Making It Trustable: Acoustic-Based Signcryption Mutual Authentication for Multiwearable Devices

Abstract

We address the problem of authentication and secure communication between wearable devices. As people rely heavily on such mobile and wearable devices, the need for seamless and secure communication across these spectra of devices becomes increasingly important. In order to provide secure communication, mutually trusted authentication becomes the first line of protection to guard our personal information. We propose an acoustic-based signcryption mutual authentication (ASMA), which is a key-agreement protocol by employing timestamp and owning functions of multiple-times identity authentication, password change, and devices addition and alteration. Through series of experiments verifying the reliability and accuracy, the protocol shows that it can ensure secure data transmission and data sharing for multiwearable devices.

1. Introduction

With the popularization of Wi-Fi and Internet connection, multiwearable devices and other intelligent terminals are wildly used in our daily life as a part of the Internet of Things (IoT) [1]. Glasses and wrist watches are no longer simply what they used to be. They are now more intelligent and are able to track your eyeball, identify your voice, and even record your heart rate and breathing rate. These devices become someone who knows you best.

As digital device usage becomes more widespread in various domains [2], such as education, management information systems, and healthcare [3, 4], Internet security is becoming an increasingly important issue. Any unreliable connections can cause the leaking of important personal information stored in digital devices. But what can be done to handle this problem? The answer is authentication.

What is authentication? Authentication is the process of determining whether someone or something is. In fact, who or what it is declared to be. In traditional authentication, the identity usually belongs to a person, but, in digital authentication, it belongs to a device, which is the main difference between the traditional and the digital ones. In private and public computer networks (including the Internet), it is hard for our machines to tell whether the physical identity corresponds to the digital one. For this reason, a stringent authentication process is needed. The purpose is to provide secure communication between the desired devices. It also helps to break the barriers that a mobile could only communicate with the wearable devices of the same company.

This paper aims to propose an acoustic-based signcryption mutual authentication (ASMA) scheme for wearable devices and movable terminals. Figure 1 shows the authentication scheme. It is about a key agreement protocol by employing timestamp and signcryption which owns functions of multiple-times identity authentication, password change, and devices addition and alteration. The scheme belongs to noncontact biometrics authentication which is different from 2D barcodes-based [5] and some other visual-channel-based [6] authentication. Meanwhile, as a wireless communication technology with short range and low power consumption, it is also different from Bluetooth or NFC (near-field communication) [7] technology which requires users to spend extra cost on inbuilt NFC chip or external NFC tags. With the support of cell phone, earphone, and other cheap wearable devices, the protocol can effectively resist the MITM (man-in-the-middle) attack [8], replay attack [9], and nonsynchronous attack [10].

Figure 1

Acoustic-based mutual signcryption authentication for multiwearable devices.

Apart from the ASMA scheme for wearable devices and movable devices, an agreed-upon shared key is generated which can be applied in the mass data transferring like long strings, text files, and video streams. With the help of shared key, we can achieve data delivering via Bluetooth address and data sharing among the wearable devices and moveable devices in a secure condition.

The main contributions of this paper are summarized as follows. (i)

This paper proposes an ASMA scheme, supporting authentication and secure communication between multiple wearable devices. In this scheme, an agreed-upon key agreement protocol is created by signcryption, employing timestamp for mutual authentication and data transmission.

(ii)

This paper further presents the architecture, design, and security analysis of ASMA. It shows that ASMA will automatically complete certification in less than 10 seconds, significantly reduce cost, and increase efficiency.

(iii)

The proposal is also achieved and verified in practice and a positive feedback is received. People could make the mutual authentication and transmit data about their health, bodily functions, text messages, schedules, and videos between their multiwearable devices.

The rest of this paper is organized as follows. The related works are given in Section 2. System design and problem statement are given in Section 3. The authentication protocol is described in Section 4. Security analysis is performed in Section 5. The implementation is demonstrated in Section 6. Finally, the conclusions are presented in Section 7.

2. Related Works

How to authenticate devices’ identities is a long time issue. Two main problems should be solved to make two mutually distrusted devices establish key agreement to achieve identity authentication and provide secure communication. (i)

What kind of contact channel can transmit authentication information?

(ii)

Which method or protocol can ensure the security of contact channel?

2.1. Contact Channel

To solve the first problem, Stajano and Anderson introduced a “resurrecting duckling” model [11]. They use secret data exchanged over a contact channel (usually a physical contact) to bootstrap a particular authentication and key exchange protocol. Such an exchange directly captures the user's intention that the user wants to communicate with that device. To some extent, QR (quick response) code, which is widely used currently, is based on this model. QR code is a readable bar code which uses black and white rectangular patterns to signify binary data. They can be preconfigured and printed on labels that are attached to devices, or they can be generated on demand and shown on a screen. A device with Internet access and cameras can complete the whole authentication steps. However, its disadvantage is that a user must visually identify the desired device. And it also brings problems when users read the wrong QR code or in the areas without network signal.

Compared with QR code, NFC [12] and the Bluetooth have some advantages. NFC has characteristics of high reliability and its authentication method is very simple, which is evolved from RFID (radio-frequency identification) [13]. NFC is suitable to exchange important data such as financial information and personal information, while the Bluetooth is more suitable for a longer distance data communication. Hence NFC and the Bluetooth can complement each other. However, these two techniques have a disadvantage: they are dependent on inbuilt chips.

As mentioned above, we adopt acoustic wave contact channel to make identity authentication, which can avoid both component redundancy and dependence on Internet access.

2.2. Protocol

The second problem is mainly solved by encryption systems and digital-signature techniques.

