CyberWire Daily - Using the human body as a wire-like communication channel. [Research Saturday]
Episode Date: February 13, 2021Guest Dr. Shreyas Sen, a Perdue University associate professor of electrical and computer engineering, joins us to discuss the following scenario:. Instead of inserting a card or scanning a smartphone... to make a payment, what if you could simply touch the machine with your finger? A prototype developed by Purdue University engineers would essentially let your body act as the link between your card or smartphone and the reader or scanner, making it possible for you to transmit information just by touching a surface. The research can be found here: Tech makes it possible to digitally communicate through human touch (press release) BodyWire-HCI: Enabling New Interaction Modalities by Communicating Strictly During Touch Using Electro-Quasistatic Human Body Communication (research paper) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K.
Hello everyone and welcome to the CyberWires Research Saturday.
I'm Dave Bittner and this is our weekly conversation with researchers and analysts tracking down threats and vulnerabilities,
solving some of the hard problems of protecting ourselves in a rapidly evolving cyberspace.
Thanks for joining us.
And we already have this common conductive medium, that is the body itself. Why can we
not use the body as a wearer so that we get the orders of magnitude more efficiency and
physical security for devices communicating around the body.
That's Dr. Shreyas Sen. He's an associate professor at Purdue University. The research
we're discussing today is titled Enabling New Interaction Modalities by Communicating
Strictly Through Touch Using Electro-Quasi-Static Human-Body Communication. And now, a message from our sponsor, Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs,
yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks and a $75 million record payout in 2024.
These traditional security tools expand your attack surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Zscaler Zero Trust Plus AI stops attackers
by hiding your attack surface,
making apps and IPs invisible,
eliminating lateral movement,
connecting users only to specific apps,
not the entire network,
continuously verifying every request
based on identity and context,
simplifying security management
with AI-powered automation,
and detecting threats using AI
to analyze over 500 billion
daily transactions.
Hackers can't attack what they can't see.
Protect your organization with
Zscaler Zero Trust and
AI. Learn more at
zscaler.com
slash security.
Think about, you know, you have two devices on the body. Let's say maybe your smartwatch and another device.
Let's take your earpod.
Today what happens is when we want to communicate digital information from one device to another,
we take the digital information, put it on an electromagnetic carrier and radiate it.
That radiated signal goes all around us, for example, in Bluetooth up to 30 feet distance
and can be picked up by anybody in the physical proximity.
And only a very small fraction of this signal
gets picked up in the other device.
So we are kind of wasting energy,
sending signals to all the places
where it should have only stayed around my body.
And also we are creating a security risk
because anybody within a Starbucks-sized coffee shop
can now try to snoop into my signal because they have the physical signals themselves.
So what we started thinking is because body is conductive,
why not couple this signal in a different frequency range called the electroquasistatic frequency,
or that's where the name EQS-HBC, EQqs standing for electroquasi static and hbc standing
for human body communication comes from we published this uh last year in nature scientific
reports as well as this month there is a feature article on ieee spectrum where these concepts are
explained but long story short what it does is it couples tiny amounts of electrical signals from
this watch let's say, to your body.
And that signal is accessible anywhere around your body, but not off of your body.
So are we essentially using our body as an antenna?
Because we want to go off.
Short range antenna, extremely short range antenna.
Somewhat, but not antenna, a wire.
Think of the, like a copper wire,
that through which we communicate signals,
we are turning our body into a wire.
And so what are some of the practical applications
that you all have thought of here to use this?
Yeah, so there are many, many applications.
And I'll come to the touch application in a minute.
So out of the many applications, it can be
future body area network, your watch
talking to a ear pod, augmented reality, virtual reality,
medical devices around the body,
connected medical devices.
Anything that is on or in or around your body
that uses bluetooth today could be using this body as a wire technology making things much more secure
because the signals are not getting radiated and energy efficient now one of the key applications
that you are pointing out here is now that was the science of the technology, how to turn the body into aware.
Now, what we did in the recent news release and the paper that got published in the Transaction of Computer-Human Interaction, TOCAI,
and the CAI conference that is going to be presented next year, which the leading conference in human computer interaction we are going to show that once you couple the signal onto your body we are confining
it within less than a centimeter of your fingertip which means imagine you have a signal digital
signal on your body and your fingertip is empowered with the digital signal. If you can touch something, that will get the digital signal, but nothing else will get it.
So I can open a computer by touching the touchpad.
I can open a door just by touching it.
And this can create a second factor authentication.
Today, we are increasingly using multi-factor authentications, and we have to open our phone
to get the second factor. It will be possible to just
touch and send this digital second factor
through the touch in a seamless gesture. You don't have to
get your phone out of your pocket.
And to be clear, this is different from, say,
something like Touch ID, which is scanning your fingerprint, but it could work alongside
something like that. Exactly. And that can become the second and third factor. When you touch,
you have the fingerprint. Of course, that's the great biometric thing. But also that your
fingerprint is one time throughout your life. So if that gets compromised, then it's done.
We cannot change it.
So pairing it with some changing passwords
is something people anyway want to do.
So what we are talking about in the same seamless gesture
where you are touching some electrode
to give the biometric fingerprint
simultaneously overlaying a digital password communication through that. It can be with the
biometric or even without. But these are two orthogonal technologies that can be seamlessly
combined in one gesture. And so far, what kind of data rates have you been able to achieve? How much information can you send?
So we have two different sets of prototypes. One is we are developing our own integrated circuits also.
So I'll tell you, with off-the-shelf modified devices, we are achieving 10 kilobits per second kind of data rates,
devices, we are achieving 10 kilobits per second kind of data rates, which are good enough for these kind of security applications, as well as biomedical signal communication.
And then we are also pioneering our own application-specific integrated circuit, through which we have
shown more than 10 megabits per second kind of communication as well.
Now, is there any bi-directionality here?
In other words, can you send information back through your finger
to, say, a smartwatch, something like that?
Yeah, definitely.
The easiest way of thinking of this is like your body is aware now.
So you can send things back through aware.
Same, you can now use the body to send it back from the computer to your smartwatch.
And speaking of efficiency, which is
one of the, I think, the benefits that you're discussing here,
in the example of, say, sending information
through your fingertip to log into something, would
that information just be constantly broadcast
in a repeating kind of signal?
Or would there be some way to sense
when you're actually touching something?
Yeah, it should not be broadcasted all the time.
There are a few different ways
one can implement the full system.
And we have considered some of those.
So I'll give you two examples.
One is, is yes when you
are touching something you have some sensor that detects a touch and then activates the system
that's one possibility a second possibility is in the computer then sends a request for this
id like what you would do in a rfid kind of system right and then the smartwatch sends that ID back. So there are many different ways the system can be implemented
so that it only sends when needed and not broadcast all the time.
And what about the possibility of sending information person to person?
Could I transfer my contact information through a handshake?
Yes, that was the motivation when I started this.
If you read my first paper back in February 2016,
I have a nice picture showing a man and a lady
handshaking and they're sending a business card
so that we don't have to give them business cards anymore.
Yes, we can do that and we now, after four years of effort,
have a prototype that is able to do that.
So what are some of the things that you have
in your imagination here
and applications for this looking forward?
So one of the things we have been exploring is
so I will explain this from two aspects
one, that communication strictly through touch
this one, and then I'll explain the broader
body as a way concept
so the communication through touch, we
think, you know, opening computers,
this multi-factor authentication
is increasing significantly.
And people are carrying these
key fobs with them. There's a company
called Ubico, and people are using
this UB key and similar
other devices.
So you don't have to carry
that extra device.
Your smart watch or
any other device that you wear
becomes that second device
with this technology.
If you were trying to do it
for example from your smartphone, then the
smartphone had to send it using a
Bluetooth, which then increases
vulnerability because then the signals again
in somebody in physical proximity
can sense it so if you think of the key fob from where the key comes it basically gets plugged into
a usbc so the communication happens through that usbc and hence it's secure what we are doing is
we are now able to take that you don't have to plug it in the usbc anymore it can be anywhere
on your body and the body is your secure channel sending that
unique key to do logins so we believe that using the body as a where has a significant
possibility of growth in the multi-factor authentication space as well as today if you
imagine when you touch displays we are just giving out the information of which
location we are touching that's all the display understands but now with this technology if in
future it is integrated with the displays you are not only sending where i am touching i am also
sending who is touching or what heart rate they have right now. And many other overlaid information.
So that's what I said in
the Purdue News release
that you can log in
into your profile
on somebody else's phone just
by touching the app.
Think about that for a minute.
So today
we have to log in prior
and keep that information and then when I touch, all it says is open this app and in prior and keep that information.
And then when I touch, all it says, open this app,
and it uses the prior login information.
But in future, what can happen is when I'm touching,
it simultaneously sends the login information.
So anybody can open that.
For example, think of touch-based Uber terminals in an airport.
You don't have to log things in.
You can just touch, and you will automatically log in.
So essentially, you're carrying your ID on, for example, your smartwatch
and you're able to verify who you are by just touching things
that would be sensitive to this sort of communication.
That's correct.
Now to be clear here, we're using the human body,
you know, the bag of meat that is you or me as the conduit for this signal. And there's nothing
specific about, you know, you versus me. This system isn't, you know, measuring anything
particular about you or me. It's not using your specific biometrics or my specific biometrics to roll into any of the security.
It's really using the specifics of our flesh to keep it from,
as you say, to use as a wire rather than being broadcast at any distance.
Yes, that is correct. That's what the body-as-a-wire technology
or electroquassistatic HBC does. But of course, the prototypes we are developing also in certain applications
tries to couple it with the biometric.
For example, from the smartwatch, you can imagine collecting your heart rate,
which can act as a unique biometric, then digitizing it, sending it through your body.
And then when you touch with a fingertip, you can simultaneously get your fingerprint
and also the digital signal which contains your heart rate.
You can do many factor authentication in one single
touch gesture.
I'm thinking of applications also. There's been concern lately about
for example, if I want to
get into a bar and prove that I'm of age, you know, to be able to go in there and have a drink
with my friends, if I hand over my ID, that has a lot of information on it beyond just the fact
that I'm, in this case, over 21. It has my home address. It has, you know, a picture of me. And I
may not want to share all of that information. It seems to me like a technology such as yours, you'd be able to limit that,
have something at the door that I can touch and it'll just ask that specific question.
Can you verify that you are of age? The systems exchange information and say,
yep, this person's good. Let them in. Yes, absolutely. That's a great example.
information and say, yep, this person's good, let them in.
Yes, absolutely. That's a great example.
The touch is only one aspect of it, but body area networks, we need medical devices, connected medical devices monitored
in a secure and extremely energy efficient way
in the low speed application of body as a wire.
For high speed application, you know a huge boom in
augmented reality virtual reality which can be using this body as a wire technology so in
summary basically anything for which you think bluetooth is used today around the body this can
replace it and make it better it's like 100x lower energy than bluetooth and physically secure. So we see huge application space
and multiple different large companies
as well as startups have shown interest,
including the touch-based ID kind of technology.
And we are working on them to develop
some of this technology and try to bring it to market.
Well, it's very exciting.
I wish you all well.
It's interesting to see progress in this space and it seems as though you all are really on to something. This is exciting research.
Thank you. It's great discussing with you.
Our thanks to Dr. Shreyas Sen from Purdue University for joining us.
The research is titled Enabling New Interaction Modalities by Communicating Strictly During Touch Using Electroquasistatic Human Body Communication.
We'll have a link in the show notes.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
The Cyber Wire Research Saturday is proudly produced in Maryland out of the startup studios
of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies.
Our amazing Cyber Wire team is Elliot Peltzman, Puru Prakash, Stefan Vaziri, Kelsey Bond, Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen, Nick Valecki, Gina Johnson, Bennett Moe, Chris Russell, John Petrick, Jennifer Iben, Rick Howard, Peter Kilby, and I'm Dave Bittner.
Thanks for listening.