Researchers at Dartmouth College’s Trustworthy Health and Wellness (THaW) group have developed a service that uses a bracelet containing an accelerometer, gyroscope and radio to continuously authenticate the user of a computer system.
“When the user interacts with a computer terminal, the bracelet records the wrist movement, processes it and sends it to the terminal,” the university explains. “The terminal compares the wrist movement with the inputs it receives from the user via keyboard and mouse and confirms the continued presence of the user only if they correlate.
“Because the bracelet is on the same hand that provides inputs to the terminal, the accelerometer and gyroscope data and input events received by the terminal should correlate because their source is the same – the user’s hand movement.”
In experiments, the Zero-Effort Bilateral Recurring Authentication service “performed continuous authentication with 85% accuracy in verifying the correct user and identified all adversaries within 11 seconds,” the university adds.
“This kind of quick reaction can prevent mistakes – such as clinical staff accidentally entering information into the wrong patient’s medical record – or inappropriate behaviour, such as a bystander examining personal medical information or financial data by taking advantage of a computer left open by an authorized user.”
“In this work, we focused on the deauthentication problem for desktop computers because we were motivated by associated problems faced by healthcare professionals in hospitals,” says Professor David Kotz, the study’s senior author. “It would be natural to extend [the technology] to mobile devices, such as smartphones or tablet computers, and we believe this is possible despite some different challenges.”
As well as mobile phones, the technology could also be extended to TV remotes, game controllers and any other device where the user provides frequent inputs with his or her hand, the researchers add.
“For these devices, however, the application may be more for improving usability than security,” they explain. “For example, if the TV remote could identify who is holding it, it could provide personalized functionality, which could lead to a better user experience.”