In encryption systems, public-key cryptography (PKC) is a significant technique to ensure the security of network and information. Traditional PKC requires certification authority (CA) to issue certificate to bind users’ identity and public key, which brings about problem with certificate management. However, it is solved by Shamir's public-key scheme based on identity [14], which was introduced in 1984. This scheme set users’ identity such as name, student number, and ID number as the public key. However, it needs an authentic private-key generation center (KGC), which brings about problem with private-key escrow. To solve the problems of certificate management and private-key escrow, Al-Riyami, and so forth, first put forward certificateless public-key cryptography scheme [15], which can make users’ public key authenticated without certificate and only make a part of users’ private key known to KGC.

As to digital-signature techniques, Diffie and Hellman initially proposed the digital-signature method [16] in 1976. Then other scholars have developed the well-known methods such as RSA, ElGamal, and DSS. To meet the demand, more digital signatures are developed, such as group signatures, ring signatures, proxy signatures, threshold signatures, and signcryption [17–20].

In practical application, users often need to implement signature and encryption at the same time. To achieve this purpose, firstly we sign the information and then encrypt the signature. In 1998, Zheng and Imai [21] introduced a new password scheme, signcryption, which combines digital-signature and public-key encryption into one process. It led to a new signcryption scheme based on identity which has been further developed by the later scholars [22–26]. Barbosa and Farshim [27] first initially proposed the signcryption concept based on certificateless public-key cryptography. In recent years, some improved certificateless digital signcryption schemes have been put forward.

Along with the development of signcryption theory, signcryption is extensively adopted to achieve security efficiently in areas such as e-payment, ad hoc network, ATM network, and VoIP network. As a result, key-agreement protocol on the basis of signcryption technology was instantly introduced. Based on the point of Kim and Youm onwards, we have achieved the key-agreement protocol [28] on the basis of timestamp and signcryption technologies to guarantee the trusted authentication and security between devices.

Apart from that, our scheme requires wearable devices and mobile devices to authenticate at the beginning and end of data transmission, respectively, to ensure its security. When false identity is detected, the system will destroy the data ciphertext immediately. Additionally, the scheme also provides the mechanisms for password change and multiple devices addition as well as their alteration, which increases convenience.

3. System Design and Problem Statement

In this paper, we consider the problem of authentication between mutually distrusted devices. We assume that there is a many-to-many relationship among US (user), MT (mobile terminal), and WD (wearable device), and their pairings are random. That is, one MT or WD can be paired with several mutually trusted MTs or WDs at the same time. Many MTs and WDs can be found around US when we use them, which could lead to their mutual distrust and cause confusion. In this environment, the identity and trust authentication as well as data transmission between MT and WD can be realized via the key agreement.

Usually, an authentication process has three entities: MT, WD (it can also be replaced by other devices such as sensors and actuators), and US (with the ownership of MT and WD). We also assume that both MT and WD, equipped with Bluetooth, acoustic wave transmitter, and absorber, can process encryption/decryption algorithms.

The first subproblem of this paper is to choose a contact channel, which should be costless and convenient.

The second subproblem of this paper is to find a protocol to adapt to the channel we choose, which will complete the authentication part and generate an agreed-upon shared key for the following data transmission.

Based on these two problems, we propose a new acoustic-based authentication, which consists of three parts: authentication protocol, data transmission, and additional function.

4. Proposed Protocol

We have started the research project to create an innovative ASMA system according to the two key problems. This section provides detail of system functions, design, and architectures.

Our system consists of three parts: authentication protocol, data transmission, and additional function. In the protocol, we will use acoustic channel to obtain session key, which is of great importance in the following data transmission. The additional function contains device addition, device alteration, and change of password. For a better understanding, Figure 2 displays an overview of this scheme.

Figure 2

Mutual authentication infrastructure.

The authentication protocol is presented in Figure 2.

4.1. Definitions

Here are the definitions of symbols used in our protocol shown in definitions of symbols used in our protocol section.

4.2. Authentication Protocol

Step 1.

Setup (i)

Enc is a deterministic encryption algorithm, which takes data m of any length and a shared key K of some predetermined length as input and outputs an encryption $C = E n c_{K} (m)$ of that data.

(ii)

Dec is a deterministic decryption algorithm, which takes a ciphertext C of any length and a shared key K of some predetermined length as input and outputs either data $m = D e c_{K} (C)$ or the error symbol ⊥.

(iii)

US sets the $8$ -bit initial password $P W_{m t}$ and $P W_{w d}$ in MT and WD.

(iv)

Compute: MT and WD generate key $K_{m t} \leftarrow (P W_{m t}, I D_{m t})$ , $K_{w d} \leftarrow (P W_{w d}, I D_{w d})$ .

(v)

If MT and WD are pairing for the first time, the device must be initialized at first. After the mutual authentication, US, MT, and WD are mutually trusted devices. MT and WD can transmit data under the successful connection and authentication. Once the connection is interrupted or abnormal, go to Step 3.

Step 2.

Communication Preparation

Because the factory settings of CB in MT and WD are the same, MT encrypts the CB in $I D_{m t}$ and $I D_{w d}$ and receives $S B_{m t}$ and WD encrypts the CB in $I D_{w d}$ and $I D_{m t}$ and receives $S B_{w d}$ . This step ensures that the only $S B_{m t}$ and $S B_{w d}$ can mutually identify and communicate. (i)

MT and WD compute $E n c_{k_{m t}} (I D_{m t})$ and $E n c_{k_{w d}} (I D_{w d})$ and generate $S W_{m t}$ and $S W_{w d}$ , which are stored in the memory and used for device pairing and authentication. During the process of communication, they do not need to be computed again, thus saving the time for reaching address.

(ii)

When MT makes a request to WD for connection and authentication, WD sent $S W_{w d}$ to MT. After encrypting $D e c_{k_{m t}} (S W_{w d})$ , MT receives identity $I D_{w d}$ . If abnormal, return ⊥. Otherwise, MT computes $S B_{m t} \leftarrow E n c_{k_{m t}} (I D_{m t}, I D_{w d}, C B)$ and generates $S B_{m t}$ . MT and WD communicate by $S B_{m t}$ . If acoustic waves sent by MT and WD are not coordinating with $S B_{m t}$ , the session terminates.

(iii)

MT sent $S W_{m t}$ to WD. After decrypting $D e c_{k_{w d}} (S W_{m t})$ , WD receives identity $I D_{m t}$ . If abnormal, return ⊥. Otherwise, compute $S B_{w d} \leftarrow E n c_{k_{w d}} (I D_{w d}, I D_{m t}, C B)$ and generate $S B_{w d}$ . WD and MT communicate by $S B_{w d}$ . If acoustic waves transmitted by WD and MT are not coordinating with of $S B_{w d}$ , the session terminates.

(iv)

For multiple pairs of trust devices, different pairs generate different SB, which is the foundation of mutual authentication communication.

(v)

When US wants to use MT or WD, $T S_{m t}$ or $T S_{w d}$ begins timing, and US must input the correct password of MT and WD. Otherwise, if US inputs wrong password more than many times (US can set) in valid time, output “password error,” delete $S W_{w d}$ and $S B_{w d}$ , and end the current session.

(vi)

For a better understanding, the workflow of encoding and decoding is shown in Figure 3.

Figure 3

Encoding and decoding for acoustic waves.

Step 3.

Mutual Authentication

MT and WD are mutually trusted devices which own timestamp-based key-agreement protocol that can generate the shared key $K_{m t w d}$ to transmit messages. (1)

The scheme of MT is as follows.

(i)

Choose a 32-bit element k randomly, $k \in R [1, \dots, q - 1]$ .

(ii)

Compute

$(k_{1}, k_{2}) \leftarrow {h a s h}_{1} (p k_{w d}^{k})$ ,

$c \leftarrow {h a s h}_{2} (I D_{m t}, I D_{w d}, k_{1}) \times g^{k}$ ,

$r \leftarrow {h a s h}_{3} (k_{2}, c), s \leftarrow k / (r + s k_{m t})$ ,

$t \leftarrow E n c_{p k_{w d}} (I D_{m t}, I D_{w d}, T S_{m t})$ .

(iii)

MT transmits the data $(c, r, s, t)$ to WD by acoustic waves.

(2)

WD verifies the identity of MT and computes the shared key $K_{m t w d}$ .

(i)

If $(c, r, s, t) ⊄ S B_{w d}$ , WD returns ⊥ and sends “reject” acoustic wave to MT.

(ii)

Otherwise, compute ${I D}_{m t}^{'}$ , $T S_{m t} \leftarrow D e c_{s k_{w d}} (t)$ ; if ${I D}_{m t}^{'} \neq I D_{m t}$ , WD returns ⊥ and sends “reject” acoustic wave to MT.

(iii)

Otherwise, compute $(k_{1}, k_{2}) \leftarrow h a s h_{1} ((p k_{m t}) \times g^{r})^{s \times s k_{w d}} \mod p$ ; if $r \neq h a s h_{3} (k_{2}, c)$ , WD returns ⊥ and sends “reject” acoustic wave to MT.

(iv)

Otherwise, randomly choose a 32-bit element $k^{'}$ , $k^{'} \in R [1, \dots, q - 1]$ .

(v)

Get a timestamp $T S_{w d}$ .

(vi)

Compute

$μ \leftarrow g^{k^{'}}$ ,

$σ \leftarrow {(c / {h a s h}_{2} (I D_{m t}, I D_{w d}, k_{1}))}^{k^{'}}$ ,

$δ \leftarrow h a s h_{3} (k_{1}, σ), K_{m t w d} \leftarrow {h a s h}_{4} (σ)$ ,

$φ \leftarrow E n c_{k_{1}} (K_{m t w d}, T S_{w d})$ ,

$τ \leftarrow E n c_{k_{w d}} (I D_{w d}, I D_{m t})$ .

(vii)

WD returns data $(μ, δ, φ, τ)$ to MT by acoustic waves.

(3)

MT verifies the identity of WD and computes the shared key $K_{m t w d}$ .

(i)

If $(μ, δ, φ, τ) ⊄ S B_{m t}$ , MT returns ⊥ and sends “reject” acoustic wave to WD.

(ii)

Otherwise, compute ${I D}_{w d}^{'} \leftarrow D e c_{s k_{m t}} (τ)$ ; if ${I D}_{w d}^{'} \neq I D_{w d}$ , MT returns ⊥ and sends “reject” acoustic wave to WD.

(iii)

Otherwise, compute $σ \leftarrow μ^{k}$ ; if $δ \neq h a s h_{3} (k_{1}, σ)$ , MT returns ⊥ and sends “reject” acoustic wave to WD.

(iv)

Otherwise, compute $T S_{w d} \leftarrow D e c_{k_{1}} (φ)$ ; if $T S_{w d}$ is not valid time, MT returns ⊥ and sends “reject” acoustic wave to WD.

(v)

Otherwise, compute $K_{m t w d} \leftarrow h a s h_{4} (σ)$ , and accept $K_{m t w d}$ as shared key.

(4)

MT and WD are successfully verified. They become mutually trusted devices and transmit data by agreed-upon shared session key $K_{m t w d}$ .

4.3. Data Transmission

MT and WD are mutually trusted devices. MT transmits data m, which should be signcrypted by keys with a sign, to WD via the Bluetooth. After receiving the data, MT and WD will hold a mutual authentication again. Upon successful authentication, data will be decrypted to ensure that it is sent to the trusted receiver. Otherwise, the data will be self-destructed and a “reject” acoustic wave will be sent to the receiver. Then the session will be ended and the linkage between them will be interrupted. (1)

MT gets the Bluetooth address of WD.

(i)

WD computes $γ \leftarrow E n c_{K_{m t w d}} (A d d_{w d})$ . Send γ to MT via acoustic wave to open the Bluetooth to receive data.

(ii)

After reviving γ, MT computes $A d d_{w d} \leftarrow D e c_{K_{m t w d}} (γ)$ and opens its Bluetooth. Then establish connection with WD's Bluetooth to send data.

(2)

MT signcrypts and transmits the data.

(i)

If $T S_{m t}$ is not in the valid time, a “reject” acoustic wave will be sent to MT and the session will be ended. Otherwise, MT signcrypts $A d d_{w d}$ and $T S_{m t}$ via shared key to produce signcrypted ciphertext: $C_{1} \leftarrow E n c_{K_{m t w d}} (A d d_{w d}, T S_{m t})$ .

(ii)

Signcrypt the data via shared key to produce signcrypted ciphertext: $C_{2} \leftarrow E n c_{K_{m t w d}} (m)$ .

(iii)

Send $C_{1}$ and $C_{2}$ to WD via the Bluetooth.

(3)

WD unsigncrypts the data.

When receiving ciphertext $(C_{1}, C_{2})$ , WD will run the following steps to unsigncrypt the ciphertext. (i)

Compute $A d d_{m t}, {A d d}_{w d}^{'}, T S_{m t} \leftarrow D e c_{K_{m t w d}} (C_{1})$ .

(ii)

If there is a mismatch between ${A d d}_{w d}^{'}$ and $A d d_{w d}$ , $C_{2}$ will be self-destructing and will then transmit a “reject” acoustic wave to MT to end the session.

(iii)

Otherwise, if $T S_{m t}$ does not belong to the valid time, a “reject” acoustic wave will be sent to MT to end the session.

(iv)

Otherwise, compute $m \leftarrow D e c_{K_{m t w d}} (C_{2})$ .

(v)

Display the computing results in terms of the data type (characters, string, picture, video, etc.) of m.

(vi)

Return m to MT via the Bluetooth and finish the session.

(vii)

If more data should be transmitted, perform the data transmission part again.

(viii)

Perform until data transmission completes.

(4) Complete data transmission.

4.4. Devices Addition or Alteration

Both MT and WD are supported by multi-USs as people tend to possess more than one of them in modern society. In other words, one MT or WD might simultaneously match with other trusted MTs or WDs. For instance, when $M T_{1}$ and $W D_{1}$ are available, in case of the occurrence of bugs in $M T_{1}$ or $W D_{1}$ or the requirement of $M T_{2}$ or $W D_{2}$ addition (similar procedures), to add $M T_{2}$ , it operates as follows. (i)

Initialization: US should store an eight-digit initial password $P W_{m t_{2}}$ on $M T_{2}$ .

(ii)

Key generation: $M T_{2}$ then generates its own key $K_{m t_{2}} \leftarrow (P W_{m t_{2}}, I D_{m t_{2}})$ .

(iii)

Generation of acoustic wave database: perform Step 2 to produce $S W_{m t_{2}}$ and $S B_{m t_{2}}$ .

(iv)

Device mutual authentication: perform Step 3 to authenticate that $M T_{2}$ and $M T_{1}$ (or $W D_{1}$ ) are mutually trusted devices and then produce shared key $K_{m t_{2} m t_{1}}$ (or $K_{m t_{2} w d_{1}}$ ) to transmit data, and so forth.

(v)

Data transmission test: perform the data transmission part. Transmit test data between $M T_{2}$ and $M T_{1}$ (or $W D_{1}$ ) via the shared key $K_{m t_{2} m t_{1}}$ (or $K_{m t_{2} w d_{1}}$ ) to ensure the mutual trust between devices.

(vi)

Complete the $M T_{2}$ addition.

4.5. Change Password

(1)

Change the password of MT.

US changes the password of MT as follows.

(i)

$T S_{m t}$ starts timing as soon as US starts to change password in MT. If US cannot complete the operation to change the password in valid time, output “Password rejects change.”

(ii)

Otherwise, if US inputs wrong initial password more than many times (US can set) in valid time, output “Password rejects change,” delete $S W_{m t}$ and $S B_{m t}$ , and end the current session.

(iii)

Otherwise, change the password successfully and the new password is $P W_{m t . n e w}$ .

(iv)

MT regenerates its key $K_{m t . n e w} \leftarrow (P W_{m t . n e w}, I D_{m t})$ , and then use it in the later authentication, operation, and data transmission.

(v)

MT regenerates its $S W_{m t}$ and $S B_{m t}$ as a base for communication.

(vi)

Device mutual authentication: perform Step 3: the device authentication of MT and WD. Then generate the shared key $K_{m t w d}$ on the basis of timestamp.

(vii)

Data transmission test: perform the data transmission part. Transmit test data between MT and WD via the shared key $K_{m t w d}$ to ensure the mutual trust between devices.

(viii)

MT password is successfully changed.

(2)

Change the password of WD.

US needs to change the password of WD in the procedure as follows. (i)

$T S_{w d}$ starts timing as soon as US starts to change password in WD. If US cannot complete the operation to change the password in valid time, output “Password rejects change.”

(ii)

Otherwise, if US inputs wrong initial password three times in valid time, output “Password rejects change” and end the current session and delete $S W_{w d}$ and $S B_{w d}$ .

(iii)

Otherwise, perform Step 3; if MT and WD are not successfully mutually authenticated, output “Password rejects change.”

(iv)

Otherwise, change the password successfully and the new password is $P W_{w d . n e w}$ .

(v)

WD regenerates its key $K_{w d . n e w} \leftarrow (P W_{w d . n e w}, I D_{w d})$ , and then use it in the later authentication, operation, and data transmission.

(vi)

WD regenerates its $S W_{w d}$ and $S B_{w d}$ as a base for communication.

(vii)

Device mutual authentication: perform Step 3: the device authentication of MT and WD. Then generate the shared key $K_{m t w d}$ on the basis of timestamp.

(viii)

Data transmission test: perform the data transmission part. Transmit test data between WD and MT via the shared key $K_{m t w d}$ to ensure the mutual trust between devices.

(ix)

WD's password is successfully changed.

5. Security Analysis

The security of our system is mainly to ensure the authentication and communication between our devices. It contains the integrity, confidentiality, and effectiveness of data we transmit through acoustic waves. Besides, it also needs to prevent the acoustic channel from recording, replaying, and interfering so as to avoid illegal access to data. So, in this section, we will analyze the security of our scheme. Firstly, the security mechanism in mutual authentication and key-agreement protocol will be introduced. Secondly, we will verify that our scheme is immune to the replay attack. At last, we also demonstrate the resistance to man-in-the-middle attack, which is mostly concerned by consumers. Through these arguments, it is easy to conclude that this scheme has a good security.

5.1. Mutual Authentication

In this system, the relationship between US and MT, WD is pairwise and mutually trusted. In this way, a mutual authentication can be implemented among devices. In the process of mutual authentication between MT and WD, the acoustic waves they use are those with sole device identifier and key encryption. (Taking MT as an example, $S B_{m t} \leftarrow E n c_{k_{m t}} (I D_{m t}, I D_{w d})$ , $K_{m t} \leftarrow (P W_{m t}, I D_{m t})$ .) Only the MT and WD can identify each other, which is regarded as the basis to enable communication and thereby strengthen the data confidentiality.

During the mutual authentication and data transmission, the system firstly judges whether the transmitting acoustic waves between the two devices belong to SB or not; if not, the system would terminate the session immediately, and then ensure each other's identity to make sure it is trusted.

5.2. Key-Agreement Protocol

MT and WD have established a timestamp-based key-agreement protocol. After the authentication, the shared key $K_{m t w d}$ which is used for data transmission is generated. Based on the mutual authentication between MT and WD, the data confidentiality can be fulfilled by the agreed-upon key $K_{m t w d}$ encrypting the data m and generating $C_{2} \leftarrow E n c_{K_{m t w d}} (m)$ . When data transmission is finished, the key would employ the Bluetooth address for MT and WD identity authentication and then decrypt the receiving data after the confirmation of identity authentication to make sure the data is from the trusted senders. This proves that the data transmission is secure and valid, the communication between MT and WD is secure, and the transmitted data is confidential, secure, and valid.

5.3. Replay Attack Resistance

(1) Suppose that an attacker attempts to replay the acoustic wave used in the process of the device authentication and data transmission; this would cause interferences such as multiple acoustic sources, unidentified acoustic source, and inappropriate wavelength. Once the interferences are detected, exceptions would occur in the system and the current session ⊥ would be terminated immediately. So the attacker in this scheme would fail to get the relevant information by replaying any acoustic wave.

(2) Suppose that an attacker attempts to intercept the transmitting ciphertext $C_{2}$ and replay it; the attacker would fail. There exist four reasons: firstly, this scheme is timestamp-bound; secondly, the transmit data is ciphertext encrypted in different ways; thirdly, before decryption, the data needs $A d d_{w d}$ matching; and, fourthly, it is impossible for the attacker to get the one-time agreed-upon shared key $K_{m t w d}$ in valid time. Also, once the attack is detected, the system would self-destruct the ciphertext $C_{2}$ and terminate the current session ⊥ immediately. So the attackers in this scheme would fail to get the transmit data.

(3) In each connection between MT and WD, the system would choose random $32$ -bit element k for which the attacker would be unable to guess, get, change, forge, or break the confidentiality criterion without being detected by MT and WD. So the attackers in our scheme would fail the replay and nonsynchronous attack.

5.4. Man-in-the-Middle Attack Resistance

(1) Suppose that the attacker gains $S W_{m t}$ or $S W_{w d}$ and is involved in the arithmetic when the basic communication is built between MT and WD. However, exceptions would occur because $I D_{m t}$ and $I D_{w d}$ cannot be obtained after decryption, so the system would end the current session ⊥ immediately.

(2) Suppose that, in the process of the mutual authentication between MT and WD, attackers record the data $(c, r, s, t)$ transmitted by MT to WD through the acoustic wave into $(c^{'}, r^{'}, s^{'}, t^{'})$ and then deliver it to WD to be authenticated. If there are interferences such as multiple acoustic sources, unidentified acoustic sources, or inappropriate wavelength when WD is accepting $(c^{'}, r^{'}, s^{'}, t^{'})$ , the system will immediately terminate the current session ⊥ due to exceptions. Otherwise the system would compute ${I D}_{m t}^{'} \leftarrow D e c (t^{'})$ , where ${I D}_{m t}^{'} \neq I D_{m t}$ , which also leads to exceptions that make the system end the current session ⊥ at once.

