survey

An Offensive and Defensive Exposition of Wearable Computing

Authors:
Prakash Shrestha

University of Alabama at Birmingham, USA

University of Alabama at Birmingham, USA

0000-0002-7779-6399
View Profile

,
Nitesh Saxena

University of Alabama at Birmingham, USA

University of Alabama at Birmingham, USA
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 50 Issue 6Article No.: 92pp 1–39https://doi.org/10.1145/3133837

Published:22 November 2017Publication History

ACM Computing Surveys

Abstract

Wearable computing is rapidly getting deployed in many—commercial, medical, and personal—domains of day-to-day life. Wearable devices appear in various forms, shapes, and sizes and facilitate a wide variety of applications in many domains of life. However, wearables raise unique security and privacy concerns. Wearables also hold the promise to help enhance the existing security, privacy, and safety paradigms in unique ways while preserving the system’s usability.

The contribution of this research literature survey is threefold. First, as a background, we identify a wide range of existing as well as upcoming wearable devices and investigate their broad applications. Second, we provide an exposition of the security and privacy of wearable computing, studying dual aspects, that is, both attacks and defenses. Third, we provide a comprehensive study of the potential security, privacy, and safety enhancements to existing systems based on the emergence of wearable technology. Although several research works have emerged exploring different offensive and defensive uses of wearables, there is a lack of a broad and precise literature review systematizing all those security and privacy aspects and the underlying threat models. This research survey also analyzes current and emerging research trends and provides directions for future research.

