KEHkey Combines Energy Harvesting with Cryptography for Continuous Key Generation, Authentication

Security researchers at the University of New South Wales, Duke University, and the City University of Hong Kong have unveiled a key generation and authentication system based on harvested kinetic energy for wearable body-area networks: KEHkey.

"For kinetic-powered body area networks, we explore the feasibility of converting energy harvesting patterns for device authentication and symmetric secret keys generation continuously," the team explains in the paper's abstract. "The intuition is that at any given time, multiple wearable devices harvest kinetic energy from the same user activity, such as walking, which allows them to independently observe a common secret energy harvesting pattern not accessible to outside devices. Such continuous KEH-based authentication and key generation is expected to be highly power efficient as it obviates the need to employ any extra sensors, such as accelerometer, to precisely track the walking patterns."

"Unfortunately, lack of precise activity tracking introduces bit mismatches between the independently generated keys, which makes KEH-based authentication and symmetric key generation a challenging problem. We propose KEHKey, a KEH-based authentication and key generation system that employs a compressive sensing-based information reconciliation protocol for wearable devices to effectively correct any mismatches in generated keys."

To prove the concept, the team developed a prototype wearable KEHkey implementation based around Texas Instruments SensorTegs and PPA 1001 piezoelectric cantilever energy harvesters from MIDE Technology with weights added to reduce their resonant frequencies to match human activity. Data from the piezoelectric cantilever were sampled using the SensorTag's on-board analog-to-digital converter (ADC), and combined with data from the on-board accelerometer.

In testing, though, the team found a problem: The KEH system resulted in a higher rate of key disagreement between participants. The solution: a compressive-sensing information reconciliation system, which boosted agreement rates from 72.34 percent to 100 percent when compared to traditional reconciliation based on error correcting code (ECC).

"Our results have also confirmed that KEHKey is highly resilient against common attacks, including the video side channel attack, which is known to be effective for accelerometer-based key generation," the researchers note. "Finally, our power-profiling experiments have confirmed that KEHKey can potentially reduce energy consumption by 59 percent compared to the accelerometer-based approach, which makes it a suitable solution for continuous authentication and key generation in BAN."

The full KEHkey paper has been published under open-access terms as part of the ACM International Joint Conference on Pervasive and Ubiquitous Computing 2020 (UbiComp '20).