The Internet of Things (IoT) means more and more household items will become digitized and networked. Some of the most popular IoT items will be door locks and University of Washington researchers are proposing a novel security technology to keep these safe from hackers. Their idea involves unlocking smart doors with your smartphone by using the human body as the signal transfer medium. Since no wireless or Bluetooth is involved, there is no risk of having your password stolen from airborne radiowaves.
“Let’s say I want to open a door using an electronic smart lock,” said Mehrdad Hessar, a doctoral student at UW and one of the leader authors, in a statement. “I can touch the doorknob and touch the fingerprint sensor on my phone and transmit my secret credentials through my body to open the door, without leaking that personal information over the air.”
Our bodies are actually good conductors of electricity, which most of the time is undesirable. But this property can be used to our advantage, the UW researchers believe.
Their technology is based on low-frequency signals whose current is so low they can’t be felt by the human body, yet high enough to transmit data. To demonstrate, ten volunteers placed their index fingers on the fingerprint sensors of either an iPhone or Lenovo taptop. The UW-developed app then transmitted a signal through the finger, to the rest of the body and ultimately to a custom receiver which came in contact with a part of the volunteer’s body.
Results suggest this technique can achieve a data transfer of 50 bits per second if a laptop’s touch pad is used or 25 bits per second using the finger print sensor. You won’t be using your body to stream Netflix anytime soon, but the rate is more than enough to transmit a password made of a few characters (bytes). Better data transfer can be achieved if the sensors’ manufacturers share their software, the UW team said.
“We showed that it works in different postures like standing, sitting and sleeping,” said co-lead author Vikram Iyer, a UW electrical engineering doctoral student. “We can also get a strong signal throughout your body. The receivers can be anywhere — on your leg, chest, hands — and still work.”
At this point is worth noting that while your phone’s fingerprint sensor stores and analyzes your unique fingerprint pattern, the UW technology is totally unrelated. It just uses the sensor as a transmission medium and your fingerprints aren’t involved in any way in the process.
“Fingerprint sensors have so far been used as an input device. What is cool is that we’ve shown for the first time that fingerprint sensors can be re-purposed to send out information that is confined to the body,” said senior author Shyam Gollakota, UW assistant professor of computer science and engineering.
Besides opening the future’s annoying internet-enabled door locks, the technology could prove useful in the medical sector. For instance, glucose monitors or insulin pumps could use body-transmitted passwords to confirm someone’s identity before sending or sharing data.
The UW technique was described in a paper presented in September at the 2016 Association for Computing Machinery’s International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp 2016) in Germany.