Suppose that the attackers record data $(μ, δ, φ, τ)$ , transmitted by WD to MT through acoustic waves, into $(μ^{'}, δ^{'}, φ^{'}, τ^{'})$ and then deliver it to MT to be authenticated. If there are interferences such as multiple acoustic sources, unidentified acoustic sources, or inappropriate wavelength when MT is accepting $(μ^{'}, δ^{'}, φ^{'}, τ^{'})$ , the system will immediately end the current session ⊥ due to exceptions. Otherwise the system would compute ${I D}_{w d}^{'} \leftarrow D e c (τ^{'})$ , where ${I D}_{w d}^{'} \neq I D_{w d}$ , which also leads to exceptions that make the system kill the current session ⊥ at once.

(3) Suppose that, in the data transmission between MT and WD, attackers get γ, which is transmitted by WD to MT. However, the Bluetooth device address cannot be obtained because γ is encrypted. Thus the attack cannot be implemented. Therefore, this scheme is secure and reliable because it can resist the man-in-the-middle attack.

6. Implementation

6.1. Experiment Environment

Openness is the characteristic of Android system, which is the mainstream OS for intelligent mobile. So we choose it as the main experiment OS. To test the stability, we use various devices with different versions of Android. Other details of our experiment environment are shown in Table 1.

Table 1

Experiment environment.

	Telephone 1 (MT)	Wearable devices 2 ( $M T_{2}$ as WD)	Telephone 3 ( $M T_{3}$ )	Telephone 4 ( $M T_{4}$ )
Type	HTC One	Samsung Galaxy S4	Nubia Z5S	Huawei C8650
OS	Android 4.2	Android 4.3	Android 4.2	Android 2.3.3
Microphone and loudspeaker	Yes	Yes	Yes	Yes
Bluetooth	4.0	4.0	4.0	2.1
Memory	2 GB	2 GB	2 GB	256 MB

6.2. Experimental Process

We develop an app to implement our scheme, which is called “VoiceBluetooth.” It has 6 modules: “Bluetooth open,” “Bluetooth close,” “Enable search,” “Traditional search,” “VoiceBluetooth Client,” and “VoiceBluetooth Server.” (i)

“Bluetooth open” and “Bluetooth close” are for data transmission and data sharing between multiwearable devices after mutual authentication.

(ii)

“Enable search” allows multiple devices to search for a connection and connect.

(iii)

“Traditional search” is for Bluetooth search, authentication, and connection.

(iv)

“VoiceBluetooth Server” and “VoiceBluetooth Client” are flexible for devices to select as a role to connect to one another, enabling sharing of data between any two devices.

The app should be running on both MT and WD. One is acting as a server; the other is a client.

In the authentication process, MT will use the app to emit authentication acoustic wave, while WD will receive it. Data can only be transmitted when the devices are authenticated as trusted devices by each other. Mutual authentication and data sharing process workflow are shown in Figures 4, 5, 6, 7, 8, 9, and 10.

Figure 4

The first step of experimental process. (a) First MT screen; (b) first WD screen.

Figure 5

The second step of experimental process. (a) MT computes $(c, r, s, t)$ and sends their acoustic waves to WD; (b) WD gets $(c, r, s, t)$ .

Figure 6

The third step of experimental process. (a) MT gets $(μ, δ, φ, τ)$ ; (b) WD verifies the identity of MT, computes $(μ, δ, φ, τ)$ , and returns them to MT by acoustic waves.

Figure 7

The fourth step of experimental process. (a) MT verifies the identity of WD, computes $K_{m t w d}$ , and accepts it as shared key; (b) MT and WD are now mutually authenticated.

Figure 8

The fifth step of experimental process. (a) Transmit the Bluetooth address, (b) WD gets the Bluetooth address of MT.

Figure 9

The sixth step of experimental process. (a) Bluetooth pairing; (b) Bluetooth pairing.

Figure 10

The seventh step of experimental process. (a) MT signcrypts and transmits the data; (b) WD unsigncrypts the data and completes data transmission.

In the experiment, by changing the conditions from a relative quiet environment to a noisier one, we repeatedly tested the device authentication and data transmission, probing into MT and WD's encryption towards $C B$ and other situations like device authentication, data transmission, password updating, adding and changing $M T_{3}$ , and recording relevant experimental data.

6.3. Experimental Data and Conclusion

In a not absolutely quiet environment where the experiment is conducted, mobile phones and wearable device can identify each other in a distance less than 20 cm well, while, in a distance beyond 20 cm, the recognition rate is slightly lower. This distance rightly matches the secure distance of a person who has multiple mobile phones and wearable devices. Within the distance, people can make the mutual authentication and data sharing possible between their devices. For example, people can transmit data about their health and bodily functions saved in the wearable devices to mobile phones and then to computers or the Internet. Likewise, data such as text messages, schedules, and videos can also be transmitted to the wearable devices, which is convenient for reminding and reading.

In order to let people have a better acoustic experience and know that their devices are communicating with each other, the range of frequency of acoustic wave used in our experiment is mainly from 588 Hz to 4419 Hz. They are called coloring ring back tone (CRBT) [29]. According to the recognition rate in our experiment, using acoustic waves of too high or too low frequency is temporally not recommended. The highest frequency of the acoustic waves used in this experiment is 15 KHZ, which is beyond the identification of experimenters’ hearing. However, that still can be authenticated by experimental devices, though the authentication rate is slightly reduced. If the frequency is increased to 20 KHz or more, we can realize the ultrasonic wave transmission. Ultrasonic propagation is not affected by environmental noise interference; it is more stable, directionally stronger, and easier to concentrate, and it can shorten the time for certification. Because the human ear cannot hear ultrasonic, it is more concealed and could spread farther, so the authentication will be better and achieve the desired distance. Based on this, a conclusion can be made that if ultrasonic wave transmission is used, the hardware of devices such as loudspeakers and microphones should be equally matched.

