WearLock: Unlock Your Phone via Acoustics using Smartwatch

Similar documents
Lecture 3: Wireless Physical Layer: Modulation Techniques. Mythili Vutukuru CS 653 Spring 2014 Jan 13, Monday

CHAPTER 3 MIMO-OFDM DETECTION

Waveform Design Choices for Wideband HF

Practical issue: Group definition. TSTE17 System Design, CDIO. Quadrature Amplitude Modulation (QAM) Components of a digital communication system

Bringing Multi-Antenna Gain to Energy-Constrained Wireless Devices Sanjib Sur, Teng Wei, Xinyu Zhang

BER ANALYSIS OF WiMAX IN MULTIPATH FADING CHANNELS

Selected answers * Problem set 6

4x4 Time-Domain MIMO encoder with OFDM Scheme in WIMAX Context

Professor Paulraj and Bringing MIMO to Practice

Wireless Communication

TSTE17 System Design, CDIO. General project hints. Behavioral Model. General project hints, cont. Lecture 5. Required documents Modulation, cont.

Bit Error Rate Performance Evaluation of Various Modulation Techniques with Forward Error Correction Coding of WiMAX

FAQs about OFDMA-Enabled Wi-Fi backscatter

Presentation Outline. Advisors: Dr. In Soo Ahn Dr. Thomas L. Stewart. Team Members: Luke Vercimak Karl Weyeneth. Karl. Luke

Software Defined OFDM System for wireless In-Battery Communication

Outline / Wireless Networks and Applications Lecture 7: Physical Layer OFDM. Frequency-Selective Radio Channel. How Do We Increase Rates?

CHAPTER 3 ADAPTIVE MODULATION TECHNIQUE WITH CFO CORRECTION FOR OFDM SYSTEMS

LINK DEPENDENT ADAPTIVE RADIO SIMULATION

DSP IMPLEMENTATION OF HIGH SPEED WLAN USING OFDM

Digital Modulation. Kate Ching-Ju Lin ( 林靖茹 ) Academia Sinica

OFDM AS AN ACCESS TECHNIQUE FOR NEXT GENERATION NETWORK

Channel Estimation by 2D-Enhanced DFT Interpolation Supporting High-speed Movement

Rate and Power Adaptation in OFDM with Quantized Feedback

TC-3000C Bluetooth Tester

Predictable Packet Delivery from Wireless Channel Measurements. Daniel Halperin Wenjun Hu, Anmol Sheth, David Wetherall

University of Bristol - Explore Bristol Research. Peer reviewed version. Link to published version (if available): /ICCE.2012.

Receiver Designs for the Radio Channel

OFDM Systems For Different Modulation Technique

Performance Analysis of Cognitive Radio based WRAN over Rayleigh Fading Channel with Alamouti-STBC 2X1, 2X2&2X4 Multiplexing

arxiv: v1 [cs.ni] 28 Aug 2015

Page 1. Overview : Wireless Networks Lecture 9: OFDM, WiMAX, LTE

Underwater communication implementation with OFDM

Channel Matrix Pre-Computation For Mimo Ofdm Systems In High Mobility Fading Channels

Local Oscillators Phase Noise Cancellation Methods

Wireless Intro : Computer Networking. Wireless Challenges. Overview

OFDMA and MIMO Notes

Simulative Investigations for Robust Frequency Estimation Technique in OFDM System

OFDMA PHY for EPoC: a Baseline Proposal. Andrea Garavaglia and Christian Pietsch Qualcomm PAGE 1

SourceSync. Exploiting Sender Diversity

Overview. Cognitive Radio: Definitions. Cognitive Radio. Multidimensional Spectrum Awareness: Radio Space

UNIFIED DIGITAL AUDIO AND DIGITAL VIDEO BROADCASTING SYSTEM USING ORTHOGONAL FREQUENCY DIVISION MULTIPLEXING (OFDM) SYSTEM

