Projects:2018s1-169 A Better Security Framework for Wearable Devices
Group 169 produced two research topics that are interconnected through wearable technology.
Research Topic 1: Topic 1: Improving the Technical Functionality of Children’s Tracking Watches
Research Topic 2: Biometric Profiling of Wearable Devices for Medical Monitoring and Authentication
Contents
- 1 Authors
- 2 Supervisors
- 3 Topic 1: Improving the Technical Functionality of Children’s Tracking Watches
- 4 Technical Abstract
- 5 Contextual Abstract
- 6 Introduction
- 7 Background
- 8 1.1 Research Question
- 9 1.2 Motivation
- 10 Previous Studies
- 11 Background'
- 12 Case Scenario Analysis
- 13 Scenario #1
- 14 Scenario #2
- 14.1 IOT Functionality Discussion
- 14.2 Discussion
- 14.3 Conclusion
- 14.4 References
- 14.5 Topic 2: Introduction
- 14.6 Previous Studies
- 14.7 Accuracy of Fitbit and Apple Watch
- 14.8 Thermo-ID system for Authentication
- 14.9 Spectroscopy-based technology for liveness authentication
- 14.10 Green-light technology - Apple watch and Fitbit
- 14.11 Red-light technology - Hospital grade devices
- 14.12 Authentication
- 14.13 Knowledge Gaps in Available Research
- 14.14 Conclusion
- 14.15 References
Authors
Topic 1
Inderbir Singh (Focusing on the Indian Market perspective)
Luke Jennings (Focusing on the Australian Market perspective)
Topic 2
Munirah DeVries
Supervisors
Matthew Sorell
Richard Matthews
Topic 1: Improving the Technical Functionality of Children’s Tracking Watches
Technical Abstract
The objective is to improve the functionality of the children’s safety watch SpaceTalk [1] such that it provides increased safety measures in commonplace Australian social scenarios. Several safety watches have been found in Europe to be more detrimental to safety than intended, and as a result, have come under heavy investigation [2]. Since the technology is rather new and can still have the potential to provide for children’s safety, understanding the issues around them and improving them is vital as the technology moves forward. The challenges involved are that some of the improvements that can be suggested may work for the Australian market, however, if the watch is then taken internationally those improvements may violate international privacy and surveillance laws and become detrimental to child safety. Hence this project is being investigated from two different perspectives. One from the Australian perspective, which is the focus of this paper, and the other from the Indian perspective. Since the two countries have two vastly different social structures, the improvements discovered in each can be combined into a single flexible set of functionality improvements that can be applied internationally.
Contextual Abstract
Under the umbrella of Children’s wearable’s, one team is responsible for identifying the devices that are currently on the market, and are vulnerable due to lack of security. A second team is looking at another specific device, provided by a sponsor organization, which is very good at its technical security but lacks the understanding of its market specialization. Kristine Hovhannisyan (Estonian Student) will be focusing on the legal framework within Estonia and in European market regarding SpaceTalk device. Finally, Luke Jennings and Inderbir Singh (the author) are focusing on a fresh space for a worldwide market with a focus on the following questions: “If we are to develop this device for world market by taking into account of privacy, security and safety, what does that mean in different social and cultural context? What are the implications for these devices and technical implementation requirements with the system?” In other words, the purpose of this research study is to identify cybersecurity vulnerabilities from a humanitarian perspective and redesign the technical functionalities of the watch to be able to satisfactorily deal with social situations in two different cultures, India and Australia, as well as provide data safely, securely, and quickly to law enforcement in the most extreme of cases.
Introduction
There has been a rapid enhancement in technology advancing in the previous decade. This poses a dilemma within and between technological innovation, cyber-crime and legal regulations. From one perspective, technology has such a great influence on serving its purpose and keeping an individual up to date and secure. On the other side, the law is wrestling with either liberating or restraining on such security [2]. In today’s society, children’s smart-watches are available in the market and gaining popularity worldwide. Parents prefer these over smartphones because of a one-size-fits-all approach, technical functionality and sturdiness. This is a fantastic safety device for parents, however, there is the possibility that these devices could be used for malicious purposes. These children’s smartwatches have features that not only allow the parents to control who the child can communicate with through the device, but they can also activate GPS tracking to determine the child’s location at any time [3]. These technical implementations are challenged by different social and cultural contexts, whilst also abiding by the national laws. The laws around surveillance and consent are crucial, and some of the smartwatches available in the market favour functionalities over legal constraints. As such the technical functionalities of these devices must be reformulated to provide a solution to possible security flaws in different environmental scenarios, notably in Australia and India. At the same time, it is pertinent to ensure maximum data and storage security for the device, as well as making the information available to the law enforcement in some extreme cases when required. If any security breaches are identified, the company or manufacturers will be informed so that remediation and counter-measures and be put in place. At the same time, creating a public awareness about possible threats associated with the device so that user’s privacy isn’t compromised is also important.
