How to send secure passwords through your body instead of air

September 30, 2016

Potential applications for on-body transmissions include securely sending information to door locks, glucose sensors, or other wearable medical devices. (credit: Vikram Iyer, University of Washington)

University of Washington computer scientists and electrical engineers have devised a way to send secure passwords through the human body, using benign, low-frequency transmissions already generated by fingerprint sensors and touchpads on consumer devices.

“Let’s say I want to open a door using an electronic smart lock,” said Merhdad Hessar, a UW electrical engineering doctoral student and co-lead author of a paper presented in September at the 2016 Association for Computing Machinery’s International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp 2016) in Germany. “I can touch the doorknob and touch the fingerprint sensor on my phone and transmit my secret credentials through my body to open the door, without leaking that personal information over the air.”

Secure on-body transmissions

These “on-body” transmissions offer a more secure way to transmit authenticating information between devices that touch parts of your body — such as a wearable medical device — and a phone or device that confirms your identity by asking you to type in a password.

The technology could also be useful for secure key transmissions to medical devices which seek to confirm someone’s identity before sending or sharing data, such as glucose monitors or insulin pumps.

The research team tested the technique on iPhone and other fingerprint sensors, as well as Lenovo laptop trackpads and the Adafruit capacitive touchpad. In tests with ten different subjects, they were able to generate usable on-body transmissions on people of different heights, weights and body types. The system also worked when subjects were in motion, including while they walked and moved their arms.

The researchers showed that it works in different postures like standing, sitting and sleeping, and they can get a strong signal throughout your body, with receivers on any part of the body.

Reverse-engineering and repurposing smartphone sensors

The research team from the UW’s Networks and Mobile Systems Lab systematically analyzed smartphone sensors to understand which of them generates low-frequency transmissions below 30 megahertz (which travel well through the human body but don’t propagate over the air).

The researchers found that fingerprint sensors and touchpads generate signals in the 2 to 10 megahertz range and employ capacitive coupling to sense where your finger is in space and to identify the ridges and valleys that form unique fingerprint patterns.

Normally, sensors use these signals to receive input about your finger. But the UW engineers devised a way to use these signals as output that corresponds to data contained in a password or access code. When entered on a smartphone, data that authenticates your identity can travel securely through your body to a receiver embedded in a device that needs to confirm who you are.

Their process employs a sequence of finger scans to encode and transmit data. Performing a finger scan correlates to a 1-bit of digital data and not performing the scan correlates to a 0-bit. The team achieved bit rates of 50 bits per second on laptop touchpads and 25 bits per second with fingerprint sensors — fast enough to send a simple password or numerical code through the body and to a receiver within seconds.

This represents only a first step, the researchers say. Data can be transmitted through the body even faster if fingerprint sensor manufacturers provide more access to their software.

The research was funded by the Intel Science and Technology Center for Pervasive Computing, a Google faculty award and the National Science Foundation.

For more information, contact the research team at onbody@cs.washington.edu.


Abstract of Enabling on-body transmissions with commodity devices

We show for the first time that commodity devices can be used to generate wireless data transmissions that are confined to the human body. Specifically, we show that commodity input devices such as fingerprint sensors and touchpads can be used to transmit information to only wireless receivers that are in contact with the body. We characterize the propagation of the resulting transmissions across the whole body and run experiments with ten subjects to demonstrate that our approach generalizes across different body types and postures. We also evaluate our communication system in the presence of interference from other wearable devices such as smartwatches and nearby metallic surfaces. Finally, by modulating the operations of these input devices, we demonstrate bit rates of up to 50 bits per second over the human body.