Secret from Muscle: Enabling Secure Paring with Electromyography Lin Yang, Wei Wang, Qian Zhang Hong Kong University of Science & Technology Good morning, everyone. Today it is my honor to be here to present our work, secret from muscle…. This is a joint work with my colleagues Wei Wang and supervisor Qian Zhang at HKUST.

Rise of Wearable Devices Nowadays, we have witnessed the rise of wearable devices. They have penetrated into every part of our life and enable many promising apps. buy stuff via mobile payment, record physical training/daily activity with smart watch, or monitor our health states. Mobile Payment Physical Training Daily Activity Healthcare

Pairing is Everywhere Private, high-sensitive data Mobile Payment Among these applications, pairing btw devices is an essential part. Since the data involved is private and highly-sensitive, it also poses some import security issues. E.g., under the scenario of mobile payment, before we transmit our credit card information to the POS machine, we want to make sure the communication link btw them is secure. Also, similar requirement is imposed when we upload our physical healthcare data from smart wristband to our phone or nearby laptop. So, how to create a secure pairing btw these devices becomes an import problem. Mobile Payment Data Sharing

Solutions & Threats Powerful Attacker Wireless Sound Pin code surveillance camera To solve this problem, there are many existing works. However, they either don’t fit well in the scenario of wearable devices or are vulnerable to some power attackers. Pin code: no convenient input method wireless channel reciprocity: share nature  threated by predictable channel attacks. Ambient environment-based solutions: can be sensed by nearby eavesdropper, active attacker manipulate the context. Human movement: gait. Are exposed to the camera-based attack. Vibration Motion

EMG-KEY for Secure Pairing EMG-KEY is a system that securely pairs wearable devices by exploiting the electromyogram (EMG) variations as random source to generate cryptographic key. EMG = electrical activity caused by muscle contraction. Random variation. Bio-diversity over subjects and time. Physical contact in close proximity. To provide a better security, we propose EMG-KEY, which is a… EMG is the electric activity…it has several promising characteristics.

Towards Better Security Simple gesture, easy to use Hard to eavesdrop Robust to camera-based attack An example application of EMG-KEY is the mobile payment. Your smart watch knows your credit card number and security code and you want to transmit these information to the POS machine confidentially. To do this, you only need to put your arm on the POS machine and clenching your fist for 3 seconds. There are several advantages of our system. Low-cost EMG sensor and a simple gesture: clenching of fist… Robust to eavesdropper/copy attacker Dynamic key over time Target at high-security scenarios, such mobile payment, transmission of sensitive data. Dynamic Key over time Low cost EMG sensor

EMG as Random Source To build such system, there are several challenges. The very first one is that is the randomness of EMG sufficient enough for a secret key?

Generation of Muscle Contraction Surface EMG skin + - Neuron 1 Electrodes Muscle fibers Neuron 2 End-plates Spinal cord Motor unit 1 Motor Unit 2 … Muscle fiber action potential Nerve Firing excitation Muscle To answer this question, we need some medical background. Our body consists of many muscles. As shown in this figure, those muscles comprise dozens of muscle fibers. Each muscle fiber is innervated by a motor neuron and their contact region is termed the end-plates. The motor neuron and the set of muscle fiber it innervates forms the basic functional unit of EMG, which is called the motor unit. E.g., in this figure, there are two motor units. So, how is EMG generated exactly? When we want to perform some movements, like clenching of fist, our neuron will fire an electrical excitation to the muscle fibers. This excitation, through a collection of complex bio-chemical reactions, will cause a local depolarization and initiates a muscle fiber action potential. Such action potentials will interact with each other and propagate along muscle fiber. Eventually, this electrical activity can be captured by the electrodes on the skin and that is so-called surface EMG. Muscle fibers End plates

EMG Modeling 𝑬𝑴𝑮 𝒕 = 𝒒=𝟏 𝑸 𝑹 𝒒 𝒕 ∗ 𝒎=𝟏 𝑴 𝒒 𝜹 𝒕− 𝝉 𝒎 ∗𝒑 𝒕 ∗𝒆(𝒕) Neuron [1] R. Merletti and P. A. Parker. Electromyography: physiology, engineering, and non-invasive applications, John Wiley&Sons, 2004 [2] S. R. Devasahayam. Signal processing and physiological systems modeling. Springer Science & Business Media, 2012. EMG Modeling Firing pattern of neuron is quasi-random [1]. motor unit is independent [2]. 𝑅 𝑡 = 𝑞=1 𝑄 𝑅 𝑞 (𝑡) Propagation velocity depends on muscle states 𝑝 𝑡 =𝐴𝑢𝑡 2−𝑢𝑡 𝑒 −𝑢𝑡 𝑬𝑴𝑮 𝒕 = 𝒒=𝟏 𝑸 𝑹 𝒒 𝒕 ∗ 𝒎=𝟏 𝑴 𝒒 𝜹 𝒕− 𝝉 𝒎 ∗𝒑 𝒕 ∗𝒆(𝒕) Neuron Firing End-plates Muscle fiber action potential Electrodes EMG In general, there are 4 parts involved in this process. The first one the firing pattern of neurons. According to medical research, it is quasi-random process. i.e., the average firing rate increases with force requirement, but the occurrence of excitation is random in nature. Besides, each motor unit is independent and its firing pattern shows no correlation with the others. When the excitation arrives at the end-plates, it will initiate the muscle fiber action potential. However, since geospatial locations of end-plates are different, there will be a time delay in their propagation. This can be formulated by the convolution of a delta function. In addition, the propagation velocity of muscle action potential is determined by the muscle state, which can be modeled by p(t) Last, the hardware will introduce some signal distortion and its transfer function is e(t). Combine all these factors together, we can have the modeling of EMG signal. It is the convolution of all factors over all motor units involved in this process, which leads us to this equation. End-plate distribution introduce delays in the propagation of action potentials. 𝐷 𝑡 = 𝑚=1 𝑀 𝛿(𝑡− 𝜏 𝑚 ) Hardware imperfection function introduces distortions 𝑒(𝑡)

EMG as Random Source 𝑬𝑴𝑮 𝒕 = 𝒒=𝟏 𝑸 𝑹 𝒒 𝒕 ∗ 𝒎=𝟏 𝑴 𝒒 𝜹 𝒕− 𝝉 𝒎 ∗𝒑 𝒕 ∗𝒆(𝒕) The number of recruited motor unit is determined by force, which varies under same gesture. The stochastic nature of firing pattern guarantees the randomness. The user diversity in the end-plate distribution, conduction velocity, and muscle fatigue level, introduces additional discrepancies. EMG is subtle and can only be sensed with physical contact in proximity. Based on this model, we can make several observations:

Experimental Feasibility Arduino UNO + Olimex EMG sensor Clench fist 3 times for both user & attacker. To further validate these observations, we build a prototype with Arduino… We recruited 10 volunteers, 9 of them act as legitimate users, while the reset one is attacker. For both user and attacker, we ask them to perform a clenching of fist for 3 times. This is an example signal. First, we notice 1. Different EMG among 3 clenching 2. High correlation btw legitimate devices, but also some discrepancies. 3. Amplitude is different btw legitimate & attacker. 4. The small-scale variation is different  random nature of firing pattern. All of these suggest EMG can be used as an random source to generate secret key.

System Design Now, we are ready to talk our system design.

System Overview How to generate secret bits? How to alleviate discrepancies? Secret key 00110010… 00110010… EMG Sensor raw EMG rectified signal secret bits 𝛿 Our system consists of 4 parts: data collecting, pre-processing… There are two challenges. The first one is how to generate the secret bits. The next is how to alleviate discrepancies caused by practical issues, like hardware imperfection. 01100010… 00110010… EMG Sensor Legitimate device Pre-processing Shape Coding Reconciliation

Preprocessing Rectification High-pass filter ≥15𝐻𝑧 notch filter @50𝐻𝑧 Motion/friction noise ≤15𝐻𝑧. Arm muscle frequency ≥20𝐻𝑧. Root-mean square to magnify the firing pattern. Rectification 𝑆 𝑡 = 1 𝑇 𝑡−𝑇 𝑇 𝑥 2 𝜏 𝑑𝜏 High-pass filter ≥15𝐻𝑧 notch filter @50𝐻𝑧 Raw EMG Rectified EMG Before the Power line interference @50 𝑜𝑟 60𝐻𝑧.

How to generate secret bits? 𝐵𝑖𝑡 𝑟𝑎𝑡𝑒= 1 w log 2 3 Rectified EMG Segmentation Shape templates Shape matching Codes window size = 𝑤 3 basic shapes: rise/stay/drop 2-bit encoding for each segment Raw EMG Rectified EMG Shapes of segment

Imperfection in Secret Bits Imperfection of hardware Legitimate device a 𝑘 𝑎 =00110010… 𝑘 𝑎 𝛿 Matched! raw EMG rectified signal secret bits Legitimate device b 𝑘 𝑏 =01100010… 𝑘 𝑏 ′ Propagation distortion btw devices

Reconciliation Error correction code 𝐶(𝑛, 𝑘, 𝑟): 𝑛→𝑘, 𝑟−𝑏𝑖𝑡 𝑒𝑟𝑟𝑜𝑟𝑠 Encryption =𝑓 ⋅ , decryption=𝑔(⋅) 𝑤 = Code word of 𝑘 𝑎 =𝑓(𝑔( 𝑘 𝑎 )) If 𝑑≤𝑟, then 𝑘 𝑏 ⊕𝛿 is in the correction range of 𝑓 𝑔 𝑘 𝑎 . 𝑤=𝑓 𝑔 𝑘 𝑎 𝑘 𝑎 𝑟 𝛿 𝑑 𝑘 𝑏 ⊕𝛿 𝑘 𝑏

Imperfection in Secret Bits Error Correction Code 𝐶 𝑛, 𝑘, 𝑟 𝑓(⋅) = encoding, 𝑔(⋅)= decoding Imperfection of hardware Legitimate device a 𝑘 𝑎 =00110010… 𝑘 𝑎 𝛿= 𝑘 𝑎 ⊕𝑓(𝑔( 𝑘 𝑎 )) Matched! raw EMG rectified signal secret bits Legitimate device b 𝑘 𝑏 =01100010… 𝑘 𝑏 ′ =𝛿⊕𝑓(𝑔 𝑘 𝑏 ⊕𝛿 ) Propagation distortion btw devices Information leakage = n-k, Available bit rate = bit rate * k/n

Evaluation

Experiment Setup Prototype wristband = Arduino UNO board + Olimex EMG sensors 10 Volunteers (7 males, 3 females) 9 users + 1 attacker(eavesdropper, copy attacker) Key Generation Security Level Bit generation rate Entropy Bit mismatching rate P-value of randomness Mutual information

Bit Generation Rate 𝐵𝑖𝑡 𝑟𝑎𝑡𝑒=10.57∗ 12 23 ≈5.51𝑏𝑝𝑠 𝐵𝑖𝑡 𝑟𝑎𝑡 𝑒 ∗ = 1 0.15 ∗ log 2 3≈10.57𝑏𝑝𝑠

Randomness of Secret key Standard randomness test from NIST P-value ≥0.01 Test P-value Frequency 0.162606 Block frequency 0.437274 Approximate Entropy 0.637119 Runs Longest Runs 0.025193 Cumulative Sun Serial 0.275709

Simple gesture is sufficient Confounding Factors Secure Distance Gesture Complexity Secure distance ≤4 cm Simple gesture is sufficient

Threat Model No prior knowledge btw A & B. Attacker No prior knowledge btw A & B. Simple & easy to copy gesture Attacker can observe & copy user’s gesture Get the packets over unencrypted link (𝛿) Every details of our pairing system. Copy attack Record user’s gesture with camera. Capture all the packets over wireless channel. Posterior analysis via imitating the gesture User Device B Device A Device E

Information Leakage Mutual info. 1.158 bits 0.290 bits 0.274 bits

Overall performance of Copy Attacker 𝐵𝑖𝑡 𝑚𝑖𝑠𝑚𝑎𝑡𝑐ℎ𝑖𝑛𝑔 𝑟𝑎𝑡 𝑒 𝑢𝑠𝑒𝑟 =8.92∗ 10 −3 𝐵𝑖𝑡 𝑚𝑖𝑠𝑚𝑎𝑡𝑐ℎ𝑖𝑛𝑔 𝑟𝑎𝑡 𝑒 𝑎𝑡𝑡𝑎𝑐𝑘𝑒𝑟 =0.298 For a 6-digit PIN code: 𝑃𝑟𝑜𝑏 𝑢𝑠𝑒𝑟 = 1−0.00892 6∗log 2 10 ≈83.64% 𝑃𝑟𝑜𝑏 𝑎𝑡𝑡𝑎𝑐𝑘𝑒𝑟 = 1−0.298 6∗log 2 10 ≈0.09%

Conclusion Contribution EMG-KEY is a system that securely pairs wearable devices by exploiting the electromyogram variations as random source to generate cryptographic key. Contribution First to explore the EMG to enable secure pairing. Random & dynamic secret key. Robust to strong attacks

Thank You! Lin Yang, Wei Wang, Qian Zhang Hong Kong University of Science & Technology

Extensibility of Reconciliation

Placement of Electrodes