References

Zaid Ameen Abduljabbar, Hai Jin, Ayad Ibrahim, Zaid Alaa Hussien, Mohammed Abdulridha Hussain, Salah H. Abbdal, and Deqing Zou. 2016. Privacy-preserving image retrieval in IoT-cloud. In Proceedings of the 2016 IEEE Trustcom/BigDataSE/I SPA. IEEE, 799--806.Google ScholarCross Ref
Paarijaat Aditya, Rijurekha Sen, Peter Druschel, Seong Joon Oh, Rodrigo Benenson, Mario Fritz, Bernt Schiele, Bobby Bhattacharjee, and Tong Tong Wu. 2016. I-pic: A platform for privacy-compliant image capture. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys’16), Vol. 16. Google ScholarDigital Library
Rakesh Agrawal and Ramakrishnan Srikant. 2000. Privacy-preserving data mining. In ACM Sigmod Record, Vol. 29. ACM, 439--450. Google ScholarDigital Library
Jalal Al-Muhtadi, Dennis Mickunas, and Roy Campbell. 2001. Wearable security services. In Proceedings of the 2001 International Conference on Distributed Computing Systems Workshop. IEEE, 266--271. Google ScholarDigital Library
Petar S. Aleksic and Aggelos K. Katsaggelos. 2006. Audio-visual biometrics. Proc. IEEE 94, 11 (2006), 2025--2044.Google ScholarCross Ref
Kamran Ali, Alex X. Liu, Wei Wang, and Muhammad Shahzad. 2015. Keystroke recognition using wifi signals. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking. ACM, 90--102. Google ScholarDigital Library
S. Abhishek Anand and Nitesh Saxena. 2016. A sound for a sound: Mitigating acoustic side channel attacks on password keystrokes with active sounds. Financial Cryptography and Data Security. Springer, 346–364.Google Scholar
S. Abhishek Anand, Prakash Shrestha, and Nitesh Saxena. 2015. Bad sounds good sounds: Attacking and defending tap-based rhythmic passwords using acoustic signals. In Cryptology and Network Security. Springer, 95--110.Google Scholar
William A. Arbaugh, David J. Farber, and Jonathan M. Smith. 1997. A secure and reliable bootstrap architecture. In Proceedings of the 1997 IEEE Symposium on Security and Privacy. IEEE, 65--71. Google ScholarDigital Library
Corey Ashby, Amit Bhatia, Francesco Tenore, and Jacob Vogelstein. 2011. Low-cost electroencephalogram (eeg) based authentication. In Proceedings of the 2011 5th International IEEE/EMBS Conference on Neural Engineering (NER’11). IEEE, 442--445.Google ScholarCross Ref
Ashwin Ashok, Viet Nguyen, Marco Gruteser, Narayan Mandayam, Wenjia Yuan, and Kristin Dana. 2014. Do not share&excl; Invisible light beacons for signaling preferences to privacy-respecting cameras. In Proceedings of the 1st ACM MobiCom Workshop on Visible Light Communication Systems. ACM, 39--44. Google ScholarDigital Library
Dmitri Asonov and Rakesh Agrawal. 2004. Keyboard acoustic emanations. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 3.Google ScholarCross Ref
Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith. 2010. Smudge attacks on smartphone touch screens.WOOT 10 (2010), 1--7. Google ScholarDigital Library
Daniel V. Bailey, Markus Dürmuth, and Christof Paar. 2014. Typing passwords with voice recognitio: How to authenticate to Google glass. In Proceedings of the Symposium on Usable Privacy and Security.Google Scholar
Davide Balzarotti, Marco Cova, and Giovanni Vigna. 2008. Clearshot: Eavesdropping on keyboard input from video. In Proceedings of the IEEE Symposium on Security and Privacy, 2008 (SP’08). IEEE, 170--183. Google ScholarDigital Library
Mukhtaj S. Barhm, Nidal Qwasmi, Faisal Z. Qureshi, and Khalil El-Khatib. 2011. Negotiating privacy preferences in video surveillance systems. In Modern Approaches in Applied Intelligence. Springer, 511--521. Google ScholarDigital Library
Andrea Bianchi and Ian Oakley. 2016. Wearable authentication: Trends and opportunities. Inf. Technol. 58, 5 (2016), 255--262.Google Scholar
Dan Boneh, Craig Gentry, Shai Halevi, Frank Wang, and David J. Wu. 2013. Private database queries using somewhat homomorphic encryption. In Proceedings of the International Conference on Applied Cryptography and Network Security. Springer, 102--118. Google ScholarDigital Library
Joseph Bonneau, Cormac Herley, Paul C. Van Oorschot, and Frank Stajano. 2012. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In Proceedings of the 2012 IEEE Symposium on Security and Privacy. IEEE, 553--567. Google ScholarDigital Library
Raphael Bost, Raluca Ada Popa, Stephen Tu, and Shafi Goldwasser. 2015. Machine learning classification over encrypted data. The Network and Distributed System Security.Google Scholar
Ferdinand Brasser, Brahim El Mahjoub, Ahmad-Reza Sadeghi, Christian Wachsmann, and Patrick Koeberl. 2015. TyTAN: Tiny trust anchor for tiny devices. In Proceedings of the 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC’15). IEEE, 1--6. Google ScholarDigital Library
Jack Brassil. 2005. Using mobile communications to assert privacy from video surveillance. In 19th IEEE International Parallel and Distributed Processing Symposium. IEEE, 8--pp. Google ScholarDigital Library
Karel A. Brookhuis, Gerbrand de Vries, and Dick de Waard. 1991. The effects of mobile telephoning on driving performance. Accident Anal. Prevent. 23, 4 (1991), 309--316.Google ScholarCross Ref
Rondell Burge and Alex Chaparro. 2012. The effects of texting and driving on hazard perception. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting, Vol. 56. Sage Publications, 715--719.Google ScholarCross Ref
Mario Čagalj, Srdjan Čapkun, and Jean-Pierre Hubaux. 2006. Key agreement in peer-to-peer wireless networks. Proc. IEEE 94, 2 (2006), 467--478.Google ScholarCross Ref
Kelly E. Caine. 2009. Supporting privacy by preventing misclosure. In CHI’09 Extended Abstracts on Human Factors in Computing Systems. ACM, 3145--3148. Google ScholarDigital Library
Cammozzo. 2016. Wearing or displaying a tagmenot means don’t post my image unless face and personal details are blurred. Retrieved from http://tagmenot.info/.Google Scholar
Byung-Rae Cha, Sang-Hun Lee, Soo-Bong Park, and Gun-Ki Lee4 Yoo-Kang Ji. 2015. Design of micro-payment to strengthen security by 2 factor authentication with mobile 8 wearable devices. Advanced Science and Technology Letters 109 (2015), 28–32.Google ScholarCross Ref
Pan Chan, Tzipora Halevi, and Nasir Memon. 2015. Glass OTP: Secure and convenient user authentication on google glass. In Financial Cryptography and Data Security. Springer, 298--308.Google Scholar