Background
In Australia one smartwatch acts as a 3G phone has GPS tracking and SMS messaging. Its security features consist of SOS Alerts, where a button can be pressed to call a sequence of guardians or local authorities, as well as contains Safe Places, which alert the parent or guardian if the smartwatch leaves or arrives at a predetermined location. These functions are controlled by an accompanying app, where parents can control the communications the smartwatch has with other phones. The app can be used by multiple family members under a single login, which is one of its largest security issues. Currently, there is nothing to stop or control the access, or other family members who have gained access to the account. Should family relations become strained, the child’s smartwatch now effectively acts as a surveillance device potentially operated with ill-intent. This particular device will be used as a starting point to propose technical solutions. Conversely, in India, there isn't a leading brand of children's smartwatch, and they don’t suffer as much from these situations. Instead, crimes such as abduction and abuse of children are more common and call for a security device that parents can use to ensure the safety of their children. The task at hand is to formulate a flexible technical solution that incorporates the different sets of technical requirements for both environments.
1.1 Research Question
1) Can the technical framework of children’s smartwatches be reformulated to better ensure the safety of the child, or prevent it from being used as an illegal surveillance device in domestic circumstances in Australia? (Being researched by Luke Jennings) 2) Can the technical framework of children’s smartwatches be reformulated to better ensure the safety of the child in extreme scenarios such as kidnapping and abuse, in developing countries like India? 3) Can the data stored by children’s smartwatches be made more readily available to law enforcement such that they can act quickly in extreme circumstances? 4) Provided a solution can be found to questions 1 and 2, can they be combined into a single flexible technical framework that satisfies the requirements for different environmental contexts?
1.2 Motivation
Children’s tracking watches come with many different functionalities, but the main feature that distinguishes them from other devices as a safety device is their ability to allow parents to track their children through GPS on an accompanying smartphone app. This now raises the issues of children’s consent and private data and now involves surveillance tracking laws. This is important to consider because in Europe, many children’s tracking watches have been banned and have called for any of these devices to be destroyed, due to the possibility of their security being broken and being utilised as an illegal surveillance device. Additionally, the features and customer rights when using such devices have also become under investigation [2].
This project is being investigated from two different contexts. The first is the Australian perspective, where it is possible that children’s tracking devices can be misused and utilised as an illegal surveillance device. The second is the Indian perspective, where there is a genuine safety concern because crimes such as kidnapping are much more common as opposed to in Australia. Australia and India both have a different definition of child consent, and different laws regarding surveillance devices. Because of these differences, each country presents different technical requirements to ensure these children's tracking watches comply with their nation's laws and still deliver the primary objective of children's safety.
India is one of the largest developing economy in the world and has a very wide market for technology. It has the largest youth population in the world, every 1 out 5 children in the world is Indian [4]. The individuals in India come from 29 different states, 9 recognized major religions and a range of backgrounds. It has been established that the rate of crimes committed against children in the present time in India is far higher than that against adults, and has only increased over time. It is a given fact that plight of children is not likely to change. A total of 84,423 cases of crime against children were reported in India during 2014 (with an increase of 53.6% from 2013 figure of 58,224). Also, there has also been increasing number of incidents regarding cybersecurity and surveillance (especially unauthorized surveillance) reported in India [5]. The main approach to this project is to identify the severity of threat level in India against children coming from average middle class to upper class where parents can afford a tracking device such as the SpaceTalk smartwatch, and how such device can provide an extra level of security for their children against the safety or security threats that they are likely to face in their daily lives. Any sort of violation or crime against children can be devastating to their mental state, and can imbalance their cognitive, social, physical, and emotional development. It is vital to have a thorough understanding of the types of crimes commonly committed against children in India in order to appropriately asses and reformulate the technical functionality of children’s smartwatches, such as the SpaceTalk smartwatch, with an aim to better ensure the safety of the child in such scenarios.
Previous Studies
Cybersecurity is becoming one of the world’s most prominent areas of study and innovation. It is important to understand the differences between the vulnerabilities, risks and threats associated with cybersecurity. Without a complete understanding of these factors and related issues, an individual is at higher risk of exposure to these threats. There has been a rapid increase in cybercrime, where all businesses are now strongly encouraged to constantly monitor and manage their devices. A recent study from 2014 found that companies in Australia have experienced an increase in the data breach by 18% within the 24 month period (1 in 5 Australian companies are expected to be attacked in years to come) [6]. Having an anti-virus and other forms of technical protection on devices are just not enough. Therefore, by law and due to ethical obligations, it is a common practice for organizations to undertake reasonable steps to ensure that the private information collected from their clients, business partners is protected and secured in a firewall encrypted database with restricted access. They are also expected to shield their IT/Data systems and the privacy of their clients. Lastly, the human factor is essential to take into account when considering technical measures with IoT devices [7]. Most of the data breaches are associated because of the defects identified within the software’s architecture and system design. Rest are stemmed from the bugs present in the software implementation. There has been an initiative established by IEEE as “IEEE Centre of Secure Design (CSD)” document emphasizing on identifying and preventing software design flaws. The CSD summarizes the top 10 most commonly and repeatedly occurring software security design flaws, as well as a recommendation for mitigating/avoiding them [8].
In October 2017, there was an investigation into children’s smartwatches by the Norwegian Consumer Council (NCC) called #Watchout [2]. Their investigation looked at the features of the apps and devices and the accompanying user terms and consumer rights for four different devices local to the area. Since the devices dealt with the tracking and communication with children, the investigation was greatly concerned with the framework of the devices, to ensure data protection laws and privacy rights of children are upheld. By testing the device's functions and reading any relevant legal documentation provided by the developers of each device, it was found that the safety features of the watches, the geofencing and SOS functions, were unreliable. The data of the children and their parents were also found to be stored in servers overseas, prominently in the US or Asia. The devices had inadequate and unclear user terms, denying users of their basic rights. Three out of four devices failed to ask for permission to collect this sensitive data and none of the devices alerts the user to changing terms of service or allow for the deletion of private data records. Some of the devices utilised the same smartphone app. One of the devices even allowed for remote activation of the microphone, allowing it to act as an illegal surveillance device. It was recommended that user terms and agreements should always be provided upon registration of the account. When prompting for consent, never use pre-checked boxes and must contain “I have read and accept these terms”. Private data must be used only for the operation of the device and not for other purposes and they must allow for the deletion of location history and other data. Security of processing and storage of private data must also be mentioned in the user terms. In addition to this, many security flaws were discovered which may lead to attackers taking advantage of the device, however for the purpose of this research we only consider the technical implementation of the device functions themselves.
Conversely, in India, the issue about regarding informed consent for minors is more complex, due to child marriages. According to Guardians and Wards Act (GWA), 1890, it clearly states that any person who is not over the age of 18 is a minor. Therefore, the court or appointed authority has the power to choose a guardian for the child by nominating one or removing another. Since then, there haven't been many revisions, with the latest major revision being the Juvenile and Justice (Care and Protection of Children) Act (JJC) in 2000. In 2016, this act was revised to deal with minors aged between 16-18 in the court of law by treating them as adults. The laws and policies around consent in India are outdated, with no evidence of a future reformation to be in-line with current technology. Since Australia and India are two different markets, considering the two different security needs of the children or family while understanding the laws in such environments is crucial in formulating a flexible solution.
Background'
Children’s tracking watches come with many different functionalities, but the main feature that distinguishes them from other devices as a safety device is their ability to allow parents to track their children through GPS on an accompanying smartphone app. This raises the issues of children’s consent and involves surveillance tracking laws.
SpaceTalk is known to be one of the best children tracking device/smartwatch manufactured by MGM wireless in Australia. It acts as a 3G phone consists of GPS tracking capability and SMS messaging feature. The security features of this watch consist of SOS Alerts, where a button can be pressed to call a sequence of guardians or local authorities [13]. It also consists of safe place markup tracked by the GPS which alerts the parent or guardian if the device leaves or arrives at a predetermined location. These features and functions are managed through an accompanying app, where parents or guardian can control the communications that the smartwatch has with other phones. This app can be utilized by multiple family members under a single login, this is definitely considered to be one of the largest security flaws found within this watch. The single login provides no control and full admin access to every individual who has gained access to the account. Bearing this security flaw in mind, should family relations become strained, there is a potential now that children’s smartwatch is now used as a surveillance device with ill-intent. This is important to consider because, in Europe, many children’s tracking watches have been banned and have called for any of these devices to be destroyed, due to the possibility of their security being broken and being utilized as an illegal surveillance device. Conversely, in India, there isn’t a leading brand of children’s smartwatch, and they do not suffer as much from these situations. Instead, crimes such as abduction, rape and abuse towards children are far more common and call for a security device that parents can use to ensure the safety of their children. This particular device will be used as a starting point to propose technical solutions.
