Sending a password or secret code over airborne radio waves like WiFi or Bluetooth means anyone can eavesdrop, making those transmissions vulnerable to hackers who can attempt to break the encrypted code.
Now, University of Washington computer scientists and electrical engineers have devised a way to send secure passwords through the human body — using benign, low-frequency transmissions generated by fingerprint sensors and touchpads on consumer devices.
“Fingerprint sensors have so far been used as an input device. What is cool is that we’ve shown for the first time that fingerprint sensors can be re-purposed to send out information that is confined to the body,” said senior author Shyam Gollakota, UW assistant professor of computer science and engineering.
These “on-body” transmissions offer a more secure way to transmit authenticating information between devices that touch parts of your body — such as a smart door lock or wearable medical device — and a phone or device that confirms your identity by asking you to type in a password.
This new technique, which leverages the signals already generated by fingerprint sensors on smartphones and laptop touchpads to transmit data in new ways, is described in a paper presented in September at the2016 Association for Computing Machinery’s International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp 2016) in Germany.
“Let’s say I want to open a door using an electronic smart lock,” said co-lead author Merhdad Hessar, a UW electrical engineering doctoral student. “I can touch the doorknob and touch the fingerprint sensor on my phone and transmit my secret credentials through my body to open the door, without leaking that personal information over the air.”
The research team tested the technique on iPhone and other fingerprint sensors, as well as Lenovo laptop trackpads and the Adafruit capacitive touchpad. In tests with 10 different subjects, they were able to generate usable on-body transmissions on people of different heights, weights and body types. The system also worked when subjects were in motion — including while they walked and moved their arms.
“We showed that it works in different postures like standing, sitting and sleeping,” said co-lead author Vikram Iyer, a UW electrical engineering doctoral student. “We can also get a strong signal throughout your body. The receivers can be anywhere — on your leg, chest, hands — and still work.”
The research team from the UW’s Networks and Mobile Systems Labsystematically analyzed smartphone sensors to understand which of them generates low-frequency transmissions below 30 megahertz that travel well through the human body but don’t propagate over the air.
The researchers found that fingerprint sensors and touchpads generate signals in the 2 to 10 megahertz range and employ capacitive coupling to sense where your finger is in space, and to identify the ridges and valleys that form unique fingerprint patterns.
Normally, sensors use these signals to receive input about your finger. But the UW engineers devised a way to use these signals as output that corresponds to data contained in a password or access code. When entered on a smartphone, data that authenticates your identity can travel securely through your body to a receiver embedded in a device that needs to confirm who you are.
Their process employs a sequence of finger scans to encode and transmit data. Performing a finger scan correlates to a 1-bit of digital data and not performing the scan correlates to a 0-bit.
The technology could also be useful for secure key transmissions to medical devices such as glucose monitors or insulin pumps, which seek to confirm someone’s identity before sending or sharing data.
The team achieved bit rates of 50 bits per second on laptop touchpads and 25 bits per second with fingerprint sensors — fast enough to send a simple password or numerical code through the body and to a receiver within seconds.
This represents only a first step, the researchers say. Data can be transmitted through the body even faster if fingerprint sensor manufacturers provide more access to their software.
Learn more: Secure passwords can be sent through your body, instead of air
The Latest on: Secure passwords
[google_news title=”” keyword=”secure passwords” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News
The Latest on: Secure passwords
- This Android malware is stealing passwords by impersonating popular apps like Instagram and Snapchat — how to stay safeon May 10, 2024 at 9:46 pm
Hackers are now using a combination of malicious apps and brand impersonation to steal the passwords and other sensitive data of unsuspecting Android users.
- Is CISA's Secure by Design Pledge Toothless?on May 10, 2024 at 11:23 am
CISA's Secure by Design pledge consists of areas of improvement split into seven primary categories: multi-factor authentication (MFA), default passwords, reducing entire classes of vulnerability, ...
- Best Android & iOS Security Apps for Safeguarding Your Phoneon May 10, 2024 at 5:39 am
But how on earth will you keep everything straight? “I personally use the password manager LastPass,” says Adam Aviv, PhD, associate professor of computer science at The George Washington University ...
- Is A Passwordless Future A More Secure Future?on May 10, 2024 at 4:24 am
Biometric authentication, while secure, has a significant drawback: once compromised, biometric data cannot be changed. This vulnerability can lead to irreversible identity theft. In contrast, ...
- Best password manager of 2024on May 10, 2024 at 4:05 am
Password managers create strong and unique passwords for every account you have, and store them in a secure digital vault for easy access. Many will also autofill login pages for you too.
- Forget Passwords, Use Passphrases for Extra Securityon May 6, 2024 at 1:00 pm
If you use a simple, easy-to-remember password, a cybervillain might crack it using what's called a dictionary attack. If you carefully memorize a complex password like f7y885hw0vNmBb] (generated for ...
- I’m a security expert — here’s my top 3 tips for protecting your accounts on World Password Dayon May 2, 2024 at 4:37 am
For this reason, the first Thursday in May was designated as World Password Day by cybersecurity professionals back in 2013. However, credit for the idea behind the day actually goes to a security ...
- 4 fast, easy ways to strengthen your security on World Password Dayon May 2, 2024 at 3:30 am
Many arbitrary holidays litter our calendars (ahem, Tin Can Day ), but World Password Day is one fully supported by the PCWorld staff. We’re all for ditching weak passwords — especially when ...
- Best password managers 2024: Protect your online accountson May 1, 2024 at 10:00 pm
Humans are terrible at passwords. Simply put, we suck at creating them, we can never remember them, and we share them way too freely. Indeed, the very thing that can ensure our online security has ...
via Bing News