Research Article Privacy Leakage in Mobile Sensing: Your Unlock Passwords Can Be Leaked through Wireless Hotspot Functionality

Channel Estimation for Downlink LTE System Based on LAGRANGE Polynomial Interpolation

BackDoor: Sensing Out-of-band Sounds through Channel Nonlinearity

Performance Evaluation of OFDM System with Rayleigh, Rician and AWGN Channels

CHAPTER 4. DESIGN OF ADAPTIVE MODULATION SYSTEM BY USING 1/3 RATE TURBO CODER (SNR Vs BER)

Optimized BPSK and QAM Techniques for OFDM Systems

Principles of Orthogonal Frequency Division Multiplexing and Multiple Input Multiple Output Communications Systems

Lecture 13. Introduction to OFDM

CIS 632 / EEC 687 Mobile Computing. Mobile Communications (for Dummies) Chansu Yu. Contents. Modulation Propagation Spread spectrum

About Homework. The rest parts of the course: focus on popular standards like GSM, WCDMA, etc.

Chapter 4 DOA Estimation Using Adaptive Array Antenna in the 2-GHz Band

ANALYSIS OF BER AND SEP OF QPSK SIGNAL FOR MULTIPLE ANENNAS

OFDM and MC-CDMA A Primer

OFDM system: Discrete model Spectral efficiency Characteristics. OFDM based multiple access schemes. OFDM sensitivity to synchronization errors

Mobile Computing GNU Radio Laboratory1: Basic test

Performance Analysis of V-BLAST MIMO-OFDM using Transmit and Receive Beamforming

Chiron: Concurrent High Throughput Communication for IoT Devices

1. Introduction. 2. OFDM Primer

Performance Evaluation of Wireless Communication System Employing DWT-OFDM using Simulink Model

EC 551 Telecommunication System Engineering. Mohamed Khedr

Fractionally Spaced Equalization and Frequency Diversity Methods for Block Transmission with Cyclic Prefix

Performance Evaluation of IEEE e (Mobile WiMAX) in OFDM Physical Layer

ELEC E7210: Communication Theory. Lecture 7: Adaptive modulation and coding

Lecture 5: Simulation of OFDM communication systems

Experimenting with Orthogonal Frequency-Division Multiplexing OFDM Modulation

Project: IEEE P Working Group for Wireless Personal Area Networks N

Adapting to the Wireless Channel: SampleRate

MITIGATING CARRIER FREQUENCY OFFSET USING NULL SUBCARRIERS

UNDERSTANDING AND MITIGATING

Wideband HF Channel Simulator Considerations

Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs)

Technical Aspects of LTE Part I: OFDM

Study of Performance Evaluation of Quasi Orthogonal Space Time Block Code MIMO-OFDM System in Rician Channel for Different Modulation Schemes

Wireless Networks (PHY)

Implementation and Comparative analysis of Orthogonal Frequency Division Multiplexing (OFDM) Signaling Rashmi Choudhary

Introduction to WiMAX Dr. Piraporn Limpaphayom

Wireless Networks: An Introduction

Mobile Security Fall 2015

BER Comparison of DCT-based OFDM and FFT-based OFDM using BPSK Modulation over AWGN and Multipath Rayleigh Fading Channel

Wireless Network Security Spring 2014

Implementation of OFDM-based Superposition Coding on USRP using GNU Radio

DIGITAL COMMUNICATION

Implementation of OFDM Modulated Digital Communication Using Software Defined Radio Unit For Radar Applications

Orthogonal Cyclic Prefix for Time Synchronization in MIMO-OFDM

EECS 473 Advanced Embedded Systems. Lecture 14 Wireless in the real world

Field Measurements of 2x2 MIMO Communications

BER Performance with GNU Radio

Subcarrier Index Coordinate Expression (SICE): An Ultra-low-power OFDM-Compatible Wireless Communications Scheme Tailored for Internet of Things

Roger Kane Managing Director, Vicom Australia

Performance Study of MIMO-OFDM System in Rayleigh Fading Channel with QO-STB Coding Technique

ECE5984 Orthogonal Frequency Division Multiplexing and Related Technologies Fall Mohamed Essam Khedr. Channel Estimation

Outline Chapter 4: Orthogonal Frequency Division Multiplexing

Major Leaps in Evolution of IEEE WLAN Technologies

TCM-coded OFDM assisted by ANN in Wireless Channels

2.