Shoude Chang, Kirill V. Larin, Youxin Mao, Costel Flueraru, and Wahab Almuhtadi. 2011. Fingerprint spoof detection using near infrared optical analysis. In State of the Art in Biometrics, 57--84.Google Scholar
Jagmohan Chauhan, Hassan Jameel Asghar, Anirban Mahanti, and Mohamed Ali Kaafar. 2016. Gesture-based continuous authentication for wearable devices: The smart glasses use case. In Proceedings of the International Conference on Applied Cryptography and Network Security. Springer, 648--665.Google ScholarCross Ref
Bo Cheng, Li Zhuo, Yu Bai, Yuanfan Peng, and Jing Zhang. 2014. Secure index construction for privacy-preserving large-scale image retrieval. In Proceedings of the 2014 IEEE Fourth International Conference on Big Data and Cloud Computing (BdCloud’14). IEEE, 116--120. Google ScholarDigital Library
John Chuang, Hamilton Nguyen, Charles Wang, and Benjamin Johnson. 2013. I think, therefore I am: Usability and security of authentication using brainwaves. In Financial Cryptography and Data Security. Springer, 1--16.Google Scholar
Cory Cornelius, Ronald Peterson, Joseph Skinner, Ryan Halter, and David Kotz. 2014. A wearable system that knows who wears it. In Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services. ACM, 55--67. Google ScholarDigital Library
Mark D. Corner and Brian D. Noble. 2002. Zero-interaction authentication. In Proceedings of the 8th Annual International Conference on Mobile Computing and Networking. ACM, 1--11. Google ScholarDigital Library
Mark D. Corner and Brian D. Noble. 2005. Protecting file systems with transient authentication. Wireless Netw. 11, 1--2 (2005), 7--19. Google ScholarDigital Library
Fanny Coudert, Denis Butin, and Daniel Le Métayer. 2015. Body-worn cameras for police accountability: Opportunities and risks. Comput. Law Security Rev. 31, 6 (2015), 749--762.Google ScholarCross Ref
Lawrence H. Cox. 1980. Suppression methodology and statistical disclosure control. J. Amer. Statist. Assoc. 75, 370 (1980), 377--385.Google ScholarCross Ref
Adrian Dabrowski, Edgar R. Weippl, and Isao Echizen. 2013. Framework based on privacy policy hiding for preventing unauthorized face image processing. In 2013 IEEE International Conference on Systems, Man, and Cybernetics (SMC’13). IEEE, 455--461. Google ScholarDigital Library
John Daugman. 2004. Iris recognition border-crossing system in the UAE. Int. Airport Rev. 8, 2 (2004).Google Scholar
Alexander De Luca, Marian Harbach, Emanuel von Zezschwitz, Max-Emanuel Maurer, Bernhard Ewald Slawik, Heinrich Hussmann, and Matthew Smith. 2014. Now you see me, now you don’t: Protecting smartphone authentication from shoulder surfers. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2937--2946. Google ScholarDigital Library
Dorothy E. Denning, Peter J. Denning, and Mayer D. Schwartz. 1979. The tracker: A threat to statistical database security. ACM Trans. Database Syst. (TODS) 4, 1 (1979), 76--96. Google ScholarDigital Library
Tamara Denning, Zakariya Dehlawi, and Tadayoshi Kohno. 2014. In situ with bystanders of augmented reality glasses: Perspectives on recording and privacy-mediating technologies. In Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems. ACM, 2377--2386. Google ScholarDigital Library
Mike DiGiovanni. 2013. GitHub -- kaze0/bulletproof. Retrieved from https://github.com/kaze0/bulletproof.Google Scholar
Frank A. Drews, Hina Yazdani, Celeste N. Godfrey, Joel M. Cooper, and David L. Strayer. 2009. Text messaging during simulated driving. Human Factors 51, 5 (2009), 762–770.Google ScholarCross Ref
Wenliang Du, Yunghsiang S. Han, and Shigang Chen. 2004. Privacy-preserving multivariate statistical analysis: Linear regression and classification. In Proceedings of the 2004 SIAM International Conference on Data Mining. SIAM, 222--233.Google ScholarCross Ref
Cynthia Dwork. 2006. Differential privacy. In Proceedings of the 33rd International Colloquium on Automata, Languages and Programming, part II (ICALP’06). Vol. 4052. 1--12. https://www.microsoft.com/en-us/research/publication/differential-privacy/. Google ScholarDigital Library
Karim Eldefrawy, Gene Tsudik, Aurélien Francillon, and Daniele Perito. 2012. SMART: Secure and minimal architecture for (Establishing Dynamic) root of trust. In NDSS, Vol. 12. 1--15.Google Scholar
Eurotech. 2013. Eurotech Group: Industrial computers and embedded boards for rugged system solutions - high performance computing. Retrieved from http://www.zypad.com/zypad/.Google Scholar
Alexandre Evfimievski and Tyrone Grandison. 2009. Privacy preserving data mining. IGI Global (2009), 1--8.Google Scholar
Bernardo Ferreira, Joao Rodrigues, Joao Leitao, and Henrique Domingos. 2015. Privacy-preserving content-based image retrieval in the cloud. In Proceedings of the 2015 IEEE 34th Symposium on Reliable Distributed Systems (SRDS’15). IEEE, 11--20. Google ScholarDigital Library
Aurélien Francillon, Quan Nguyen, Kasper B. Rasmussen, and Gene Tsudik. 2014. A minimalist approach to remote attestation. In Proceedings of the Conference on Design, Automation 8 Test in Europe. European Design and Automation Association, 244. Google ScholarDigital Library
Davrondzhon Gafurov, Patrick Bours, and Einar Snekkenes. 2011. User authentication based on foot motion. Signal Image Video Process. 5, 4 (2011), 457--467.Google ScholarCross Ref
Davrondzhon Gafurov, Kirsi Helkala, and Torkjel Søndrol. 2006. Biometric gait authentication using accelerometer sensor. J. Comput. 1, 7 (2006), 51--59.Google ScholarCross Ref
Davrondzhon Gafurov, Einar Snekkenes, and Patrick Bours. 2007. Gait authentication and identification using wearable accelerometer sensor. In Proceedings of the 2007 IEEE Workshop on Automatic Identification Advanced Technologies. IEEE, 220--225.Google ScholarCross Ref
Davrondzhon Gafurov, Einar Snekkenes, and Patrick Bours. 2007. Spoof attacks on gait authentication system. IEEE Trans. Inf. Forensics Security 2, 3 (2007), 491--502. Google ScholarDigital Library
Davrondzhon Gafurov and Einar Snekkkenes. 2008. Arm swing as a weak biometric for unobtrusive user authentication. In Proceedings of the International Conference on Intelligent Information Hiding and Multimedia Signal Processing, 2008 (IIHMSP’08). IEEE, 1080--1087. Google ScholarDigital Library
