These days, smartwatches are becoming more common and can even operate in stand-alone mode. This increases the need for smartwatches to authenticate users independently without paired smartphones. Currently, password or pattern-based methods can authenticate the smartwatch users in stand-alone mode, but these methods are known to be vulnerable to simple attacks such as shoulder-surfing and password dictionary attacks. In addition, biometric-based methods, which are expected to release on smartwatches in the near future, require inconvenient user interaction or special sensors for measurement. In light of this, we propose a smartwatch user authentication method that does not require any additional sensors or user interaction. Based on the fact that the human body structure affects the way vibrations are absorbed, reflected, and propagated, we designed a smartwatch user authentication method based on a challenge-response structure using vibrations. In our method, a challenge is a set of fresh random vibrations, which are provided by default in current smartwatches, and a response to the challenge is measured by built-in gyroscope and accelerometer sensors. Our earlier study demonstrated that commercial smartwatch users can be authenticated with a low equal error rate (EER) of 1.37 %. In this paper, we extended the analysis of our method on various vibration types by using a prototype setup. As a result, we discovered an outperformed vibration type for user authentication. We conducted further analysis for users with heavier body weights as these individuals are more vulnerable to a not-in-wear attack. Finally, we conducted more advanced impersonation attacks on test participants with one or more similar physical indicators to demonstrate that our method is also secure against a wider range of more complex attacks.
Bibliographical noteFunding Information:
This research was supported by a National Research Foundation grant funded by the Korean Government Ministry of Science, Technology and Information and Communication under Grant NRF-2021R1A2C2014428.
© 2022 Elsevier Ltd
- Signal Processing
- Usable Security
ASJC Scopus subject areas
- Computer Science(all)