The SPiSE project aims to increase the security of contactless payments undertaken through NFC-enabled smartphones and smartwatches, as well as to improve the security of financial transactions originating from smart homes.
In recent years, the frequency of contactless payments and payments triggered by smart home devices has grown rapidly. These transactions are made not only through contactless credit/debit cards, but also increasingly through NFC-enabled smartphones and smartwatches (i.e. mobile wallets). In addition to payments, the NFC capability of mobile devices is used to a growing extent to control access to buildings and sensitive data (such as patient records in hospitals). Despite the increasing importance of mobile and IoT devices in security contexts, for example, financial transactions, building access and data protection, they have very little built in security. This is predominantly because friction, such as requiring a PIN, is undesirable, and IoT devices offer few interfaces suitable for authentication. Any attempt at securing these systems must have a realistic path to deployment and avoid modifications to existing hardware for wide-scale adoption. In addition, it should require as little action from users as possible during setup and use.
The team uses data from sensors that are already common in IoT and mobile devices, in conjunction with machine learning techniques. This is based on the rationale that any physical event (such as using a smartwatch to make a payment) carries a faint physical signature that is reflected in sensor readings. Using these signatures, the team can verify the occurrence of the physical event and confirm the identity of the user.