In India, as per Criminal Law (Amendment) Act, 2013 has introduced cyberstalking as a criminal offence [5]. The use of tracking devices become illegal once they are utilized without an appropriate consent of the person being tracked. Even including the case where a minor is involved. The issue about regarding informed consent for minors is more complex, due to child marriages. According to Guardians and Wards Act (GWA), 1890, it clearly states that any person who is not over the age of 18 is a minor. Therefore, the court or appointed authority has the power to choose a guardian for the child by nominating one or removing another. Since then, there haven’t been many revisions, with the latest major revision being the Juvenile and Justice (Care and Protection of Children) Act (JJC) in 2015 [14]. The laws and policies around consent in India are outdated, with no evidence of a future reformation to be in-line with current technology.
Case Scenario Analysis
In this section, several different scenarios that modern families within Australia and critical scenarios from India may see are described, and the importance of improving the features of the SpaceTalk watch is emphasised by considering these scenarios where the child now has this safety watch. In India, Childline organization is a non-government organization (NGO) that is operated over the phone to help children in need or distress from the age of 0-18 years. They often come across calls that entails legal intervention while addressing the emergency needs of children and protecting their rights. This mainly stems from the following facts observed commonly in the general public: lack of knowledge about procedures, fear of the judicial system or lack of support systems available. On average, Childline receives about 2 million calls a year from children in need [15].
Scenario #1
In Australia, where blended families after remarriage are common and accepted, it may be desirable for the separated families to each be able to track a child when they have custody, while respecting the privacy of their former partner. Temporary guardianship by grandparents raises a similar example. As the list of extended family members increases, the amount of people who can track the child location and by proxy, the other extended family members of that child increase as well.
Scenario #2
A car drew up outside the seven-year-old's private school as he was leaving. Yash must have assumed that the man inside had been sent by his father to collect him. He got in, the door closed, and he was gone. Anil (Yash’s father) raced to the school, then to the nearby Balli police station, where his distress was met with a shrug. "[The officer] was lazy, a typical cop. He was reluctant to lodge a complaint. He said the boy must have wandered off somewhere." By the next morning, the police had a suspect, a well-known local criminal. They circulated his picture, but it was a mistake. The kidnappers panicked. Neighbours found Yash's body lying in bushes near the shore. He was in his school uniform, with a mark on his neck where he had been strangled, and dried blood around his nose [17]. 14 Another case, Asifa Bano was an eight-year-old child who was raped and murdered due to religion and caste differences. She was from a nomadic Muslim tribe in the restive. Asifa was abducted by a group of local Hindus when she went looking for the family’s horses. She was gang raped over days, drugged, beaten and her head finally smashed with a stone according to police reports. The justice system in India has been eviscerated over the past years. As commonly seen and known Police officers who are not loyal to politicians often find their career progress in difficulty and investigations and courts are open to manipulation. It was found that two of the eight suspects were police officers, accused of washing the Asifa’s clothes to destroy forensic evidence. The protest took place and the entire community of Muslims, Hindus and Sikhs came out on streets and demanded justice. The law-enforcement was forced to respond due to the actions were taken by the general public. The reluctant judge was also asked to take up the case after some superior judges made a call. The public also wrote letters to Prime Minister of India, who took actions against this incident and was justice was made [18]. With the presence of the watch, it would have at least provided the law enforcement with the resource to help locate the child’s last location before and if the watch was forcibly removed from the wrist and destroyed. This could have potentially saved abundant of time and provided resources for police to use it as a motivation to find Yash or Asifa.
Although, SpaceTalk watch currently does not support covert listening but in some cases in India, there is a potential that covert listening feature may save lives. Under extreme conditions, the watch should also have the ability to enable the microphone in the watch for covert listening option VIA the SOS button, where this data is perhaps not immediately available to the parents. However, they are notified with a new activity detected and the recording has been stored in a “black box” somewhere in the secured server. The recordings can then be accessed by the admin via contacting the support team who will then grant this on a condition and under a declaration signed at the time of purchase. The data then can also be accessed by the Law-enforcement and Childline organization with the parents or admins approval which may be authorized at the time of the purchase or when the situation falls upon.
- This solutions given above will be further investigated and type of sensors are appropriate
will be summarized*
IOT Functionality Discussion
This includes securing the device itself, as we know that this device and or pieces of its equipment operate continuously unattended, therefore not subject to the security implied 16 by frequent, direct observation. It will be essential to make sure this device is tamper-proof or tamper-evident since that will prevent potential intruders from reaching into the device data. At the same time, it will defend against a hacker or other cybercriminal buying and then weaponizing the device. This can be mainly achieved by utilizing a layered security tactic which enforces attackers to overcome numerous difficulties. Another recommendation in terms of IoT devices is ensuring a trusted certificate when these devices are connected with network or GSM services. This means, that only one sim at a time can be configured with this device. Any attempt to add an alternative sim will be blocked automatically by also sending the admin an alert regarding unauthorized attempt and as well the location of that activity. This will ensure a protection against theft and unauthorized access is maintained. This can be achieved by public key infrastructure and digital certificates infrastructure implemented to the device technical framework. Also, as previously identified in section 2 there is currently no limit to the number of people that can be logged into the watch account at any given time. This exposes the fact that, there can numerous people tracking child’s geolocation that may be the external/temporary guardians that child may interact with on frequent basis. The proposed solution to this is to have secondary or guest’s accounts set up and linked to the main parent account who can delete when deemed unnecessary. This can enforce the restriction as to who can track the device’s location at a particular time while keeping their account details private.
Discussion
There are several implications for flexible architecture requirements such as single-login, lack of an option to withdraw consent and sim card swapping. From scenario #1 there are several issues already present regarding the use of the SpaceTalk watch. Firstly, is the matter of consent. When the watch account is created, the person creating that account is prompted to consent to the collection of their child’s private data. However, the other users that use the app to track the child have not been provided the option to provide nor withdraw consent, which needs to be a feature. There is no limit to the amount of people that can be logged into the watch account at any given time. Hence it is entirely possible that several people will be viewing the child’s geographical location, and by extension the temporary guardian that child is with. The solution to this is to have guest accounts or secondary accounts linked to the parent account and limiting the number of guests that can track the device at any given time. Since the guardians are only temporary, they do not need to have access to the child’s location data any longer than necessary. By having a guest account that expires after a certain period of time, the possibility of other members of the blended family using the child’s location to determine the guardian’s location becomes much smaller. Additionally, this also provides better security for the parent as they would not have to share their account details. Regarding scenario #2, continuing on from the guest account solution proposed above, there must be a way to remove a guest accounts tracking privileges when required. Under the single-login that the watch currently has, this is not possible. Additionally, should one of the parent’s switch out the sim card for another, they would now have exclusive access to the geographical location of their child, regardless of custody arrangements. Hence, the accompanying app should be notified if the sim card is removed. One feature that the watch requires is that it should display who is tracking the device at that time. Since children have the right to provide or withdraw consent provided they show the capacity to make informed decisions, this kind of information should be available to them. By extension on the app, the parent should be able to see what guest accounts are linked to the device and when they are active or not.
Conclusion
At this current stage, various ideas have been proposed and detailed above regarding the SpaceTalk smartwatch that complies with numerous standard protocols. They also provide a better security structure for the parents and their children using this watch. These ideas will be further analyzed and discussed in the upcoming cyber-security summer school in collaboration with Luke Jennings and Kristine Hovhannisyan.
The importance of this research is becoming greater as the popularity of children’s safety watches increases and the need to understand the security implications of similar IoT devices increases along with it. At this preliminary stage, multiple feature alterations for the SpaceTalk have been suggested that follow the various privacy act and surveillance laws whilst providing better security for the parent and child using the watch, thus proving the purpose of this thesis.
References
[1] Ian Muscat, Cyber Threats VS Vulnerabilities VS Risks, https://www.acunetix.com/blog/articles/cyber-threats-vulnerabilities-risks/, accessed May 2018. [2] Margaret Rouse, IoT devices March 2018, https://internetofthingsagenda.techtarget.com/definition/IoT-device, accessed May 2018. [3] Forbrukerrådet, Analysis on Smartwatches for Children 2017, https://fil.forbrukerradet.no/wp-content/uploads/2017/10/watchout-rapportoctober2017. pdf, accessed May 2018. [4] PTI, India has the world’s largest youth population: UN Report, http://www.thehindu.com/todays-paper/tp-in-school/india-has-worlds-largest-youthpopulation- un-report/article6612615.ece, accessed May 2018. [5] Kanchi, Criminal Law (Amendment) Act, 2013: Sexual Offences, https://www.lawctopus.com/academike/criminal-law-amendment/, accessed May 2018. [6] Techsert, Why is Cyber Security Important?, https://techsert.com/why-is-cybersecurity- important/, accessed May 2018. [7] Kathy Pretz, How to protect wearable device Against Cyberattacks, http://theinstitute.ieee.org/ieee-roundup/members/achievements/how-to-protectwearable- devices-against-cyberattacks, accessed May 2018. [8] IEEE Computer Society, Avoiding the top 10 software security design flaws, https://www.computer.org/cms/CYBSI/docs/Top-10-Flaws.pdf, accessed May 2018 [9] MGM Wireless, MGM Wireless Privacy Policy 2017, https://mgmwireless.com/downloads/MGM_Wireless_Customer_Privacy_Policy.pdf, accessed May 2018. [10] Northern Territory Government, Surveillance Devices Act 2007, accessed May 2018. [11] Australian Government, Privacy Act 1988, https://www.legislation.gov.au/Details/C2018C00034, accessed May 2018. [12] MGM Wireless, MGM Wireless Privacy Policy 2017, https://mgmwireless.com/downloads/MGM_Wireless_Customer_Privacy_Policy.pdf, accessed May 2018.
Topic 2: Introduction
Wearable devices from leading companies such as Apple, Fitbit and Garmin provide health and fitness tracking by measuring biometric features such as heart rate, flight of stairs taken, and sleep patterns. Currently, Australia is moving towards a digital self managed health care system, the first stage being the digital Australian health care records released in 2016. This system enables participates to self-manage and review their health care records, leading to better informed individuals. The next stage requires online medical advice, via online doctor appointments. However, this system requires medical devices accessible to users at home, for the recording of medical-grade biometrics, such as blood pressure. The data can then be uploaded to the doctor during the online appointment.[1]
Despite being the beginning of 2018, Apple Watch has increased the wearable market with 8 million devices being sold in comparison to 5.1 million a year before. The wearable market continues to grow with an 8% annual increase in devices sold. [2] Therefore, wearable devices provide an enticing foundation for digital health care devices due to the current commercial influence over the consumer market. Furthermore, these devices already contain sensors compatible with biometric collection, from accelerometers to optical sensors.
The following research project proposes that commercial wearable devices provide a suitable platform for the collection and storage of clinical-grade biometrics. Due to the consistency in which individual wear these devices, medical data can be obtained and stored continuously which provides a dynamic and complex profile of the individual.
The following report will outline the current sensors utilised in the commercial devices of Apple and Fitbit, and their capabilities. These sensors will be explored thoroughly by constructing the main sensor via a Raspberry Pi. The biometric data from the Raspberry Pi will be compared to the data obtained from the commercial devices to determine the sources of discrepancies and explore the relationship between accuracy of biometric data and signal processing techniques employed. To implement this research, biometric data collected from Apple Watch and Fitbit will be graphed and analyzed using known biometric standards of individuals (ie. heart rate ranges) and cross referencing between biometric type (i.e speedometer may indicate that the higher heart rate indicates high physical activity such as running). The results will be discussed to determine if unique patterns can be identified.
Furthermore, multi-layer biometrics will be explored to determine whether it is possible to obtain a unique profile of an individual. This leads into multi-layer authentication using a combination of non-observable biometrics such as heart rate, and observable biometrics such as fingerprint.
In conclusion, the research will highlight the sensor architectures required to support the multi-layer biometric profiles. These will include current sensors such as Photoplethysmography (utilised by Apple Watch and Fitbit for heart rate sensing) and developing sensors as discussed in multiple literary reports, such as thermo-ID sensors.[3]
Previous Studies
Accuracy of Fitbit and Apple Watch
A study was conducted to determine the accuracy of optical-sensor based heart rate monitors in the popular Apple watch and Fitbit devices. The study included 50 healthy adults, with mean age of 37 years and mean body mass index of 23.5. The study was inclusive of gender and ethnicity with 58\% being females and 14% being African American. The study was exclusive of individuals with cardiovascular disease, pacemakers, and treatment with heart rhythm medications. This study utilised electrocardiographic limb leads and a Polar H7 chest strap monitor, in combination to the wearable devices. The devices were attached to the individual tightly above the ulnar styloid, refer to Figure 1 below for anatomy. The study observed the heart rate during rest and physical activity and was measured at different time intervals after activity until recovery.
The study concluded that the wearable devices when compare to an electrocardiogram have variable accuracy as based on the concordance correlation coefficient (rc), 0.84 for Fitbit and 0.91 for Apple Watch. The Fitbit Charge underestimated heart rate during vigorous exercise. Furthermore, Bland-Altman analysis showed variability occurred during exercise. The Apple Watch had 95% of difference fall within -27bpm and +29 bpm of the electrocardiogram. Fitbit had 95\% of differences within -34 bpm and +39 bpm. Neither wearable device achieved the accuracy of a chest strap-based monitor. Accuracy of the devices was best at rest and reduced with exercise.[4]
Thermo-ID system for Authentication
The paper, Infrared sensing of non-observable human Biometrics, explores the experiment conducted by PosID whom utilised Thermo-ID to establish a unique authentication method. Thermo-ID is a system which obtains the non-observable patterns of infrared energy that naturally emanates from the body. The paper outlines the uniqueness of the complex, three-dimensional network of blood vessels and nervous system and how they act as sources and sinks for infrared and thermal energy. The physical arrangement of the blood vessels and nervous system will vary the intensity of the infrared energy generated. Transparency of human skin enables infrared energy to be distinguished with infrared sensors. The position of the sensor in relation to the body part under observation determine the clarity of data obtained, as the atmosphere can distort, scatter and absorb the infrared energy. Certain parts of the body contain a greater density of infrared sinks and sources, such as the finger. Therefore, PosID built and tested the Thermo-ID system using the human finger as authentication. Theoretically the pattern arriving at the sensor will be unique to the individual due to the unique network of infrared sources beneath the sensor. PosID developed a propriety algorithm which was capable of obtaining pattern matching data obtained from the infrared energy of the physiological network of the individual.
The experiment involved over 25,000 individual samples from a range of ethnicities between the ages of 12 and 72 years. The results indicated perfect scores for genuine match and imposter rejection when the acceptance threshold was set to 0.64, refer to the figure below. The Thermo-ID system produced FMR of less than 0.5\% and FNMR less that 0.4\%, both of which are within the 95\% confidence interval. Subsequently, this process indicated a comparable to better method of authentication than most other biometric recognition systems.[3]
Spectroscopy-based technology for liveness authentication
The following paper outlines the multi-layer authentication of non-observable biometrics using a spectroscopy-based technology to determine the liveness of an individual. The paper sought to introduce a layer of authentication to overcome spoofing techniques such as artificial fingers used as silicone for fingerprint authentication. The paper outlines the development of a small and robust spectral sensor that uses solid state optical components that operate in the visible light and near infrared spectrum (400 – 940 nm). The different wavelengths of light diffuse at different levels of the skin and internal body. Furthermore, the absorption of the different wavelengths of light occur uniquely between individuals, due to the unique characteristics of an individual’s skin. The unique optical properties of an individual’s skin determine the amount of light absorbed, scattered and diffused into subsequent layers. The individual photons of light move along random paths through the skin, however the mean path of a specific wavelength traverses a predictable continuous path. Theoretically, the unique and complex absorption of an individual’s skin would result in a unique optical pattern. While silicone body parts do not contain the anatomical complexity of skin and its optical properties of light absorption to mimic the patterns. The suggestion technology provides a method to determine the liveliness of the skin and therefore verification of authentication processes. This technology has been highlight as providing many advantages due to its operability on almost all portions of the skin, and miniaturised sensors utilised in the design. The design involved LED’s with wavelengths between 395nm and 940nm. A measurement is activated when the skin completely covers the LEDS and photodiodes. Each LED is then turned on for a short period of time sequentially to enable the light of the LEDs to penetrate the skin. A portion of light from each diode is reflected back to the photodiodes, which determines the reflected light ratio. This process takes 1 second, for all LEDs to illuminate and all measurements to be recorded. The experimental study involved 169 participants between 19 and 86 years, and nineteen substances which re-enact spoofed materials. The results of the experiment demonstrated that all nineteen substances could be distinguished against the participants.[5]
Green-light technology - Apple watch and Fitbit
Apple watch and Fitbit, among other wearables, incorporate multiple sensors for obtaining a wide range of biometric information. One of the most common is a photoplethysmography (PPM) which is a green light based optical sensor that measures heart rate. The colour of light plays a critical role in the functionality of sensors. Green light is almost completely absorbed by oxy-haemoglobin, resulting in reduced signal distortion of the heart rate measurement.[6] Apple Watch uses green LEDs that are paired with light sensitive photodiodes to detect the amount of blood flowing within the wrist. The watch flashes the LEDs hundreds of times per second, and calculates how many times the heart hearts per minute. The sensor compensates for low rang heart rates by increasing the LED brightness and sampling rate. Therefore, the watch supports a range of heart rates between 30-210 bpm. The green light sensor is capable of recording heart rate during workouts, breathe sessions, to calculate walking averages and Heart rate Variability (HRV). The watch also utilizes infra-red light for elevated heart rate notifications. [7] Fitbit utilises the same technology is able to detect resting heart rate, heart rate zones, oxygen consumption during cardio fitness and guided breathing sessions. [8] To achieve an engineering level understanding of green light technology as a sensor, a PPM will be constructed and processing techniques will be explored to understand the link between biometric accuracy and PPM data modulation.
Red-light technology - Hospital grade devices
Red light-based optoelectronic sensors are utilised by hospitals to measure biometrics, such as measuring the amount of oxygen in the blood and respiratory rates. Red light is able to penetrate the body, due to its low absorbability, and therefore is able to achieve more insightful data from a larger volume of tissue.[9] Unfortunately, a deeper penetration results in a higher noise distortion of the data, resulting in more complex processing techniques. For this reason, it is not desirable for companies to implement this technology in their wearable devices. However, the future of wearables is moving towards clinical quality biometrics with wearables such as the Biostrap implementing red LEDS and infrared PPM. Once every 10 minutes, Biostrap attempts to record a waveform. Unfortunately, this is only successful if the individual is at rest. Excess movement results in the measurement being discarded. The waveform is analysed by 29 different parameters and compared to other heartbeats recorded in the past 24 hours. The algorithms and signal processing techniques used by biostrap determine hear rate, respiratory rate, blood oxygen saturation and heart rate variability.[10] Alternative and hybrid sensor architectures such as red-light sensors, and red and blue light sensors will be explored as a means to suggest a wider range of biometrics for the development of a user profile.
Authentication
Physiological differences in individual’s cardio vascular and respiratory systems are mirrored in the biometric data. The aim is to collate research among current and developing technologies to suggest how physiological properties such as HRV [11] and Thermo-ID [5] can be used to create an individual profile which can be imbedded into a wearable device. The device would offer an alternative to two-face authentication as it would essentially be something that knows something about something you are. Common limitations of wearable devices include, transmission abilities, energy reserve and device memory storage. Previous research has explored algorithms for data management, in particular the transmission of data through wireless interfaces to replace memory storage within the device. The techniques utilised include lossy data compression techniques and the analysis of the techniques complexity and compression performance. These techniques along with previous research and results will be explored to suggest suitable methods of data processing for both hospital grade and authentication purposes.
Knowledge Gaps in Available Research
1.There is a gap in multi-layer biometrics for authentication, and an analysis of which biometrics would compliment eachother to improve authentication processes. 2.Gap in wearable device architecture for improved biometric quality. 3.Limitation in commercial wearables utilising only green-light PPM. 4.Availability of technical details for signal processing techniques and algorithms. 5.Which combination of non-observable and observable biometrics provide better authentication. 6.A suggestion to an architecture which supports the sensors required for clinical-grade biometrics and authentication. 7.Suggestion of signal processing techniques required to optimise the raw waveforms. 8.A comparison between current technologies and developing technology and the advantages and disadvantages each provide.
Conclusion
Common limitations of wearable devices include, transmission abilities, en- ergy reserve and device memory storage. Previous research has explored algorithms for data management, in particular the transmission of data through wireless interfaces to replace memory storage within the device. The techniques utilised include lossy data compression techniques and the analysis of the techniques complexity and compression performance. These techniques along with previous research and results will be explored to sug- gest suitable methods of data processing for both hospital grade and au- thentication purposes.
References
[1] Australian Digital Health Agency. The future of digital health, Feb 2017.
[2] AARON PRESSMAN. Apple took a commanding lead in wearables in the fourth quar-ter, as fitbit slipped, mar 2018.
[3]Michael R. Willmore. Infrared sensing of non-observable human biometrics, 2005.
[4]Wang R, Blackburn G, Desai M, and et al. Accuracy of wrist-worn heart rate monitors.JAMA Cardiology, 2(1):104–106, 2017
[5] Kristin A. Nixon; Robert K. Rowe; Jeffrey Allen; Steve Corcoran; Lu Fang; DavidGabel; Damien Gonzales; Robert Harbour; Sarah Love; Rick McCaskill; Bob Ostrom;David Sidlauskas; Karen Unruh;. Novel spectroscopy-based technology for biometricand liveness verification.Proceedings Biometric Technology for Human Identification;(2004), 5404, aug 2004
[6] Michael Sawh. Red light, green light: Why fitbit's sensor shake-up is a huge deal, Aug 2017.
[7] Apple. Your heart rate. what it means, and where on apple watch youll find it., dec2017.
[8] Fitbit. Purepulse, jan 2018
[9] Optoelectronic sensors in medical applications, Sep 2003
[10] Willem L. Middelkoop. Collecting health data with biostrap, nov 2017
[11] Nazneen Akhter, Sumegh Tharewal, Vijay Kale, Ashish Bhalerao, and KV Kale. Heart-based biometrics and possible use of heart rate vari- ability in biometric recognition systems. In Advanced Computing and Systems for Security, pages 15{29. Springer, 2016.