In the experiment, the increase of volume can lower the influence of noise from external environment within a certain range and improve the authentication rate.

The range of per unit play time of the frequency corresponding to each acoustic wave is from 30 ms to 150 ms. When the play time is 100 ms, the time used in transmitting an IMEI code with 15 bits via acoustic wave is less than two seconds, and a mutual authentication time is about 10 seconds, processed automatically, so the recognition rate is high. When the play time is at the shortest 30 ms, the recognition rate is a little bit lower. But if the distance between experimental devices is cut short, it can still remain a good recognition rate.

After experimental devices are mutually authenticated through acoustic waves, data transmission, password updating, and adding and changing $M T_{3}$ can be done successfully by using Bluetooth, which all can be proved in this scheme.

In the experiment, after MT and WD are mutually authenticated, $M T_{4}$ tries to record and play the acoustic waves when MT and WD are reconnecting. However, the attack cannot be implemented because the system would interrupt the connection automatically when recognizing interferences which result from the asynchronization with the acoustic waves played between the trusted devices. Therefore only mutually trusted devices can be interconnected.

This scheme makes it possible that mutually trusted authentication can be realized via acoustic waves and that data can be transmitted through Bluetooth among multiple wearable devices. The scheme can also protect private data, making sure they can be shared.

6.4. Characteristic Analysis

We would like to attain the following characteristic analysis in Table 2. It is obvious in Table 2 above that the time complexity of our algorithm in the process belongs to $O (1)$ , that is, constant level. And this is satisfactory, which means that the time for preparation and authentication is fixed.

Table 2

Performance of computations.

	Exp	Hash	Enc	Dec	Multi	Div	Nonce	Timestamp	Times of TAW¹	Determine	Times of TDVB²
Communication preparation
MT			2	1					2
WD			2	1					1
Mutual authentication
MT	2	5	1	2	1	1	1		1 (+3 opt)	4
WD	4	5	2	1			1	1	1 (+1 opt)	3
Data transmission
MT			2	1				1	(+1 opt)		2
WD				3					1 (+2 opt)	4

$^{1}$ Times of transmit acoustic waves.

²Times of transmit data via Bluetooth.

7. Conclusions

In this paper, we presented new schemes for mutual authentication between multiwearable devices based on acoustic channel. We have designed an authentication protocol to ensure that the acoustic wave authentication is secure and efficient. In the process of the authentication, by adopting multiple-times identity authentication, agreed-upon shared key, and on-the-fly password change, we have realized the secure data transmission and sharing among mutually trusted devices and effectively precluded the unauthorized third-parties or third-party devices from stealing the data. In addition, the protocol brings convenience for the users in the case that they have multi-MTs, multi-WDs, and multi-laptops. In addition, the protocol brings convenience for the users because it can enable the automatic data synchronization and sharing among their multiple devices.

Compared with other transmission technologies like NFC and Bluetooth, acoustic wave transmission can reach more people due to lower hardware requirements and implementation costs because only the hardware included in each mobile phone or wearable device such as microphone and loudspeaker is needed to fulfill the mutually trusted identification authentication and data transmission. So we can see how acoustic wave technology is widely used in the market and its tremendous development potential.

In the future, we would endeavor to make some further optimizations and improvements such as making per unit play time of the frequency shorter and recognition rate more accurate, improving the security and confidentiality of the scheme by reducing the hardware requirements, and employing ultrasonic wave to transmit data.

Footnotes

Definitions of Symbols Used in Our Protocol

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgments

The authors wish to thank the anonymous reviewers for their insightful and invaluable suggestions and comments. This work was in part supported by 973 Program (Grant no. 2011CB302400), Natural Science Foundation of Guangdong Province, China (Grant no. S2013010013728), Educational Commission of Guangdong Province, China, Project no. 2013KJCX0131, and Guangdong University of Petrochemical Technology's Internal Project no. 2012RC0106. Wei Sun is the corresponding author.

References

Castillejo

Martínez

J.-F.

López

Rubio

An internet of things approach for managing smart services provided by wearable devices

International Journal of Distributed Sensor Networks 2013 2013 9

190813

10.1155/2013/190813

2-s2.0-84875553736

Abolfazli

Sanaei

Gani

Xia

Yang

L. T.

Rich mobile applications: genesis, taxonomy, and open issues

Journal of Network and Computer Applications 2014 40 1 345 362

10.1016/j.jnca.2013.09.009

2-s2.0-84896313884

Chowdhury

M. A.

McIver

Jr. Light

Data association in remote health monitoring systems

IEEE Communications Magazine 2012 50 6 144 149

10.1109/MCOM.2012.6211499

2-s2.0-84862293873

Castillejo

Martinez

J.-F.