A Technique COFDM For Improving Efficiency To Transmitted An Images Through Modulation Technique For Wireless Communication Problem

A Hybrid Synchronization Technique for the Frequency Offset Correction in OFDM

Performance Analysis of WiMAX Physical Layer Model using Various Techniques

Performance Improvement of OFDM System using Raised Cosine Windowing with Variable FFT Sizes

Transcription:

: Unlock Your Phone via s using Smartwatch Shanhe Yi, Zhengrui Qin*, Nancy Carter, and Qun Li College of William and Mary *Northwest Missouri State University

Smartphone is a pocket-size summary of your digit life It is common sense, that if your phone is not being using, it should be locked.

Not favored by some customers 53/150 (35%) never enable any screen lock, due to inconvenient input of screen locks [Bruggen et al. SOUPS 10] 57.1% of participants use none or native screen lock; 46.8% participants consider unlocking annoying; 25.5% want an easier way to unlock their phone [Harbach et al. SOUPS 14] 23 participants check their smartphone an average of 85 times a day [Andrew et al. 2015] motivated to find more desirable method for smartphone unlocking: require minimal effort improve user experience authenticate user on each interaction no tradeoff on security

Screen Lock - Finding Suitable Authentication Method Passwords - what you know Security Strength Easy to Shoulder guess Surfing Easy to input Smudge Hard Attack to memorize Difficult to input

Screen Lock - Finding Suitable Authentication Method Biometrics - who you are Very Convenient Uniquely tied to human body - non-replaceable

Screen Lock - Finding Suitable Authentication Method Tokens - what you have Easy-to-use Secure Replaceable Come for free in the wearable era. Additional hardware cost 12% US consumers own at least one wearable device [Kantar Wearable Technology, 2016] 55% consumers have intentions to buy at least one wearable devices [Morgan Stanley, 2014] Research problem: How to securely and user-friendly unlock smartphone via a trusted companion wearable?

Unlocking Your Phone via Wearable Tokens desirable communication range (<2m, room level) NFC communication range:10cm Bluetooth communication range: 10-100m no extra hardware additions (mic & speaker) Challenges build an efficient, reliable and secure communication acoustic channel against ambient noise system needs to accommodate the limited battery and computation power of the wearable devices

System Overview Phone Watch SPEAKER Android Keyguard Controller (Phone) Controller (Watch)

System Overview Phone Watch - auth channel SPEAKER - generate one time password Android Keyguard Controller (Phone) Controller (Watch)

Phone Watch SPEAKER Authentication Android Keyguard Controller (Phone) Controller (Watch) frequency range - audible 1kHz-6kHz, near-ultrasound 15kHz-20kHz ambient noises (e.g., air condition) - channel probing and avoid interference channels sound propagation and attenuation - control volume secure the acoustic channel phone with mic/speaker, watch with only mic cannot use self-interference cancellation Dhwani(Sigcom13), PriWhisper(IoT journal 2014), Dolphin(AsiaCCS15) send only one time password (counter-based HMAC-based one time password algorithm)

System Overview - modulate and demodulate Phone SPEAKER Watch FFT-based modulation and demodulation Android Keyguard Controller (Phone) Controller (Watch)

Phone Watch Design for Phone- Watch Pair Android Keyguard SPEAKER Controller (Phone) Controller (Watch) TX RX n 1 Preamble Energy-based Silence Detection) Preamble Detection Signal Present Block-by- Decoding Yes Cyclic Prefix Insertion Preamble Insert Frequency-to=Time conversion (IFFT) n 2 1 Time-domain Synchronization Controller (Phone) S/P Constellation Mapping Pilot Tone Insertion Time-to- Frequency (FFT) Channel Estimation & Equalization Constellation De-mapping P/S Controller (Watch) Preamble design - linearly frequency modulation (chirp/sweep signal), detected by cross-correlation

Phone Watch Design for Phone- Watch Pair Android Keyguard SPEAKER Controller (Phone) Controller (Watch) TX RX n 1 Preamble Energy-based Silence Detection) Preamble Detection Signal Present Block-by- Decoding Yes Cyclic Prefix Insertion Preamble Insert Frequency-to=Time conversion (IFFT) n 2 1 Time-domain Synchronization Controller (Phone) S/P Constellation Mapping Pilot Tone Insertion Time-to- Frequency (FFT) Channel Estimation & Equalization Constellation De-mapping P/S Controller (Watch) Time-domain Synchronization coarse sync via preamble detection fine sync via cyclic prefix argmin t f t c +t f +T X g t=t c +t f x(t)x(t + T s ), 8t f 2 [, ]

Phone Watch Design for Phone- Watch Pair Android Keyguard SPEAKER Controller (Phone) Controller (Watch) TX RX n 1 Preamble Energy-based Silence Detection) Preamble Detection Signal Present Block-by- Decoding Yes Cyclic Prefix Insertion Preamble Insert Frequency-to=Time conversion (IFFT) n 2 1 Time-domain Synchronization Controller (Phone) S/P Constellation Mapping Pilot Tone Insertion Time-to- Frequency (FFT) Channel Estimation & Equalization Constellation De-mapping P/S Controller (Watch) Channel estimation and equalization - equal-spaced unit powered pilot tones FFT-based interpolation -> channel frequency response By equalizing the known a-priori pilot sub-channel to unitpower, we equalize the data channel at the same time H(k),k 2 P [ D ŝ(k) = z(k) H(k)

System Overview Phone Watch SPEAKER Wireless - secure control channel Android Keyguard Controller (Phone) Controller (Watch)

Phone Watch SPEAKER Wireless Control Channel Android Keyguard Controller (Phone) Controller (Watch) sync configurations secret key, counter of parameters channel layouts Time cost of processing location offload audio processing reduce computation delay better battery consumption Power consumption of processing location

System Overview Phone Watch Controller - execute the protocol Android Keyguard - manage the screen lock Android Keyguard SPEAKER Controller (Phone) Controller (Watch)

Unlocking Protocol Phone SPEAKER Watch Phone User Click Watch Android Keyguard Controller (Phone) Controller (Watch) Check Bluetooth Link Provide Required Information Send Phase 1 audio clip (RTS) recording sensor Recording RTS and sensor Receive: recorded audio and sensor from watch -based Filtering Channel probing processing Phase 2 Send modulated data Recording modulated data Preprocessing and Demodulation Locked KeyGuard Unlocked

Motion-sensor based filtering co-location detection via motion similarity Phone User Click Check Bluetooth Link Watch Provide Required Information dynamic time warping, DTW Send Phase 1 audio clip (RTS) recording sensor Receive: recorded audio and sensor from watch Recording RTS and sensor -based Filtering Channel probing processing Phase 2 Send modulated data Recording modulated data Preprocessing and Demodulation Locked KeyGuard Unlocked

Adaptive Modulation -select a modulation mode that maintains a BER under target BER with certain distance Phone Watch User Click Check Bluetooth Link Send Phase 1 audio clip (RTS) recording sensor Receive: recorded audio and sensor from watch -based Filtering Provide Required Information Recording RTS and sensor The higher order of the modulation higher data rate. shorter signal for same bits. more vulnerable to ambient noise and interference (what we need). SPL tx 20 log 10 ( 1.0 d 0 ) Min Eb/N0 SPL noise > SNR min Channel probing processing Phase 2 Send modulated data Recording modulated data BER 0.1 8PSK 16QAM QPSK QASK BPSK BASK MaxBER 0.1 Preprocessing and Demodulation 0.01 Locked KeyGuard Unlocked 0.001 0 7 14 21 28 35 42 49 56 63 70 Eb/N0 in db

Evaluation - Communication Range The BER in distances and transmission modes (near-ultrasound, quiet office room, line-of-sight) Higher order modulation has higher BER. Showing the feasibility that we can adaptive change the modulation scheme to constrain the max BER within one meter range.

