Close
0%
0%

Project Cerberus: Dead Man's Smartwatch

Smart watch with NFC, BTLE, motion and biometric sensors to act as an authentication device with a "dead man's switch".

Similar projects worth following
Ideally based around something like Nordic's nRF52 Cortex M4F+BTLE SoC, this smart watch would be a simple standalone device (that could also function with a smartphone or a computer with BT) for security purposes. It would store cryptographic keys on board (using the SoCs security features), and communicate via BTLE or NFC to devices to pass on generated tokens (modern laptops are starting to come with NFC equipped in the palm rests).

The biggest feature? If the watch is removed without disabling security, and it ceases to see a pulse, it wipes the keys.

In addition, with traditional smart watch features, as well as pulse sensing (whether through electrical or optical sensing), this would be a straight forwards smart watch with typical functions (you could tell the time! what novelty in something you wear on your wrist). Throw in something like Sharp's Memory Display, and the low power modes on the processor, the watch should have days and days of battery life.

So, what's the point of this project?

Security.

Two factor authentication is important, but having it all through your phone is putting all your eggs in one basket. If your phone is compromised, welp, there goes that second factor.

This "Dead Man's Watch", for lack of a better project name (I'm always open to better names), keeps your keys in a form factor that is ALWAYS on your person (which I will admit will make it a little awkward for recharging, I'm thinking a wrist-strap-based inductive charger) and tied to your bio-metric signals. The device loses those? It's not on you anymore. If you lose possession of the device, time to wipe the keys. Definitely not for everyone (but then, not everyone cares about security quite this much).

The concept this is based on: https://en.wikipedia.org/wiki/Dead_man's_switch

license.txt

License for the project.

plain - 212.00 bytes - 05/29/2016 at 23:59

Download

concept.txt

The concept behind the project, and the problem it's meant to solve.

plain - 3.17 kB - 04/25/2016 at 02:55

Download

  • Pivot time.

    MicroHex06/06/2016 at 18:24 0 comments

    Welp, no challenge round funding (and the other challenge rounds aren't relevant) no way for a broke student to finish this project. That really puts a damper on enthusiasm when I know I can't implement key features to the design, given prototyping requirements.

    Guess I'll pivot to some sort of active authentication dongle with similar technologies. Only way to really salvage the project now.

  • Resource allocation

    MicroHex05/30/2016 at 00:05 0 comments

    It's been a busy, busy month. Turns out full-time post-secondary schooling, as well as 15 to 20 hours a week of paid work (to pay for school, and projects) doesn't leave all that much time and energy for projects and other productive tasks. That being said, I've managed to poke at my project somewhat, as I do have a couple modules (close enough in function to what I'd want to use) to get started at getting some base functionality in.

    This project does need a lot more development, but it's a little difficult to fit all in since the start of the competition. This project was an idea I had had late last year, but didn't have time to get started on until the competition had started. It can be hard to compete against other projects that already have a year or more of time put into them...

    Unfortunately, as far as challenge rounds go, only the first two are relevant to this project, so it'd be very hard to compete in any of the later challenge rounds without massive rework of the concept.

  • Finally named

    MicroHex04/24/2016 at 23:51 0 comments

    This project started out as a concept: "Deadman's Smartwatch". This is actually a decent project tagline, but not a very good project name, and as such, may I now announce...

    --- Project Cerberus ---

    Taken from Greek mythology, I chose "Cerberus" as a name because this device acts as a biometric watchdog. Not like the name hasn't been used for security, surveillance, and monitoring devices before!

  • Tools make life easier

    MicroHex04/18/2016 at 21:09 0 comments

    Thanks to Nordic and their social media outreach programs, I won one of the official dev boards (for the nRF52, my target platform). They even bundled a few sample chips. This will make my project much easier (and something to test on while waiting on PCBs and the like).

    In the first iteration, I'm still planning on including the mbed HDK which includes the CMSIS-DAP debugger (including drag and drop programming), as well as making a small board to do that during the second iteration (when it's actually a watch form factor device). After all, I'm planning a small beta test, and the testers will need to be able to update the devices in case of bricking, or firmware fixes.

  • Another implementation

    MicroHex03/22/2016 at 00:41 0 comments

    As a tangent to the current project, it was suggested I could drop the biometric sensors (perhaps integrate a fingerprint reader somehow), and making a 2 factor authentication fob/dongle device. It'd be a fairly straight forwards fork, so perhaps in between iterations 2 and 3, if funding prevents me from proceeding on the full 3rd iteration of the watch.

