FYI.

This story is over 5 years old.

Tech

Whenever You Wear This Bracelet, You Will Be Continuously Authenticated

The wearable tech designed to improve computer security whenever you're logged in.
Image: Shimmer

For all the effort spent ensuring that we can securely log onto our computers and online services, it's easy to forget that logging out can be just as important. While a simple inactivity timeout may work for your home computer, it's hardly a surefire solution for computers in busy workplaces or public locations that may contain sensitive information like a patient's health records or personal financial details.

Advertisement

Researchers at Dartmouth College are now working on one possible solution to that problem, though, and it could well have some broader applications for computer security.

Their fairly novel approach is something called Zero-Effort Bilateral Recurring Authentication, or ZEBRA, which employs a bracelet that continuously authenticates a user while they're logged onto a computer, and automatically logs them out whenever they stop.

Unlike some other devices that rely on a proximity sensor—or even a bracelet that monitors your heartbeat, as one company promised last year—the Dartmouth researchers' system uses the same sensors found in most fitness bands to track wrist movement, which is then matched to keyboard and mouse input received by the computer.

If the input doesn't match up, or if the user steps away, they're automatically logged out. Researchers say they've been able to do this with 85 to 90 percent accuracy, depending on the security thresholds. In the current setup, users still need to first log in as they normally would.

A little extra security that's a bit less of a hassle is something that's always welcome

While their experiments have used a wearable sensor from Shimmer that's specially designed for research, the researchers say the authentication method could easily be implemented on standard smart watches and activity trackers, which would be a key advantage over security devices that depend on specialized hardware.

What's more, while their work so far has focused on continuous authentication after a user has first logged in using a more traditional method, the researchers also see a number of other possible applications for ZEBRA.

A "ZEBRA bracelet could act as a second factor for initial authentication," Professor David Kotz explained in an email, providing an added layer of security, "or as the only factor for low-security applications." It could even, in principle, be standardized for use across a variety of devices, he said.

Dartmouth PhD student Shrirang Mare adds that they are now working on extending the authentication technique to tablets (and eventually hope to extend it to smartphones as well), although that presents its own unique set of challenges. They not only need to accurately identify wrist movement when a person is on the move themselves, but do so without taking a significant toll on the tablet or smartphone's battery.

Of course, it's unlikely that smart watches or security bracelets will be a cure-all for our increasingly common security woes. They can be lost, forgotten, or stolen, too, after all. But a little extra security that's a bit less of a hassle is something that's always welcome—even if it's just part of the puzzle.