Evaluation - Adaptive Modulation The BER in adaptive modulation under different BER constrains. (near-ultrasound, quiet office room, line-of-sight) The BER under jamming and sub channel selection (audible sound, QPSK) The system can adaptively change modulation schemes to make sure the receiver within a certain distance has a BER close to its constrains. The system can adapt to ambient noise in sub-channel selections and maintain a stable BER.

Evaluation - System Delay config1: moto360 - wifi - nexus 6 config2: moto360 - bluetooth - galaxy nexus config3: locally on moto360 Computation delay breakdown comm. delay between smartphone and smartwatch total delay in different configurations Offloading computation to smartphone reduce computation delay significantly. Control channel via WiFi outperforms Bluetooth. If offloading is enabled, has at least 17.7% (config2) speedup against manual entering PINs; in the fast case (config1), the speed up is at least 58.6%. only needs user to click the power button.

Evaluation - Field Test BER vs. Location Office Class Room Cafe Grocery Store Diff. Hand (Audible) 0.049 (8PSK) 0.033 (8PSK) 0.026 (QPSK) 0.012 (QPSK) Same Hand (Audible) 0.089 (8PSK) 0.051 (8PSK) 0.066 (QPSK) 0.065 (QPSK) Diff. Hand (Near-ultrasound) 0.056 (8PSK) 0.042 (QPSK) 0.023 (QPSK) 0.014 (QPSK) Same Hand (Near-ultrasound) 0.105 (QPSK) 0.188 (QPSK) 0.197 (QPSK) 0.206 (QPSK) Average BER is around 0.08 There is a direct path ing in same hand cases. Near-ultrasound has less interference but significant signal fade in same hand cases. Audible sound is less convenient but more useable in noises cases. It would be better to use inaudible sound in quiet spaces and audible sound in noisy spaces as long as the volume is controlled.

Conclusion We show that a convent and secure smartphone unlocking can be achieved by leavening a paired smartwatch., the implemented system, secures the acoustic channel by adapting the transmission power and modulation configurations, and sends an tokens for validation via acoustics to unlock the smartphone. To optimize the system performance, we offload the heavy computation to the phone, and leverage multi-source information including sensor data to reduce unnecessary audio transmissions. can achieve an average bit error rate of 8% in our experiments. achieves at least 18% speedup even on a low-end device, compared to entering PINs.

End. Thank you. Q&A

Security Discussion Security Discussion Brutal Force Attack 32bits (select 16 data channels in QPSK/QASK, 11 data channel in 8PSK) -> 2 32 Co-located Attack <1meter and Line-of-Sight is very hard to achieve for attacker Record and replay Attack timing-based detection (software stack delay) Relay Attack Cannot defense Hard to mount such attack

NLOS detection analyzes the received preamble: a LFM modulated signal sent in the RTS/CTS phase We first check the maximal normalized cross correlation score. If the max score is below a certain threshold (0.05 in our experiment), we will abort the transmission, since it indicates a mismatch on the preamble with high possibility. Otherwise, we can coarsely synchronize the signal. Next, we approximate a delay profile of the preamble using cross correlation. When the is beyond a certain threshold we assume that there is a severe body ing rms = rms s P n (t n ˆ ) 2 A(t n ) P n A(t n) A(t n ) t n = n F s ˆ = P P n t na(t n ) n A(t n)

Android Lock Screen PIN Entering Measurement Same method as Harbach et al. SOUPS 14

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback