Researchers have developed a fashionable bracelet that could continuously authenticate users preventing snoops from accessing unattended machines.
It goes beyond existing continuous authentication mechanisms, the designers say, because it requires users to be active on their machines and not just nearby.
The Zero-Effort Bilateral Recurring Authentication (ZEBRA) bracelet contained a built-in accelerometer, gyroscope, and radio which fed information to the computer to determine if a user was nearby.
"When the user interacts with a computer terminal, the bracelet records the wrist movement, processes it, and sends it to the terminal," the quintet wrote in the paper ZEBRA: Zero-Effort Bilateral Recurring Authentication [pdf] describing the project.
"The terminal compares the wrist movement with the inputs it receives from the user (via keyboard and mouse), and confirms the continued presence of the user only if they correlate.
"Because the bracelet is on the same hand that provides inputs to the terminal, the accelerometer and gyroscope data and input events received by the terminal should correlate because their source is the same – the user’s hand movement."
Researchers Shrirang Mare; Andres Molina-Markham; Ronald Peterson, and David Kotz of Dartmouth College together with Intel's Cory Corneliusy developed the fashion mod to solve useability issues with account time-outs which were regarded as either too long or short.
They dubbed existing continual proximity authentication as insufficient because it could erroneously keep users logged in or boot them out if users with remote sensors were close by machines.
Those using biometrics [pdf] were dubbed as unreliable, while others could be foiled by irritated users who have been found to cover sensors with Styrofoam cups.
ZEBRA users tapping away on keyboards would be verified according to the expected movements with 85 percent accuracy, while adversaries or pranksters would be identified in 11 seconds, the authors said.
"We confirm the user's continued presence by observing what the user is doing from two different sources and comparing those observations; we call this bilateral authentication. This approach complements any method that may be used for initial authentication, such as a password, a token, or a fingerprint biometric."
ZEBRA could gallop onto mobile devices and even television remotes and game controllers providing new custom functionality and security, but there were issues relating to user movements and battery life. ®