Visible to the public Biblio

Filters: Keyword is Biomedical monitoring  [Clear All Filters]
Satam, Shalaka, Satam, Pratik, Hariri, Salim.  2020.  Multi-level Bluetooth Intrusion Detection System. 2020 IEEE/ACS 17th International Conference on Computer Systems and Applications (AICCSA). :1—8.
Large scale deployment of IoT devices has made Bluetooth Protocol (IEEE 802.15.1) the wireless protocol of choice for close-range communications. Devices such as keyboards, smartwatches, headphones, computer mouse, and various wearable connecting devices use Bluetooth network for communication. Moreover, Bluetooth networks are widely used in medical devices like heart monitors, blood glucose monitors, asthma inhalers, and pulse oximeters. Also, Bluetooth has replaced cables for wire-free equipment in a surgical environment. In hospitals, devices communicate with one another, sharing sensitive and critical information over Bluetooth scatter-networks. Thus, it is imperative to secure the Bluetooth networks against attacks like Man in the Middle attack (MITM), eavesdropping attacks, and Denial of Service (DoS) attacks. This paper presents a Multi-Level Bluetooth Intrusion Detection System (ML-BIDS) to detect malicious attacks against Bluetooth devices. In the ML-IDS framework, we perform continuous device identification and authorization in Bluetooth networks following the zero-trust principle [ref]. The ML-BIDS framework includes an anomaly-based intrusion detection system (ABIDS) to detect attacks on the Bluetooth protocol. The ABIDS tracks the normal behavior of the Bluetooth protocol by comparing it with the Bluetooth protocol state machine. Bluetooth frame flows consisting of Bluetooth frames received over 10 seconds are split into n-grams to track the current state of the protocol in the state machine. We evaluated the performance of several machine learning algorithms like C4.5, Adaboost, SVM, Naive Bayes, Jrip, and Bagging to classify normal Bluetooth protocol flows from abnormal Bluetooth protocol flows. The ABIDS detects attacks on Bluetooth protocols with a precision of up to 99.6% and recall up to 99.6%. The ML-BIDS framework also performs whitelisting of the devices on the Bluetooth network to prevent unauthorized devices from connecting to the network. ML-BIDS uses a combination of the Bluetooth Address, mac address, and IP address to uniquely identify a Bluetooth device connecting to the network, and hence ensuring only authorized devices can connect to the Bluetooth network.
Heydari, Vahid.  2020.  A New Security Framework for Remote Patient Monitoring Devices. 2020 International Symposium on Networks, Computers and Communications (ISNCC). :1—4.

Digital connectivity is fundamental to the health care system to deliver safe and effective care. However, insecure connectivity could be a major threat to patient safety and privacy (e.g., in August 2017, FDA recalled 465,000 pacemakers because of discovering security flaws). Although connecting a patient's pacemaker to the Internet has many advantages for monitoring the patient, this connectivity opens a new door for cyber-attackers to steal the patient data or even control the pacemaker or damage it. Therefore, patients are forced to choose between connectivity and security. This paper presents a framework for secure and private communications between wearable medical devices and patient monitoring systems. The primary objective of this research is twofold, first to identify and analyze the communication vulnerabilities, second, to develop a framework for combating unauthorized access to data through the compromising of computer security. Specifically, hiding targets from cyber-attackers could prevent our system from future cyber-attacks. This is the most effective way to stop cyber-attacks in their first step.

Narwal, Bhawna, Ojha, Arushi, Goel, Nimisha, Dhawan, Sudipti.  2020.  A Yoking-Proof Based Remote Authentication Scheme for Cloud-Aided Wearable Devices (YPACW). 2020 IEEE International Conference for Innovation in Technology (INOCON). :1—5.

The developments made in IoT applications have made wearable devices a popular choice for collecting user data to monitor this information and provide intelligent service support. Since wearable devices are continuously collecting and transporting a user's sensitive data over the network, there exist increased security challenges. Moreover, wearable devices lack the computation capabilities in comparison to traditional short-range communication devices. In this paper, authors propounded a Yoking Proof based remote Authentication scheme for Cloud-aided Wearable devices (YPACW) which takes PUF and cryptographic functions and joins them to achieve mutual authentication between the wearable devices and smartphone via a cloud server, by performing the simultaneous verification of these devices, using the established yoking-proofs. Relative to Liu et al.'s scheme, YPACW provides better results with the reduction of communication and processing cost significantly.

Wu, Xiaohe, Xu, Jianbo, Huang, Weihong, Jian, Wei.  2020.  A new mutual authentication and key agreement protocol in wireless body area network. 2020 IEEE International Conference on Smart Cloud (SmartCloud). :199—203.

Due to the mobility and openness of wireless body area networks (WBANs), the security of WBAN has been questioned by people. The patient's physiological information in WBAN is sensitive and confidential, which requires full consideration of user anonymity, untraceability, and data privacy protection in key agreement. Aiming at the shortcomings of Li et al.'s protocol in terms of anonymity and session unlinkability, forward/backward confidentiality, etc., a new anonymous mutual authentication and key agreement protocol was proposed on the basis of the protocol. This scheme only uses XOR and the one-way hash operations, which not only reduces communication consumption but also ensures security, and realizes a truly lightweight anonymous mutual authentication and key agreement protocol.

Zhang, Y., Weng, J., Ling, Z., Pearson, B., Fu, X..  2020.  BLESS: A BLE Application Security Scanning Framework. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications. :636—645.
Bluetooth Low Energy (BLE) is a widely adopted wireless communication technology in the Internet of Things (IoT). BLE offers secure communication through a set of pairing strategies. However, these pairing strategies are obsolete in the context of IoT. The security of BLE based devices relies on physical security, but a BLE enabled IoT device may be deployed in a public environment without physical security. Attackers who can physically access a BLE-based device will be able to pair with it and may control it thereafter. Therefore, manufacturers may implement extra authentication mechanisms at the application layer to address this issue. In this paper, we design and implement a BLE Security Scan (BLESS) framework to identify those BLE apps that do not implement encryption or authentication at the application layer. Taint analysis is used to track if BLE apps use nonces and cryptographic keys, which are critical to cryptographic protocols. We scan 1073 BLE apps and find that 93% of them are not secure. To mitigate this problem, we propose and implement an application-level defense with a low-cost \$0.55 crypto co-processor using public key cryptography.
Zhang, C., Shahriar, H., Riad, A. B. M. K..  2020.  Security and Privacy Analysis of Wearable Health Device. 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC). :1767—1772.

Mobile wearable health devices have expanded prevalent usage and become very popular because of the valuable health monitor system. These devices provide general health tips and monitoring human health parameters as well as generally assisting the user to take better health of themselves. However, these devices are associated with security and privacy risk among the consumers because these devices deal with sensitive data information such as users sleeping arrangements, dieting formula such as eating constraint, pulse rate and so on. In this paper, we analyze the significant security and privacy features of three very popular health tracker devices: Fitbit, Jawbone and Google Glass. We very carefully analyze the devices' strength and how the devices communicate and its Bluetooth pairing process with mobile devices. We explore the possible malicious attack through Bluetooth networking by hacker. The outcomes of this analysis show how these devices allow third parties to gain sensitive information from the device exact location that causes the potential privacy breach for users. We analyze the reasons of user data security and privacy are gained by unauthorized people on wearable devices and the possible challenge to secure user data as well as the comparison of three wearable devices (Fitbit, Jawbone and Google Glass) security vulnerability and attack type.

Eamsa-ard, T., Seesaard, T., Kerdcharoen, T..  2018.  Wearable Sensor of Humanoid Robot-Based Textile Chemical Sensors for Odor Detection and Tracking. 2018 International Conference on Engineering, Applied Sciences, and Technology (ICEAST). :1—4.

This paper revealed the development and implementation of the wearable sensors based on transient responses of textile chemical sensors for odorant detection system as wearable sensor of humanoid robot. The textile chemical sensors consist of nine polymer/CNTs nano-composite gas sensors which can be divided into three different prototypes of the wearable humanoid robot; (i) human axillary odor monitoring, (ii) human foot odor tracking, and (iii) wearable personal gas leakage detection. These prototypes can be integrated into high-performance wearable wellness platform such as smart clothes, smart shoes and wearable pocket toxic-gas detector. While operating mode has been designed to use ZigBee wireless communication technology for data acquisition and monitoring system. Wearable humanoid robot offers several platforms that can be applied to investigate the role of individual scent produced by different parts of the human body such as axillary odor and foot odor, which have potential health effects from abnormal or offensive body odor. Moreover, wearable personal safety and security component in robot is also effective for detecting NH3 leakage in environment. Preliminary results with nine textile chemical sensors for odor biomarker and NH3 detection demonstrates the feasibility of using the wearable humanoid robot to distinguish unpleasant odor released when you're physically active. It also showed an excellent performance to detect a hazardous gas like ammonia (NH3) with sensitivity as low as 5 ppm.

Attia, M., Hossny, M., Nahavandi, S., Dalvand, M., Asadi, H..  2018.  Towards Trusted Autonomous Surgical Robots. 2018 IEEE International Conference on Systems, Man, and Cybernetics (SMC). :4083—4088.

Throughout the last few decades, a breakthrough took place in the field of autonomous robotics. They have been introduced to perform dangerous, dirty, difficult, and dull tasks, to serve the community. They have been also used to address health-care related tasks, such as enhancing the surgical skills of the surgeons and enabling surgeries in remote areas. This may help to perform operations in remote areas efficiently and in timely manner, with or without human intervention. One of the main advantages is that robots are not affected with human-related problems such as: fatigue or momentary lapses of attention. Thus, they can perform repeated and tedious operations. In this paper, we propose a framework to establish trust in autonomous medical robots based on mutual understanding and transparency in decision making.