Christian Gehrmann, Chris J. Mitchell, and Kaisa Nyberg. 2004. Manual authentication for wireless devices. RSA Cryptobytes 7, 1 (2004), 29--37.Google Scholar
Wayne C. W. Giang, Liberty Hoekstra-Atwood, and Birsen Donmez. 2014. Driver engagement in notifications a comparison of visual-manual interaction between smartwatches and smartphones. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting, Vol. 58. Sage Publications, 2161--2165.Google Scholar
Wayne C. W. Giang, Inas Shanti, Huei-Yen Winnie Chen, Alex Zhou, and Birsen Donmez. 2015. Smartwatches vs. smartphones: A preliminary report of driver behavior and perceived risk while responding to notifications. In Proceedings of the 7th International Conference on Automotive User Interfaces and Interactive Vehicular Applications. ACM, 154--161. Google ScholarDigital Library
Michael T. Goodrich, Michael Sirivianos, John Solis, Gene Tsudik, and Ersin Uzun. 2006. Loud and clear: Human-verifiable authentication based on audio. In Proceedings of the 26th IEEE International Conference on Distributed Computing Systems (ICDCS’06). IEEE, 10--10. Google ScholarDigital Library
Google. 2016. Screen lock -- Google Glass Help. Retrieved from https://support.google.com/glass/answer/4389349?hl=en.Google Scholar
Marco Gruteser and Dirk Grunwald. 2004. A methodological assessment of location privacy risks in wireless hotspot networks. In Security in Pervasive Computing. Springer, 10--24.Google Scholar
Tzipora Halevi and Nitesh Saxena. 2012. A closer look at keyboard acoustic emanations: Random passwords, typing styles and decoding techniques. In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security. ACM, 89--90. Google ScholarDigital Library
Adam Harvey. 2010. CV Dazzle: Camouflage from Face Detection. Retrieved from https://cvdazzle.com/.Google Scholar
Jibo He, Alex Chaparro, B. Nguyen, Rondell J. Burge, Joseph Crandall, B. Chaparro, Rui Ni, and S. Cao. 2014. Texting while driving: Is speech-based text entry less risky than handheld text entry? Accident Anal. Prevent. 72 (2014), 287--295.Google ScholarCross Ref
Jibo He, Jake Ellis, William Choi, and Pingfeng Wang. 2015. Driving while reading using Google glass versus using a smart phone: Which is more distracting to driving performance? In Proceedings of the 8th International Driving Symposium on Human Factors in Driver Assessment, Training and Vehicle Design. 281--287.Google Scholar
Benjamin Henne, Christian Szongott, and Matthew Smith. 2013. SnapMe if you can: Privacy threats of other peoples’ geo-tagged media and what we can do about it. In Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, 95--106. Google ScholarDigital Library
Steve Hodges, Lyndsay Williams, Emma Berry, Shahram Izadi, James Srinivasan, Alex Butler, Gavin Smyth, Narinder Kapur, and Ken Wood. 2006. SenseCam: A retrospective memory aid. In Ubiquitous Computing (UbiComp’06). Springer, 177--193. Google ScholarDigital Library
Jaap-Henk Hoepman. 2004. The ephemeral pairing problem. In Financial Cryptography. Springer, 212--226.Google Scholar
Christian Holz and Marius Knaust. 2015. Biometric touch sensing: Seamlessly augmenting each touch with continuous authentication. In Proceedings of the 28th Annual ACM Symposium on User Interface Software 8 Technology. ACM, 303--312. Google ScholarDigital Library
Roberto Hoyle, Robert Templeman, Steven Armes, Denise Anthony, David Crandall, and Apu Kapadia. 2014. Privacy behaviors of lifeloggers using wearable cameras. In Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing. ACM, 571--582. Google ScholarDigital Library
Chao-Yung Hsu, Chun-Shien Lu, and Soo-Chang Pei. 2012. Image feature extraction in encrypted domain with privacy-preserving SIFT. IEEE Trans. Image Process. 21, 11 (2012), 4593--4607. Google ScholarDigital Library
O. Huhta, P. Shrestha, S. Udar, M. Juuti, N. Saxena, and N. Asokan. 2016. Pitfalls in designing zero-effort deauthentication: Opportunistic human observation attacks. The Network and Distributed System Security Symposium.Google Scholar
Yong Ho Hwang, Jae Woo Seo, and Il Joo Kim. 2014. Encrypted keyword search mechanism based on bitmap index for personal storage services. In Proceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom’14). IEEE, 140--147. Google ScholarDigital Library
Shubham Jain, Carlo Borgiattino, Yanzhi Ren, Marco Gruteser, Yingying Chen, and Carla Fabiana Chiasserini. 2015. Lookup: Enabling pedestrian safety services via shoe sensing. In Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services. ACM, 257--271. Google ScholarDigital Library
Markus Jakobsson and Susanne Wetzel. 2001. Security weaknesses in bluetooth. In Topics in Cryptology (CT-RSA’01). Springer, 176--191. Google ScholarDigital Library
Benjamin Johnson, Thomas Maillart, and John Chuang. 2014. My thoughts are not your thoughts. In Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication. ACM, 1329--1338. Google ScholarDigital Library
Ari Juels. 2006. RFID security and privacy: A research survey. IEEE J. Selected Areas Commun. 24, 2 (2006), 381--394. Google ScholarDigital Library
Nikolaos Karapanos, Claudio Marforio, Claudio Soriente, and Srdjan Capkun. 2015. Sound-proof: Usable two-factor authentication based on ambient sound. In Proceedings of the 24th USENIX Security Symposium (USENIX Security’15). 483--498. Google ScholarDigital Library
Rick Kennell and Leah H. Jamieson. 2003. Establishing the genuinity of remote computer systems. In USENIX Security. 21. Google ScholarDigital Library
Rasib Khan, Ragib Hasan, and Jinfang Xu. 2015. SEPIA: Secure-PIN-authentication-as-a-service for ATM using mobile and wearable devices. In Proceedings of the 2015 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud’15). IEEE, 41--50. Google ScholarDigital Library
Daniel V. Klein. 1990. Foiling the cracker: A survey of, and improvements to, password security. In Proceedings of the 2nd USENIX Security Workshop. 5--14.Google Scholar
Patrick Koeberl, Steffen Schulz, Ahmad-Reza Sadeghi, and Vijay Varadharajan. 2014. TrustLite: A security architecture for tiny embedded devices. In Proceedings of the 9th European Conference on Computer Systems. ACM, 10. Google ScholarDigital Library
