@article{islamCrossModalityContinuousUser2023, title = {Cross-{{Modality Continuous User Authentication}} and {{Device Pairing With Respiratory Patterns}}}, author = {Islam, Shekh Md Mahmudul and Zheng, Yao and Pan, Yanjun and Millan, Marionne and Chang, Willy and Li, Ming and Borić-Lubecke, Olga and Lubecke, Victor and Sun, Wenhai}, date = {2023-08-15}, journaltitle = {IEEE Internet of Things Journal}, volume = {10}, number = {16}, pages = {14197--14211}, doi = {10.1109/JIOT.2023.3275099}, url = {https://gustybear-websites.s3.us-west-2.amazonaws.com/publication-islam-cross-modality-continuous-user-2023/Islam+et+al_2023_Cross-Modality+Continuous+User+Authentication+and+Device+Pairing+With.pdf}, abstract = {At-home screening systems for obstructive sleep apnea (OSA) can bring convenience to remote chronic disease management. However, the unsupervised home environment is subject to cheating from a non-compliant user, either by using another person to substitute for the test or manipulating the data communication during the test, which lowers the credibility of at-home OSA screening. To improve trustworthiness, this work presents SIENNA, an insider-resistant breathing-based authentication/pairing protocol. SIENNA leverages the uniqueness of breathing patterns to automatically authenticate a user and pairs two main components of an OSA kit, e.g., a mobile OSA app and a physiological monitoring radar system (PRMS). SIENNA does not require biometric enrollment and instead transforms the respiratory belt measurements taken during the user's routine physical checkup into breathing biometrics comparable with the PRMS readings. Furthermore, it can operate within a noisy multi-target home environment and is secure against a co-located attacker through the usage of JADE-ICA, fuzzy commitment, and friendly jamming. We fully implemented SIENNA and evaluated its performance with medium-scale trials. Results show that SIENNA can achieve reliable ({$>$} 90\textbackslash\% success rate) user authentication and secure device pairing in a noisy environment against an attacker with full knowledge of the authorized user's breathing biometrics.}, keywords = {journal} }