WatchID: Wearable Device Authentication via Reprogrammable Vibration

Prevalent wearables (e.g., smartwatches and activity trackers) demand high secure measures to protect users' private information, such as personal contacts, bank accounts, etc. While existing two-factor authentication methods can enhance traditional user authentication, they are not convenient as they require participations from users. Recently, manufacturing imperfections in hardware devices (e.g., accelerometers and WiFi interface) have been utilized for low-effort two-factor authentications. However, these methods rely on fixed device credentials that would require users to replace their devices once the device credentials are stolen. In this work, we develop a novel device authentication system, WatchID, that can identify a user's wearable using its vibration-based device credentials. Our system exploits readily available vibration motors and accelerometers in wearables to establish a vibration communication channel to capture wearables' unique vibration characteristics. Compared to existing methods, our vibration-based device credentials are reprogrammable and easy to use. We develop a series of data processing methods to mitigate the impact of noises and body movements. A lightweight convolutional neural network is developed for feature extraction and device authentication. Extensive experimental results using five smartwatches show that WatchID can achieve an average precision and recall of 98% and 94% respectively in various attacking scenarios.