Toothboard - your teeth is a keyboard & your skull is a secure enclave!

In Athecrypt 2021, we presented our side-project at Facebook research dealing with novel authentication schemes, mainly to evaluate options that could fill the gap between passwords and biometrics. As some of you know already, before entering the blockchain space, I had spent almost a year exploring graphical passwords, including defenses against shoulder surfing (spies tracking you while typing passwords or PINs), identifying passcode patterns, and key exchange attacks. Indeed, extensions of my 15y old work are now patented by various prestigious firms and these days we draw secrets for mobile login.

Toothboard: Almost 3 years ago, during a lunch break at our Facebook (now Meta) campus with my colleagues Sam and Evan, we had fun discussing a concept idea that could allow for secure communication using our tongue as a "finger" (mouse or joystick) and our teeth or upper part of the mouth as a keyboard and mousepad, respectively. The idea is not new, there exist both professional and amateur solutions,?and most of the serious attempts are focusing on communication tools for disabled people.

Skull + Jaws -> a natural secure enclave! So this is where security research joins the game, our skull offers a physical protection to side channel adversaries. What if we use this for private communication and entering passwords securely? It looks like humans are equipped with a natural secure enclave, our embedded-SGX.

Honestly, I tried to figure out if there are other ways to physically hide "typing" actions; we know that our tongue has many degrees of freedom, but how do you receive signals? Do we have other muscles (in toes, jaws, legs, arms, neck etc) that can be useful?

Morse shoes: Toes were indeed in my radar as well, what if our future pair of shoes were equipped with a simple Morse code keyboard? I should talk to Nike and Adidas one day. I would personally buy that stuff if existed, even after our early experiments have shown signs of obvious foot-trembling when you try to "type" fast with your toes, hm... this might be detectable from cameras under certain circumstances. In any case, more research is required in this space. For the time being, let's focus on our toy project "Toothboard", one step at a time.

Teeth, tongue or mouth? I won't lie, my original assumption was that we can just map each tooth to a letter in the alphabet, but I got discouraged (however, I'll soon post our teeth-alphabet mapping). Yes, you are equipped with a full keyboard as most adults should have 32 teeth, which are more than enough for texting. But teeth structures vary per person: some teeth might not be easily accessible by your tongue and more importantly, building IoT sensors for every tooth won't be an enjoyable experience, unless we customize it per individual. On the other hand, the upper part of our mouth, called hard palate, can be used as a mousepad. Yes, try to touch your laptop's mousepad with your tongue, saliva won't affect your ability to move the cursor, believe me... it works. In theory, both tooth-touching and palate-pad are feasible, and thus this is leading to a hands free experience... in gaming! Hey Oculus team, wanna hear more?

But, how to receive messages? Ideally, we would like to secretly receive signals (responses) as well, right? Thus, apart from requiring some tiny bluetooth or WiFi IoT device attached to our mouth, we had to use some "pulse" alphabet that could be easily parsed and decoded. When I was a kid, I had the bad habit to "taste" 9V batteries; if you've done it as well you can probably remember how it feels to sense the current. In Layman terms, our saliva allows a slight amount of current to flow and the nerves in our sensitive taste buds can capture it. So, imagine a left-right Morse code sensation or even an alphabet with 3 or 4 symbols.

Speed: Well it needs training \_(ツ)_/, but might have interesting use-cases for short messages. We've tested typing with teeth and toes against regular reading, writing, keyboard typing, even Morse code communication.

Collaboration and research: I don't have a working device yet, but started visiting dentists and other scientists, who knows... I might eventually have a permanent Toothboard implant just for fun, evaluating this as well (it will be my tattoo). Imagine giving a TEDx talk with this device without even opening your mouth. Please do not use Toothboard for cheating purposes, there was a comment from collaborators and engineers that every invention can have good and bad applications; and a bad application would be cheating in poker or similar malicious behavior.

You can still do your own research and publish good relevant ideas or invent the future hands free controller and magic shoes. The community still lacks results about Shannon / guessing entropy for this type of authentication. Moreover, we a) need good fuzzy extractors and error correction for Toothboard mistypes b) should design a tiny IoT device that won't be so inconvenient and c) implement tiny password slow-hashing circuits, PAKE, TLS, keyboard shuffling. Finally, we should test it against expression pattern recognition ML systems to ensure it's secure enough against camera recording leaks.