Shake, Shake, I Know Who You Are: Authentication Through Smart Wearable Devices

Information security and user comfort are the games that smartphone manufacturers have always had to face. Explicit authentication (EA) methods, including password, fingerprint recognition, and face recognition, have become the most popular ways to unlock smartphones. However, these methods also incur some troubles in users' daily lives and even suffer from security problems like shoulder surfing attacks and password reuse attacks. Unlike the EA methods, the implicit authentication (IA) methods employ the user's behavior, posture, and so on to confirm who the user is. The "Smart Lock (SL)," as a new IA introduced by the biggest smartphone system manufacturer, Google, has effectively increased user comfort while ensuring user information security. However, we found that the SL is not secure enough, where anyone wearing a smart device can be authenticated. In this article, based on the "Trusted Devices (DEVICE)" approach in SL, we design a band with sensors commonly found on smart wearables and two authentication models to improve the security of SL scenarios. We use our designed band to collect data to evaluate our models. The experimental results show that our designed band is universal. Our authentication model for power-constrained devices such as wearables has 97.01% accuracy and power overhead of 0.0195 mAh per time. The designed authentication model for smartphones has an accuracy of 99.67% and power consumption of 0.83 mAh per time. Therefore, our scheme can meet the IA for different security requirements in different scenarios.