Researchers develop secure method for sending sensitive personal data from wearable tech

April 29, 2019 by Molly Callahan, Northeastern University
Researchers Stella Banou, Kaushik R. Chowdhury, and William J. Tomlinson created a model of a human arm, wrist, and hand made of synthetic bone, muscle, and skin to test their technique for sending data through the body. Their method, which treats the body like a wire, is a secure way to send sensitive personal information. Credit: Adam Glanzman/Northeastern University

Smart watches. Pacemakers. Internet-connected glasses. These are devices designed to make life easier. And yet, all this wearable technology can be hacked. The devices send personal health information to your smartphone over the airways, so anyone with the know-how could scoop it up and steal it. But now, researchers at Northeastern have a better, more secure idea: Send data through your body.

Associate professor Kaushik Chowdhury worked with a team of researchers from the Draper Laboratory in Cambridge, Massachusetts, and the Federal University of Paraná in Brazil to develop a safe, hacker-proof method to transmit sensitive data.

"The truth is, no matter what I do when it comes to wireless devices, I'm radiating the signal through the air," Chowdhury says. "There is the danger that the signal can be jammed, or analyzed by someone else. Our method secures this so it can't be leaked."

Imagine a person with a pacemaker. That person relies on the pacemaker to keep her heart beating regularly, and occasionally that person sends about the device's battery life and use history to specialists who check to ensure that it's working properly. That information is sent wirelessly, through , to an application on the user's cell phone, where it's sent (again through radio waves) to the specialist.

Now imagine a malicious hacker is like a dog, sniffing the air for signs of your personal information. When the signals are sent through the airways via radio waves, it's possible to sniff them out, says William J. Tomlinson, who earned his doctorate at Northeastern and is currently a senior member of technical staff at Draper. And, having sniffed out your information, a hacker could jam the pacemaker to prevent it from doing its lifesaving work, or attack it so that it runs more than necessary, draining the battery.

But if the person with the pacemaker were to send information by wrapping a hand around a receiver, there's no opportunity for a hacker to sniff it out.

"We're essentially treating the body like a wire," Tomlinson says.

The method uses a technique called galvanic coupling to pack information into weak electrical currents and then inject those currents into the body. In the case of a fitness watch, the signal travels from your watch through your arm, then your wrist, then your hand, and then it's only through direct contact with a specialized receiver that the information can be sent to another device.

Human bodies already contain electricity. It's how the nervous system sends signals to a hand to close around a door handle, for example, and how our hearts know to speed up when we're exercising.

Chowdhury, Tomlinson, and their colleagues have proposed to take advantage of the body's electrical communications system to send new information as well.

Their technique is still in the early stages of development, but here's how it would work.

Instead of your fitness watch or pacemaker sending information about your GPS location and heart rate to your smart phone through radio waves (where it could be intercepted along the way), your watch would send that information through your arm. A physical receiver on your phone would be equipped to accept the information by touch.

Stella Banou, a PhD candidate at Northeastern; Kaushik R. Chowdhury, an associate professor of electrical and computer engineering at Northeastern; and William J. Tomlinson, a senior member of technical staff at the Draper Laboratory, took advantage of the human body’s existing electrical system to make the body “the medium of communication” for sensitive personal data. Credit: Adam Glanzman/Northeastern University

"Our body becomes the medium of communication," says Stella Banou, a doctoral candidate at Northeastern who worked on the project.

As with a wire that transmits information from the two points it connects, "there can only be communication wherever the body touches," Banou says.

The method could pave the way for communication that's so far been relegated to science fiction: "At some point," Banou says, "we could even exchange information through a handshake."

As with all scientific innovation, so much of the work Banou, Tomlinson, Chowdhury, and their team have done is behind the scenes but just as important.

In order to come up with this technique, the researchers had to understand how electricity flows through the body. Cursory electrical maps of the body already existed, but they weren't detailed enough for the team to rely upon.

Tomlinson compared these existing body maps to the maps used by cell phone companies.

Those companies, he says, need to understand the best way to send a signal from point A to point B under normal circumstances, as well as under extreme circumstances. A cell phone map of Boston, for example, would include its tall, signal-blocking buildings and the crowded airspace at a packed Fenway, when thousands of people are all using their phones at the same time.

"What we had was a traffic map of a city," Tomlinson says. "What we made was a map of the city where there are tall buildings, where a baseball game was going on."

The researchers also needed to pinpoint which electrical frequencies the body already uses to communicate within itself, so they wouldn't interrupt existing communication channels.

All of this mapping, they say, will help other scientists interested in studying biomechanics.

Once they'd developed body maps and studied human electrical frequencies, the team tested all of this on a model of a human arm, wrist, and hand made of synthetic bone, muscle, and skin. It worked.

And, as more and more wearable, internet-connected devices hit the market, it's clear that we'll need to find better ways to protect our personal data, Banou says. One way? Sending data through our bodies instead of the airways.

Provided by Northeastern University