Rodriguez-Molina

Cuerva

Integration of wearable devices in a wireless sensor network for an E-health application

IEEE Wireless Communications 2013 20 4 38 49

10.1109/MWC.2013.6590049

2-s2.0-84884538767

Gao

Kulkarni

Ranavat

Chang

Mei

A 2D barcode-based mobile payment system

Proceedings of the 3rd International Conference on Multimedia and Ubiquitous Engineering (MUE '09)

June 2009

IEEE

320 329

10.1109/MUE.2009.62

2-s2.0-72849151593

McCune

J. M.

Perrig

Reiter

M. K.

Seeing-is-believing: using camera phones for human-verifiable authentication

Proceedings of the IEEE Symposium on Security and Privacy

May 2005

IEEE

110 124

2-s2.0-27544489075

Zhao

Xue

Near field authentication for smart devices

Proceedings of the 32nd IEEE Conference on Computer Communications (INFOCOM '13)

April 2013

375 379

10.1109/INFCOM.2013.6566798

2-s2.0-84883068295

Haataja

K. M. J.

Hyppönen

Man-in-the-middle attacks on bluetooth: a comparative analysis, a novel attack, and countermeasures

Proceedings of the 3rd International Symposium on Communications, Control, and Signal Processing (ISCCSP '08)

March 2008

IEEE

1096 1102

10.1109/ISCCSP.2008.4537388

2-s2.0-50649091323

Pries

Zhao

A new replay attack against anonymous communication networks

Proceedings of the IEEE International Conference on Communications (ICC '08)

May 2008

Beijing, China

1578 1582

10.1109/ICC.2008.305

2-s2.0-51249098943

10.

Yong

Lei

Kun

Shu-ru

De-pei

An improved authentication protocol with dynamic update in rfid system

Proceedings of the International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM '08)

October 2008

IEEE

10.1109/WiCom.2008.683

2-s2.0-58049098259

11.

Stajano

Anderson

The resurrecting duckling: security issues for ad-hoc wireless networks

Proceedings of the 7th Security Protocols Workshop

April 1999

172 194 Lecture Notes in Computer Science

12.

Matos

Romão

Trezentos

Secure hotspot authentication through a near field communication side-channel

Proceedings of the IEEE 8th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob '12)

October 2012

IEEE

807 814

10.1109/WiMOB.2012.6379169

2-s2.0-84872073279

13.

Sheng

Q. Z.

Zeadally

Mitrokotsa

Maamar

RFID technology, systems, and applications

Journal of Network and Computer Applications 2011 34 3 797 798

10.1016/j.jnca.2010.07.008

2-s2.0-79251527137

14.

Shamir

Identity-based cryptosystems and signature schemes

Advances in Cryptology 1985

Berlin, Germany

Springer

47 53

10.1007/3-540-39568-7_5

MR820012

15.

Al-Riyami

S. S.

Paterson

K. G.

Certificateless public key cryptography

Advances in Cryptology-ASIACRYPT 2003 2894

Springer

452 473 Lecture Notes in Computer Science

10.1007/978-3-540-40061-5_29

MR2093598

2-s2.0-0345490607

16.

Diffie

Hellman

M. E.

New directions in cryptography

IEEE Transactions on Information Theory 1976 22 6 644 654

MR0437208

2-s2.0-0017018484

17.

Chen

Ring group signatures

Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom '12)

June 2012

IEEE

409 418

10.1109/TrustCom.2012.246

2-s2.0-84868156114

18.

Ren

Harn

An efficient threshold anonymous authentication scheme for privacy-preserving communications

IEEE Transactions on Wireless Communications 2013 12 3 1018 1025

10.1109/TWC.2012.12.112120

2-s2.0-84875591362

19.

Jing

Zhang

Liu

An efficient handover authentication scheme with location privacy preserving for EAP-based wireless networks

Proceedings of the IEEE International Conference on Communications (ICC '12)

June 2012

Ottawa, Canada

857 862

10.1109/ICC.2012.6363795

2-s2.0-84871987089

20.

Zheng

Digital signcryption or how to achieve cost (signature & encryption) ≪ cost(signature) + cost(encryption)

Advances in Cryptology—CRYPTO '97. Proceedings 17th Annual International Cryptology Conference Santa Barbara, California, USA August 17–21, 1997 1997 1294 165 179 Lecture Notes in Computer Science

10.1007/BFb0052234

21.

Zheng

Imai

How to construct efficient signcryption schemes on elliptic curves

Information Processing Letters 1998 68 5 227 233

10.1016/S0020-0190(98)00167-7

MR1664737

2-s2.0-0040712314

22.

Libert

Quisquater

J.-J.

A new identity based signcryption schemes from pairings

Cryptology ePrint Archive 2003 2003 23

23.

Wang

Zhang

Qin

Analysis and improvements of two identity based anonymous signcryption schemes for multiple receivers

Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom '12)

June 2012

IEEE

1057 1062

10.1109/TrustCom.2012.88

2-s2.0-84868149532

24.

Barreto

P. S.

Libert

McCullagh

Quisquater

J.-J.

Efficient and provably-secure identity-based signatures and signcryption from bilinear maps

Proceedings of the 11th International Conference on Theory and Application of Cryptology and Information Security (ASIACRYPT '05)

2005

Springer

515 532

25.

Liu

J. K.

Baek

Zhou

Yang

Wong

J. W.

Efficient online/offline identity-based signature for wireless sensor network

International Journal of Information Security 2010 9 4 287 296

10.1007/s10207-010-0109-y

2-s2.0-77955088735

26.

Khan

M. K.

Alghathbar

Takagi

Identity-based online/offline signcryption for low power devices

Journal of Network and Computer Applications 2012 35 1 340 347

10.1016/j.jnca.2011.08.001

2-s2.0-82155185198

27.

Barbosa

Farshim

Certificateless signcryption

Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS '08)

March 2008

ACM

369 372

10.1145/1368310.1368364

2-s2.0-62449111027

28.

Chinese association for cryptologic research

China Development Report 2012

29.

Fukai

Mitsukura

Design support system for coloring illustrations by using the colors preferred by a user as determined from the hue patterns of illustrations prepared by that user

IEEJ Transactions on Industry Applications 2011 131 5 685 691

10.1541/ieejias.131.685

2-s2.0-80052465174