Full Program »
IvoriWatch: Exploring Transparent Integrity Verification of Remote User Input Leveraging Wearables
Several sensitive operations, such as financial transactions, email construction, configurations of safety-critical devices (e.g., medical devices or smart home systems), are often performed via web interfaces from a host machine, usually a desktop or laptop PC. It is typically easy to secure the communication link between the local host machine and the remote server, for example, via a standard cryptographic protocol (e.g., TLS). However, if the host machine itself is compromised with a trojan or malware, the malicious adversary can manipulate the user-provided input (e.g., money transfer information, email content and configuration data) that can lead to severe consequences, including financial loss, damage of reputation, security breach, and even put human lives in danger.
In this paper, we introduce the notion of integrity verification for the user-provided input leveraging a wrist-worn wearable device (e.g., a watch or a bracelet). Specifically, we propose IvoriWatch, a transparent and secure integrity verification mechanism, that inspects the user-provided input from a compromised host machine to a remote server for its integrity before acting upon the input. IvoriWatch requires the user to wear a wrist-wearable (either on one hand or both hands for better security). It verifies the validity of the payload/input received at the remote server by comparing it (i.e., the corresponding sequence of keyboard regions – left or right) with the predicted ones based on the wrist motions captured by the wrist-wearable. Only when the user input sufficiently correlates with the wrist motion data, the input is considered legitimate. We build a prototype implementation of IvoriWatch on an Android smartwatch as the wrist-wearable and a desktop PC terminal as a host machine, and evaluate it under benign and adversarial settings. Our results suggest that IvoriWatch can correctly detect the legitimacy of the input in the benign setting, and the manipulated as well as unintended input from a malicious program in the adversarial settings with minimal errors. Although IvoriWatch uses wrist movements for integrity verification, it is not a biometric scheme.