Tadayoshi Kohno, Joel Kollin, David Molnar, and Franziska Roesner. 2015. Display Leakage and Transparent Wearable Displays: Investigation of Risk, Root Causes, and Defenses. Technical Report MSR-TR-2015-18. Retrieved from http://research.microsoft.com/apps/pubs/default.aspx?id=240860.Google Scholar
Joonho Kong, Farinaz Koushanfar, Praveen K. Pendyala, Ahmad-Reza Sadeghi, and Christian Wachsmann. 2014. PUFatt: Embedded platform attestation based on novel processor-based PUFs. In Proceedings of the 51st Annual Design Automation Conference. ACM, 1--6. Google ScholarDigital Library
Mohammed Korayem, Robert Templeman, Dennis Chen, David Crandall, and Apu Kapadia. 2014. Screenavoider: Protecting computer screens from ubiquitous cameras. arXiv preprint arXiv:1412.0008 (2014).Google Scholar
Xeno Kovah, Corey Kallenberg, Chris Weathers, Amy Herzog, Matthew Albin, and John Butterworth. 2012. New results for timing-based attestation. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP’12). IEEE, 239--253. Google ScholarDigital Library
Katharina Krombholz, Adrian Dabrowski, Matthew Smith, and Edgar Weippl. 2015. Ok glass, leave me alone: Towards a systematization of privacy enhancing technologies for wearable computing. In Financial Cryptography and Data Security. Springer, 274--280.Google Scholar
Gierad Laput, Chouchang Yang, Robert Xiao, Alanson Sample, and Chris Harrison. 2015. Em-sense: Touch recognition of uninstrumented, electrical and electromechanical objects. In Proceedings of the 28th Annual ACM Symposium on User Interface Software 8 Technology. ACM, 157--166. Google ScholarDigital Library
Jeong Jun Lee, Seungin Noh, Kang Ryoung Park, and Jaihie Kim. 2004. Iris recognition in wearable computer. In Biometric Authentication. Springer, 475--483.Google Scholar
Linda Lee, Serge Egelman, Joong Hwa Lee, and David Wagner. 2015. Risk perceptions for wearable devices. arXiv preprint arXiv:1504.05694 (2015).Google Scholar
Gang Li, Boon-Leng Lee, and Wan-Young Chung. 2015. Smartwatch-based wearable EEG system for driver drowsiness detection. IEEE Sensors J. 15, 12 (2015), 7169--7180.Google ScholarCross Ref
Mengyuan Li, Yan Meng, Junyi Liu, Haojin Zhu, Xiaohui Liang, Yao Liu, and Na Ruan. 2016. When CSI meets public WiFi: Inferring your mobile phone password via WiFi signals. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1068--1079. Google ScholarDigital Library
Sugang Li, Ashwin Ashok, Yanyong Zhang, Chenren Xu, Janne Lindqvist, and Macro Gruteser. 2016. Whose move is it anyway? Authenticating smart wearable devices using unique head movement patterns. In Proceedings of the 2016 IEEE International Conference on Pervasive Computing and Communications (PerCom’16). IEEE, 1--9.Google ScholarCross Ref
Yanlin Li, Jonathan M. McCune, and Adrian Perrig. 2011. VIPER: Verifying the integrity of PERipherals’ firmware. In Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM, 3--16. Google ScholarDigital Library
Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, and Kehuan Zhang. 2015. When good becomes evil: Keystroke inference with smartwatch. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 1273--1285. Google ScholarDigital Library
Wenjun Lu, Avinash L. Varna, Ashwin Swaminathan, and Min Wu. 2009. Secure image retrieval through feature protection. In Proceedings of the IEEE International Conference on Acoustics, Speech and Signal Processing, 2009 (ICASSP’09). IEEE, 1533--1536. Google ScholarDigital Library
Anindya Maiti, Murtuza Jadliwala, Jibo He, and Igor Bilogrevic. 2015. (Smart) watch your taps: Side-channel keystroke inference attacks using smartwatches. In Proceedings of the 2015 ACM International Symposium on Wearable Computers. ACM, 27--30. Google ScholarDigital Library
Sebastien Marcel and José R. Del Millan. 2007. Person authentication using brainwaves (EEG) and maximum a posteriori model adaptation. IEEE Trans. Pattern Anal. Mach. Intell. 29, 4 (2007), 743--752. Google ScholarDigital Library
Shrirang Mare, Andres Molina Markham, Cory Cornelius, Ronald Peterson, and David Kotz. 2014. Zebra: Zero-effort bilateral recurring authentication. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP’14). IEEE, 705--720. Google ScholarDigital Library
Ivan Martinovic, Doug Davies, Mario Frank, Daniele Perito, Tomas Ros, and Dawn Song. 2012. On the feasibility of side-channel attacks with brain-computer interfaces. In Proceedings of the USENIX Security Symposium. 143--158. Google ScholarDigital Library
Nobuyuki Matsushita, Shigeru Tajima, Yuji Ayatsuka, and Jun Rekimoto. 2000. Wearable key: Device for personalizing nearby environment. In Proceedings of the 4th International Symposium on Wearable Computers. IEEE, 119--126. Google ScholarDigital Library
Belden Menkus. 1988. Understanding the use of passwords. Comput. Security 7, 2 (1988), 132--136. Google ScholarDigital Library
Alex Migicovsky, Zakir Durumeric, Jeff Ringenberg, and J. Alex Halderman. 2014. Outsmarting proctors with smartwatches: A case study on wearable computing security. In Financial Cryptography and Data Security. Springer, 89--96.Google Scholar
Emiliano Miluzzo, Alexander Varshavsky, Suhrid Balakrishnan, and Romit Roy Choudhury. 2012. Tapprints: Your finger taps have fingerprints. In Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. ACM, 323--336. Google ScholarDigital Library
Long Hoang Nguyen and Andrew William Roscoe. 2011. Authentication protocols based on low-bandwidth unspoofable channels: A comparative survey. J. Comput. Security 19, 1 (2011), 139--201. Google ScholarDigital Library
Nymi. 2014. Nymi | Convenient Authentication Anywhere. Retrieved from https://nymi.com/.Google Scholar
Sampo Ojala, Jari Keinanen, and Jorma Skytta. 2008. Wearable authentication device for transparent login in nomadic applications environment. In Proceedings of the 2nd International Conference on Signals, Circuits and Systems, 2008 (SCS’08). IEEE, 1--6.Google ScholarCross Ref
Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig, and Joy Zhang. 2012. ACCessory: Password inference using accelerometers on smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems 8 Applications. ACM, 9. Google ScholarDigital Library
