Low-frequency transmissions created by off-the-shelf biometric devices, such as fingerprint sensors, can be diverted through the body and can securely transmit password-like authentication.
The off-the-shelf biometric sensors, such as touchpads, are “re-purposed to send out information,” says Shyam Gollakota, University of Washington assistant professor of computer science and engineering and senior author on the research paper, in a University of Washington article. The secret passphrases and such are confined to the human body, so they can’t be eavesdropped on.
+ Also on Network World: Using brain signals instead of passwords to unlock computers +
“Sending a password or secret code over airborne radio waves like Wi-Fi or Bluetooth means anyone can eavesdrop, making those transmissions vulnerable to hackers who can attempt to break the encrypted code,” writes Jennifer Langston in the article.
An environment with electronic locks is one possible user scenario for the in-body tech, the researchers say. The subject touches the lock the same time that he touches his smartphone fingerprint sensor. The smartphone is programmed to transmit a stored password through flesh and bone via the fingerprint sensor. The body then passes that signal onward. Circuitry in the lock opens the lock if the transmission from the body is authenticated.
The system is super-secure, the scientists claim. That’s because the signal never leaves the enveloping mass of the body. And any kind of body works: small, large and those of different heights.
Smartphone-to-body authentication use cases
“Let’s say I want to open a door using an electronic smart lock,” says co-lead author Merhdad Hessar, one of the students participating in the project. “I can touch the doorknob and touch the fingerprint sensor on my phone, and transmit my secret credentials through my body to open the door without leaking that personal information over the air.”
Conceivably future on-site server and network authentication could be implemented by simply touching a server’s metal case, say, and the equipment then recognizing the administrator through a similar smartphone-to-body transmission process.
Possible other scenarios where transmissions could benefit from being contained within the body could be in places where radio frequency (RF) poses a hazard yet authentication is still required. Hospitals have historically had issues with RF-spilling interference, as do blasting sites, such as those in mining and road construction.
Other uses could be for monitoring glucose sensors, the team suggests. Those devices need to confirm identities before sending data. Wearables in general could gain their authentication from a smartphone, say, without using arguably harder-to-secure over-the-air wireless. The researchers suggest traditional Wi-Fi and Bluetooth isn’t secure.
The receivers can be located anywhere on the body, and the person can be moving.
The key to the functionality is low-frequency transmissions, below 30 MHz, they’ve found. Those “benign” frequencies created by a finger scan are generated by consumer-grade touchpads and fingerprint sensors. The University of Washington researchers, in one test, used Lenovo trackpads and an Adafruit capacitive touchpad. An iPhone was also used in one case.
“Standing, sitting and sleeping” were all postures the scientists say were successfully tested.
“The receivers can be anywhere—on your leg, chest, hands—and still work,” they say.
Transmitting via the human body isn’t the only password-carrying organism being investigated by researchers.
Brain signals, called Passthoughts, could one day be used for bio-authentication, inventors say. In that case, remembering a favorite song or imagining a friend’s face could unlock computers with electronic brain readings. Those readings called Electro-encephalography (EEC) use a scalp-based headset, though, not flesh and bone.
This article is published as part of the IDG Contributor Network. Want to Join?