Sending a password or secret code over airborne radio waves like WiFi or Bluetooth means anyone can eavesdrop, making those transmissions vulnerable to hackers who can attempt to break the encrypted code.
Now, University of Washington computer scientists and electrical engineers have devised a way to send secure passwords through the human body — using benign, low-frequency transmissions generated by fingerprint sensors and touchpads on consumer devices.
“Fingerprint sensors have so far been used as an input device. What is cool is that we’ve shown for the first time that fingerprint sensors can be re-purposed to send out information that is confined to the body,” said senior author Shyam Gollakota, UW assistant professor of computer science and engineering.
These “on-body” transmissions offer a more secure way to transmit authenticating information between devices that touch parts of your body — such as a smart door lock or wearable medical device — and a phone or device that confirms your identity by asking you to type in a password.
This new technique, which leverages the signals already generated by fingerprint sensors on smartphones and laptop touchpads to transmit data in new ways, is described in a paper presented in September at the2016 Association for Computing Machinery’s International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp 2016) in Germany.
“Let’s say I want to open a door using an electronic smart lock,” said co-lead author Merhdad Hessar, a UW electrical engineering doctoral student. “I can touch the doorknob and touch the fingerprint sensor on my phone and transmit my secret credentials through my body to open the door, without leaking that personal information over the air.”
The research team tested the technique on iPhone and other fingerprint sensors, as well as Lenovo laptop trackpads and the Adafruit capacitive touchpad. In tests with 10 different subjects, they were able to generate usable on-body transmissions on people of different heights, weights and body types. The system also worked when subjects were in motion — including while they walked and moved their arms.
“We showed that it works in different postures like standing, sitting and sleeping,” said co-lead author Vikram Iyer, a UW electrical engineering doctoral student. “We can also get a strong signal throughout your body. The receivers can be anywhere — on your leg, chest, hands — and still work.”
The research team from the UW’s Networks and Mobile Systems Labsystematically analyzed smartphone sensors to understand which of them generates low-frequency transmissions below 30 megahertz that travel well through the human body but don’t propagate over the air.
The researchers found that fingerprint sensors and touchpads generate signals in the 2 to 10 megahertz range and employ capacitive coupling to sense where your finger is in space, and to identify the ridges and valleys that form unique fingerprint patterns.
Normally, sensors use these signals to receive input about your finger. But the UW engineers devised a way to use these signals as output that corresponds to data contained in a password or access code. When entered on a smartphone, data that authenticates your identity can travel securely through your body to a receiver embedded in a device that needs to confirm who you are.
Their process employs a sequence of finger scans to encode and transmit data. Performing a finger scan correlates to a 1-bit of digital data and not performing the scan correlates to a 0-bit.
The technology could also be useful for secure key transmissions to medical devices such as glucose monitors or insulin pumps, which seek to confirm someone’s identity before sending or sharing data.
The team achieved bit rates of 50 bits per second on laptop touchpads and 25 bits per second with fingerprint sensors — fast enough to send a simple password or numerical code through the body and to a receiver within seconds.
This represents only a first step, the researchers say. Data can be transmitted through the body even faster if fingerprint sensor manufacturers provide more access to their software.
The Latest on: Secure passwords
via Google News
The Latest on: Secure passwords
- Is Your Password among the List of Worst 100 Passwords of 2018? on December 17, 2018 at 11:27 am
Every security expert, or technology writer keeps telling people to have strong and robust passwords, preferably one with more than 13 characters. Yet, we found bad habits persist or ease of doing thi... […]
- How Can SMBs Revamp Their Password Management? on December 17, 2018 at 9:51 am
With this new password with just 4 more digits, we increased the time of password crackability from a few hours to a few centuries to crack. How’s that for a secure password? The Truly Secure Password... […]
- The beginning of the end for the password, more regulation and more IoT risks -- cybersecurity predictions for 2019 on December 17, 2018 at 8:19 am
We've canvassed the views of a number of industry figures to find out what they see as the key security issues for 2019. The end of the password as a prime security measure is something people ... […]
- Worst passwords list is out, but this time we’re not scolding users on December 17, 2018 at 2:38 am
etc., yadda yadda yadda. The security industry, and the media that covers it, keeps trying to get across the message that simple passwords like that are too easy to guess: we’re talking about ... […]
- Wired for Safety: Password managers help keep passcodes secure on December 16, 2018 at 7:00 am
Editor’s note: Wired for Safety is a column on cybersecurity and other tech issues. Duane Dunston is an assistant professor of cybersecurity and networking at Champlain College. He received his ... […]
- The year's worst computer passwords: "Donald" joins the list on December 14, 2018 at 9:24 am
One of the basics of computer security is to pick passwords that are tough for hackers to break, yet computer users continue to rely on easily guessed terms like "123456." One notable entrant joins th... […]
- The Worst Passwords Of 2018 Show The Need For Better Practices on December 14, 2018 at 8:45 am
Strengthening passwords – and your security If anyone has found their password on the list – or if you’re having second thoughts about your own password practices, there are a few simple things that c... […]
- These are the Worst Passwords of 2018 on December 14, 2018 at 8:14 am
A good password will keep your online accounts safe, from your bank account to your Amazon account. But even though we know we should create secure passwords, a lot of us don’t. Complex, unique passwo... […]
- These are the 25 internet passwords you must not use, and here are five ways to protect your passwords on December 14, 2018 at 6:55 am
Account hacking is a real and genuine threat, so making sure you have a safe and secure password for all your accounts is an absolute must. We are constantly told to try and avoid using the same passw... […]
via Bing News