Ramaswamy Palaniappan. 2006. Electroencephalogram signals from imagined activities: A novel biometric identifier for a small population. In Intelligent Data Engineering and Automated Learning (IDEAL’06). Springer, 604--611. Google ScholarDigital Library
Ramaswamy Palaniappan. 2008. Two-stage biometric authentication method using thought activity brain waves. Int. J. Neural Syst. 18, 01 (2008), 59--66.Google ScholarCross Ref
Frank Pallas, Max-Robert Ulbricht, Lorena Jaume-Palasí, and Ulrike Höppner. 2014. Offlinetags: A novel privacy approach to online photo sharing. In CHI’14 Extended Abstracts on Human Factors in Computing Systems. ACM, 2179--2184. Google ScholarDigital Library
Bryan Parno, Jonathan M. McCune, and Adrian Perrig. 2010. Bootstrapping trust in commodity computers. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (SP’10). IEEE, 414--429. Google ScholarDigital Library
Shwetak N. Patel, Jay W. Summet, and Khai N. Truong. 2009. Blindspot: Creating capture-resistant spaces. In Protecting Privacy in Video Surveillance. Springer, 185--201.Google Scholar
Greig Paul and James Irvine. 2014. Privacy implications of wearable health devices. In Proceedings of the 7th International Conference on Security of Information and Networks. ACM, 117. Google ScholarDigital Library
Raluca Ada Popa, Catherine Redfield, Nickolai Zeldovich, and Hari Balakrishnan. 2011. CryptDB: Protecting confidentiality with encrypted query processing. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. ACM, 85--100. Google ScholarDigital Library
Raluca Ada Popa, Emily Stark, Steven Valdez, Jonas Helfer, Nickolai Zeldovich, and Hari Balakrishnan. 2014. Building web applications on top of encrypted data using Mylar. In NSDI. 157--172. Google ScholarDigital Library
M. Poulos, M. Rangoussi, N. Alexandris, A. Evangelou, and others. 2002. Person identification from the EEG using nonlinear signal classification. Methods Inf. Med. 41, 1 (2002), 64--75.Google ScholarCross Ref
Mahmudur Rahman, Bogdan Carbunar, and Madhusudan Banik. 2013. Fit and vulnerable: Attacks and defenses for a health monitoring device. arXiv preprint arXiv:1304.5672 (2013).Google Scholar
Nisarg Raval, Animesh Srivastava, Ali Razeen, Kiron Lebeck, Ashwin Machanavajjhala, and Landon P. Cox. 2016. What you mark is what apps see. In Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (Mobisys’16). Google ScholarDigital Library
Mehran Roshandel, Aarti Munjal, Peyman Moghadam, Shahin Tajik, and Hamed Ketabdar. 2014. Multi-sensor finger ring for authentication based on 3d signatures. In Proceedings of the International Conference on Human-Computer Interaction. Springer, 131--138.Google ScholarCross Ref
Volker Roth, Kai Richter, and Rene Freidinger. 2004. A PIN-entry method resilient against shoulder surfing. In Proceedings of the 11th ACM Conference on Computer and Communications Security. ACM, 236--245. Google ScholarDigital Library
Volker Roth, Philipp Schmidt, and Benjamin Güldenring. 2010. The IR ring: Authenticating users’ touches on a multi-touch display. In Proceedings of the 23nd Annual ACM Symposium on User Interface Software and Technology. ACM, 259--262. Google ScholarDigital Library
Virginia Ruiz-Albacete, Pedro Tome-Gonzalez, Fernando Alonso-Fernandez, Javier Galbally, Julian Fierrez, and Javier Ortega-Garcia. 2008. Direct attacks using fake images in iris verification. In Proceedings of the European Workshop on Biometrics and Identity Management. Springer, 181--190. Google ScholarDigital Library
Young Sam Ryu, Do Hyong Koh, Brad L. Aday, Xavier A. Gutierrez, and John D. Platt. 2010. Usability evaluation of randomized keypad. J. Usabil. Stud. 5, 2 (2010), 65--75. Google ScholarDigital Library
Hasan Sajid and Sen-ching S. Cheung. 2015. VSig: Hand-gestured signature recognition and authentication with wearable camera. In Proceedings of the 2015 IEEE International Workshop on Information Forensics and Security (WIFS’15). IEEE, 1--6.Google Scholar
Munehiko Sato, Ivan Poupyrev, and Chris Harrison. 2012. Touché: Enhancing touch interaction on humans, screens, liquids, and everyday objects. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 483--492. Google ScholarDigital Library
Ben D. Sawyer, Victor S. Finomore, Andres A. Calvo, and Peter A. Hancock. 2014. Google glass a driver distraction cause or cure? Human Factors 56, 7 (2014), 1307–1321.Google ScholarCross Ref
Jeremy Schiff, Marci Meingast, Deirdre K. Mulligan, Shankar Sastry, and Ken Goldberg. 2009. Respectful cameras: Detecting visual markers in real-time to address privacy concerns. In Protecting Privacy in Video Surveillance. Springer, 65--89.Google Scholar
Roman Schlegel, Kehuan Zhang, Xiao-yong Zhou, Mehool Intwala, Apu Kapadia, and XiaoFeng Wang. 2011. Soundcomber: A stealthy and context-aware sound trojan for smartphones. In NDSS, Vol. 11. 17--33.Google Scholar
Stefan Schneegass, Youssef Oualil, and Andreas Bulling. 2016. SkullConduct: Biometric user identification on eyewear computers using bone conduction through the skull. In Proceedings of the 34th ACM SIGCHI Conference on Human Factors in Computing Systems (CHI’16) (2016-01-01). IEEE. Google ScholarDigital Library
Steffen Schulz, Ahmad-Reza Sadeghi, and Christian Wachsmann. 2011. Short paper: Lightweight remote attestation using physical functions. In Proceedings of the 4th ACM Conference on Wireless Network Security. ACM, 109--114. Google ScholarDigital Library
Arvind Seshadri, Adrian Perrig, Leendert Van Doorn, and Pradeep Khosla. 2004. SWATT: Software-based attestation for embedded devices. In Proceedings of the 2004 IEEE Symposium on Security and Privacy. IEEE, 272--282.Google ScholarCross Ref
Hossein Shafagh, Anwar Hithnawi, Andreas Dröscher, Simon Duquennoy, and Wen Hu. 2015. Talos: Encrypted query processing for the internet of things. In Proceedings of the 13th ACM Conference on Embedded Networked Sensor Systems. ACM, 197--210. Google ScholarDigital Library
Yiran Shen, Chengwen Luo, Weitao Xu, and Wen Hu. 2015. Poster: An online approach for gait recognition on smart glasses. In Proceedings of the 13th ACM Conference on Embedded Networked Sensor Systems. ACM, 389--390. Google ScholarDigital Library