  • Alternative use

    MicroHex03/15/2016 at 17:09 0 comments

    Of course, if having the watch come off invalidate your keys seems like a frightening concept, it's just a matter of software that would make this project a more generic smart watch as well. But hey, that's less fun (but it's not a huge step).

  • Game plan

    MicroHex03/14/2016 at 16:28 0 comments

    Right, since I ran out of room in the description, here's the plan. It consists of three stages.

    1) Spread out development board with integrated debugger and power measurement. This is already underway in the design stage.

    2) Smart watch sized unit, likely a 4 layer PCB, using the QFN package. Custom printed case, not going to be super polished or water proof.

    3) Funds permitting, custom milled/SLS printed case and inserts, high layer count PCB (6 most likely) to minimize size, usage of lots of chip-scale packages (the MCU is QFN only for now, but Nordic is planning on releasing the CSP variant later in the year). If the project goes well, I'll request engineering samples for the MCU in order to be done in time for the contest closing in October.

View all 7 project logs

Enjoy this project?

Share

Discussions

Martin wrote 05/04/2017 at 12:26 point

I take my wristwatch off when I go to sleep. When I understand the description, it would wipe all the keys in this case. How is this intended?

  Are you sure? yes | no

Matt Mills wrote 04/12/2016 at 23:57 point

So, I've done some work in this area (nRF based smartwatch, at least) and you might be able to use my design as a jumping off point. https://github.com/mattmills/ourglass 

  Are you sure? yes | no

Marek Novák wrote 03/20/2016 at 09:15 point

Interesting concept but isn't it just easier to create a conductive path between the two parts of watch strap? The watches cannot be normally put over your hand without releasing the band. Much more reliable, even ankle monitors for criminals use this.

The photoplethysmograph signal is easily fakeable using a single photodiode which senses the incoming light intensity from the watch. Then, it would be possible to put this photodiode together with precisely current driven LED between the skin of the person and the sensing circuitry to fake the pulse. Professional SPO2 probe calibrating machines are doing exactly the same thing - faking the response from tissue by generating exact light response the tissue would create (that "pulses").

On the other hand, by simply sensing the conductivity of the wristband, when you can sense disconnections as short as tens of nanoseconds, you could achieve better security. You can also sense the resistance and inductance of the wristband to sense if somebody is not trying to manipulate with the watch strap somehow (i.e. bridging it with a piece of wire to be able to put it off)

  Are you sure? yes | no

MicroHex wrote 03/21/2016 at 00:30 point

If I were just relying on the PPG, sure. I had the thought of the contact closure, and if I can get to a flex PCB stage in the watch strap, I'll have that. I'd also be integrating a small ECG-type circuit.

No one method is fool proof, but multiple methods is definitely harder to spoof all at once.

  Are you sure? yes | no

David Perrenoud wrote 03/17/2016 at 09:03 point

I am sorry but someone already made it:

http://community.arduboy.com/t/i-made-a-thing-with-arduino/907?u=davidperrenoud

Just kidding, good luck for the prize! ;)

  Are you sure? yes | no

PointyOintment wrote 03/15/2016 at 03:51 point

You might have a hard time getting pulse detection to be reliable enough for this. I have a Moto 360 (1st gen) and it's set to lock the screen when I remove it from my wrist. Sometimes (about twice a week) it locks while it's still on my wrist, and sometimes (about thrice to frice* a week) it fails to lock even when I take it off my wrist and leave it on the charging dock overnight.

I assume it uses its pulse sensor (which might be one of those ones that doubles as a simple proximity sensor) to detect removal from my wrist, because I can't think of any other sensor it has that it could use for that. I've noticed a green LED on the underside that glows occasionally, presumably when it's checking my pulse, and that's not very frequent (every few minutes at best, though I'm not sure).

You could probably get much better reliability by having the pulse sensor on more frequently or continuously, but that would drain the battery a lot faster (though I'm not sure how fast). For your purpose, it would have to be off for no more than a second at a time, I'd think, because a watch can be quickly swapped onto an attacker's wrist, so it would have to be effectively continuous.

*an actual word according Wiktionary, and considered valid by Chrome's spelling checker

  Are you sure? yes | no

snake words wrote 03/14/2016 at 19:44 point

can we have an option to delete browser history upon death?

  Are you sure? yes | no

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates