner through the body to a held or worn device
Mark Stone/University of Washington
The two co-lead authors of the study, Vikram Iyer (left) and Mehrar Hessad
Dennis Wise/University of Washington
The system could find use in electronic locks or other devices that require authentication, such as medical wearables
Vikram Iyer/University of Washington
View gallery - 3 images

Trying to remember a pile of passwords is a hassle many people get around by just using the same codes for everything, but that's hardly secure. Smartphone manufacturers have embraced sensors like fingerprint and iris scanners, and thanks to a new system out of the University of Washington (UW), that security and ease of use could soon be extended to other devices, by relaying a signal from a fingerprint scanner through the body to a receiving device in direct contact with the user.

Like similar systems that have used magnetic fields to transmit data through the body, the UW team's technique is designed as an alternative to sending signals wirelessly through the air via Bluetooth or Wi-Fi. The advantage of this, the researchers say, is that it's much harder for hackers to intercept the signal, since they'd have to be physically touching the person.

"Let's say I want to open a door using an electronic smart lock," says co-lead author, Merhdad Hessar. "I can touch the doorknob and touch the fingerprint sensor on my phone and transmit my secret credentials through my body to open the door, without leaking that personal information over the air."

The system works by making use of the low-frequency signals generated by a smartphone's fingerprint sensor that locate the finger's position in space and read the grooves in a user's fingerprint using capacitive coupling. Registering between 2 and 10 MHz, these signals aren't strong enough to travel through the air, but do travel through the human body well.

Usually read by the sensors as input, the UW team's technique turns these signals into output containing the authentication data, which is then transmitted through the body and picked up by a receiver, such as the electronic door handle.

The system could find use in electronic locks or other devices that require authentication, such as medical wearables
Vikram Iyer/University of Washington

"Fingerprint sensors have so far been used as an input device," says senior author Shyam Gollakota. "What is cool is that we've shown for the first time that fingerprint sensors can be re-purposed to send out information that is confined to the body."

In tests so far, the system has been found to work with iPhones, Lenovo laptop trackpads and the Adafruit capacitive touchpad, with bit rates of 50 bps for the touchpads and 25 bps for the phone sensors. Usable signals were generated through 10 different people of varying height, weight and body type, even while the subjects were moving or in different positions.

"We showed that it works in different postures like standing, sitting and sleeping," said co-lead author Vikram Iyer. "We can also get a strong signal throughout your body. The receivers can be anywhere — on your leg, chest, hands — and still work."

In addition to doors and wearable devices, the researchers believe the system could also find applications in medical devices like glucose monitors and insulin pumps to protect patient privacy, while faster speeds could be achieved if the hardware companies making the sensors provided greater access to their software.

The team's study was presented at UbiComp 2016 in Germany earlier this month and can be viewed here (PDF).

Source: University of Washington

View gallery - 3 images
  • Facebook
  • Twitter
  • Flipboard
  • LinkedIn
1 comment
Gary Marriott
This idea has been around in one form or another for quite a while, called A Personal Areas Network (PAN) it was leveraged using all sorts of methods to achieve a physical contact only network.
As such for security it is a colossally bad idea.
If the communication channel contains any secrets and is not encrypted and authenticated then anything else in contact with where you are touching will be able to steal the secret.
If the information is encrypted and authenticated AND/OR uses a zero knowledge proof then there is no need to use this communications method as it offers no security advantage over WiFi or Bluetooth, excluding perhaps local Metadata leakage.
Thus this 'invention' offers no additional security of the action but only privacy of the metadata, which as already stated can be circumvented by placing a sensor in contact with where you touch to set up the channel.
Oh and BTW, anything that can detect these types of side channel electromagnetic leakage can also sense many other types of side channel leakage from the device in your hand. For example, unless it is very carefully coded (there will always be mistakes) the device will leak information that can be used for anything from de-anonymization to cracking your device cryptographic keys.