Kohei Shiraga, Ngo Thanh Trung, Ikuhisa Mitsugami, Yasuhiro Mukaigawa, and Yasushi Yagi. 2012. Gait-based person authentication by wearable cameras. In Proceedings of the 2012 9th International Conference on Networked Sensing Systems (INSS’12). IEEE, 1--7.Google ScholarCross Ref
Jiayu Shu, Rui Zheng, and Pan Hui. 2016. Cardea: Context-aware visual privacy protection from pervasive cameras. arXiv preprint arXiv:1610.00889 (2016).Google Scholar
Diksha Shukla, Rajesh Kumar, Abdul Serwadda, and Vir V. Phoha. 2014. Beware, your hands reveal your secrets&excl; In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 904--917. Google ScholarDigital Library
Dawn Xiaoding Song, David Wagner, and Adrian Perrig. 2000. Practical techniques for searches on encrypted data. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, 2000 (S&P’’’00). IEEE, 44--55. Google ScholarDigital Library
Yihang Song, Madhur Kukreti, Rahul Rawat, and Urs Hengartner. 2014. Two novel defenses against motion-based keystroke inference attacks. arXiv preprint arXiv:1410.7746 (2014).Google Scholar
Da-Zhi Sun, Jin-Peng Huai, Ji-Zhou Sun, Jia-Wan Zhang, and Zhi-Yong Feng. 2008. A new design of wearable token system for mobile device security. IEEE Trans. Consumer Electron. 54, 4 (2008), 1784--1789. Google ScholarDigital Library
Robert Templeman, Mohammed Korayem, David J. Crandall, and Apu Kapadia. 2014. PlaceAvoider: Steering first-person cameras away from sensitive spaces. In NDSS.Google Scholar
Robert Templeman, Zahid Rahman, David Crandall, and Apu Kapadia. 2012. PlaceRaider: Virtual theft in physical spaces with smartphones. arXiv preprint arXiv:1209.5982 (2012).Google Scholar
Julie Thorpe, Paul C. van Oorschot, and Anil Somayaji. 2005. Pass-thoughts: Authenticating with our minds. In Proceedings of the 2005 Workshop on New Security Paradigms. ACM, 45--56. Google ScholarDigital Library
Jaideep Vaidya, Murat Kantarcıoğlu, and Chris Clifton. 2008. Privacy-preserving naive bayes classification. VLDB J. 17, 4 (2008), 879--898. Google ScholarDigital Library
Wouter Van Vlaenderen, Jens Brulmans, Jo Vermeulen, and Johannes Schöning. 2015. Watchme: A novel input method combining a smartwatch and bimanual interaction. In Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems. ACM, 2091--2095. Google ScholarDigital Library
Serge Vaudenay. 2005. Secure communications over insecure channels based on short authenticated strings. In Advances in Cryptology (CRYPTO’05). Springer, 309--326. Google ScholarDigital Library
He Wang, Ted Tsung-Te Lai, and Romit Roy Choudhury. 2015. MoLe: Motion leaks through smartwatch sensors. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking. ACM, 155--166. Google ScholarDigital Library
Tianzi Wang, Zheng Song, Jian Ma, Yongping Xiong, and Yun Jie. 2013. An anti-fake iris authentication mechanism for smart glasses. In Proceedings of the 2013 3rd International Conference on Consumer Electronics, Communications and Networks (CECNet’13). IEEE, 84--87.Google ScholarCross Ref
Brandy Warwick, Nicholas Symons, Xiao Chen, and Kaiqi Xiong. 2015. Detecting driver drowsiness using wireless wearables. In Proceedings of the 2015 IEEE 12th International Conference on Mobile Ad Hoc and Sensor Systems (MASS’15). IEEE, 585--588. Google ScholarDigital Library
Christian Winkler, Jan Gugenheimer, Alexander De Luca, Gabriel Haas, Philipp Speidel, David Dobbelstein, and Enrico Rukzio. 2015. Glass unlock: Enhancing security of smartphone unlocking through leveraging a private near-eye display. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, CHI, Vol. 15. 1407--1410. Google ScholarDigital Library
Rebecca Wright and Zhiqiang Yang. 2004. Privacy-preserving Bayesian network structure computation on distributed heterogeneous data. In Proceedings of the 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 713--718. Google ScholarDigital Library
Muchen Wu, Parth H. Pathak, and Prasant Mohapatra. 2015. Enabling privacy-preserving first-person cameras using low-power sensors. In Proceedings of the 2015 12th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON’15). IEEE, 444--452.Google ScholarDigital Library
Zhihua Xia, Yi Zhu, Xingming Sun, Zhan Qin, and Kui Ren. 2015. Towards privacy-preserving content-based image retrieval in cloud computing. IEEE Trans. Cloud Comput. (2015).Google Scholar
Zhi Xu, Kun Bai, and Sencun Zhu. 2012. Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, 113--124. Google ScholarDigital Library
Dhruv Kumar Yadav, Beatrice Ionascu, Sai Vamsi Krishna Ongole, Aditi Roy, and Nasir Memon. 2015. Design and analysis of shoulder surfing resistant PIN based authentication mechanisms on Google glass. In Financial Cryptography and Data Security. Springer, 281--297.Google Scholar
Takayuki Yamada, Seiichi Gohshi, and Isao Echizen. 2013. Privacy visor: Method for preventing face image detection by using differences in human and device sensitivity. In Communications and Multimedia Security. Springer, 152--161.Google Scholar
Junshuang Yang, Yanyan Li, and Mengjun Xie. 2015. MotionAuth: Motion-based authentication for wrist worn smart devices. In Proceedings of the 2015 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops’15). IEEE, 550--555.Google ScholarCross Ref
Zhiqiang Yang, Sheng Zhong, and Rebecca N. Wright. 2005. Privacy-preserving classification of customer data without loss of accuracy. In Proceedings of the 2005 SIAM International Conference on Data Mining. SIAM, 92--102.Google Scholar
Qinggang Yue, Zhen Ling, Xinwen Fu, Benyuan Liu, Wei Yu, and Wei Zhao. 2014. My Google glass sees your passwords&excl; In Black Hat USA 2014 White Paper.Google Scholar
Roberto Yus, Primal Pappachan, Prajit Kumar Das, Eduardo Mena, Anupam Joshi, and Tim Finin. 2014. FaceBlock: Privacy-aware pictures for google glass. In Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys’14), Vol. 14. 1. Google ScholarDigital Library
Wei Zhou and Selwyn Piramuthu. 2014. Security/privacy of wearable fitness tracking IoT devices. In Proceedings of the 2014 9th Iberian Conference on Information Systems and Technologies (CISTI’14). IEEE, 1--5.Google ScholarCross Ref
Li Zhuang, Feng Zhou, and J. Doug Tygar. 2009. Keyboard acoustic emanations revisited. ACM Trans. Inf. Syst. Security (TISSEC) 13, 1 (2009), 3. Google ScholarDigital Library

