MagSign: Harnessing Dynamic Magnetism for User Authentication on IoT Devices

Abstract

User authentication is a critical module to achieve security and privacy protections, especially for pervasive Internet of Things (IoT) deployments. However, existing methods on IoT devices are significantly short of <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">implementability</i> thanks to the lack of device uniformity and protocol openness. For instance, password becomes useless for devices void of text entry interfaces. Biometrics may not scale well as they require both non-trivial sensors and cumbersome user involvement. Proximity-based methods exploiting shared ambient contexts are vulnerable to co-located malicious attacks. Therefore, a low-cost authentication scheme widely implementable on heterogeneous IoT devices is urgently demanded. To this end, we propose <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">MagSign</i> that leverages two fundamental capabilities owned by common IoT devices: the ubiquity of magnetic induction sensors and the power of screens to change magnetic field. Essentially, MagSign controls screen contents of an authorized device (possessed by a user) to generate specific currents in its electronic components that in turn induce a magnetic signature. This signature, sensed by a nearby device, allows the user to be authenticated and hence to unlock that device. In designing MagSign, we explore critical parameters employable to magnetic signature generation by analyzing electronic components' workflow. Moreover, we innovatively encode binary sequences into magnetic intensity transitions, so that a sequence issued from a trusted server can be converted into a magnetic signature. Different from existing proximity-based approaches relying on shared static environment information, magnetic signature is directly derived from a server-issued sequence, allowing for dynamic signature generation that effectively thwarts potential attacks. The comprehensive experiments show MagSign has a false acceptance rate (FAR) of 0.38% and a false rejection rate (FRR) of 3.13%.