Index Terms

An Offensive and Defensive Exposition of Wearable Computing
1. General and reference
  1. Document types
    1. Surveys and overviews
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections
  2. Security services
    1. Authentication
    2. Privacy-preserving protocols

Recommendations

Wearable Sensing Framework for Human Activity Monitoring
WearSys '15: Proceedings of the 2015 workshop on Wearable Systems and Applications

Wearable computation is getting integrated into our daily life day by day. In this work, we propose a generic framework to continuously monitor users' daily activities. The framework proposes light computation tasks on the wearable device to reduce the ...
Read More
Challenges and Opportunities in Wearable Systems
WearSys '17: Proceedings of the 2017 Workshop on Wearable Systems and Applications

Wearable systems offer great promise in application domains as varied as healthcare, eldercare, augmented work, education, athletics, entertainment, parenting, travel, and personal productivity. In this keynote lecture I outline some of these ...
Read More
Exploring the overlap between wearable computing and disability discrimination law
British HCI '15: Proceedings of the 2015 British HCI Conference

Typically, Wearable Computing has raised a wide range of negative legal concerns, ranging from complaints about its potential misuse by car drivers, onto concerns around privacy, confidentiality, and copyright. The result has been that Wearable ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 50, Issue 6
November 2018
752 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3161158
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering / University of Florida / Gainesville, FL
Issue’s Table of Contents
Copyright © 2017 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 November 2017
- Revised: 1 August 2017
- Accepted: 1 August 2017
- Received: 1 March 2017
Published in csur Volume 50, Issue 6

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Wearable computing
security requirements
side-channel analysis and countermeasures
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 28
  Total Citations
  View Citations
- 1,284
  Total Downloads
- Downloads (Last 12 months)86
- Downloads (Last 6 weeks)12
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

An Offensive and Defensive Exposition of Wearable Computing

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Wearable Sensing Framework for Human Activity Monitoring

Challenges and Opportunities in Wearable Systems

Exploring the overlap between wearable computing and disability discrimination law