Khayat, Mohamad, Barka, Ezedin, Sallabi, Farag.  2019.  SDN\_Based Secure Healthcare Monitoring System(SDN-SHMS). 2019 28th International Conference on Computer Communication and Networks (ICCCN). :1–7.
Healthcare experts and researchers have been promoting the need for IoT-based remote health monitoring systems that take care of the health of elderly people. However, such systems may generate large amounts of data, which makes the security and privacy of such data to become imperative. This paper studies the security and privacy concerns of the existing Healthcare Monitoring System (HMS) and proposes a reference architecture (security integration framework) for managing IoT-based healthcare monitoring systems that ensures security, privacy, and reliable service delivery for patients and elderly people to reduce and avoid health related risks. Our proposed framework will be in the form of state-of-the-art Security Platform, for HMS, using the emerging Software Defined Network (SDN) networking paradigm. Our proposed integration framework eliminates the dependency on specific Software or vendor for different security systems, and allows for the benefits from the functional and secure applications, and services provided by the SDN platform.
Nausheen, Farha, Begum, Sayyada Hajera.  2018.  Healthcare IoT: Benefits, vulnerabilities and solutions. 2018 2nd International Conference on Inventive Systems and Control (ICISC). :517–522.
With all the exciting benefits of IoT in healthcare - from mobile applications to wearable and implantable health gadgets-it becomes prominent to ensure that patients, their medical data and the interactions to and from their medical devices are safe and secure. The security and privacy is being breached when the mobile applications are mishandled or tampered by the hackers by performing reverse engineering on the application leading to catastrophic consequences. To combat against these vulnerabilities, there is need to create an awareness of the potential risks of these devices and effective strategies are needed to be implemented to achieve a level of security defense. In this paper, the benefits of healthcare IoT system and the possible vulnerabilities that may result are presented. Also, we propose to develop solutions against these vulnerabilities by protecting mobile applications using obfuscation and return oriented programming techniques. These techniques convert an application into a form which makes difficult for an adversary to interpret or alter the code for illegitimate purpose. The mobile applications use keys to control communication with the implantable medical devices, which need to be protected as they are the critical component for securing communications. Therefore, we also propose access control schemes using white box encryption to make the keys undiscoverable to hackers.
Abuella, Hisham, Ekin, Sabit.  2019.  A New Paradigm for Non-contact Vitals Monitoring using Visible Light Sensing. 2019 16th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON). :1–2.
Typical techniques for tracking vital signs require body contact and most of these techniques are intrusive in nature. Body-contact methods might irritate the patient's skin and he/she might feel uncomfortable while sensors are touching his/her body. In this study, we present a new wireless (non-contact) method for monitoring human vital signs (breathing and heartbeat). We have demonstrated for the first time1 that vitals signs can be measured wirelessly through visible light signal reflected from a human subject, also referred to as visible light sensing (VLS). In this method, the breathing and heartbeat rates are measured without any body-contact device, using only a simple photodetector and a light source (e.g., LED). The light signal reflected from human subject is modulated by the physical motions during breathing and heartbeats. Signal processing tools such as filtering and Fourier transform are used to convert these small variations in the received light signal power to vitals data.We implemented the VLS-based non-contact vital signs monitoring system by using an off-the-shelf light source, a photodetector and a signal acquisition and processing unit. We observed more than 94% of accuracy as compared to a contact-based FDA (The Food and Drug Administration) approved devices. Additional evaluations are planned to assess the performance of the developed vitals monitoring system, e.g., different subjects, environments, etc. Non-contact vitals monitoring system can be used in various areas and scenarios such as medical facilities, residential homes, security and human-computer-interaction (HCI) applications.
Hylamia, Sam, Yan, Wenqing, Rohner, Christian, Voigt, Thiemo.  2019.  Tiek: Two-tier Authentication and Key Distribution for Wearable Devices. 2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). :1–6.
Wearable devices, such as implantable medical devices and smart wearables, are becoming increasingly popular with applications that vary from casual activity monitoring to critical medical uses. Unsurprisingly, numerous security vulnerabilities have been found in this class of devices. Yet, research on physical measurement-based authentication and key distribution assumes that body-worn devices are benign and uncompromised. Tiek is a novel authentication and key distribution protocol which addresses this issue. We utilize two sources of randomness to perform device authentication and key distribution simultaneously but through separate means. This creates a two-tier authorization scheme that enables devices to join the network while protecting them from each other. We describe Tiek and analyze its security.
MacDermott, Áine, Lea, Stephen, Iqbal, Farkhund, Idowu, Ibrahim, Shah, Babar.  2019.  Forensic Analysis of Wearable Devices: Fitbit, Garmin and HETP Watches. 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS). :1–6.
Wearable technology has been on an exponential rise and shows no signs of slowing down. One category of wearable technology is Fitness bands, which have the potential to show a user's activity levels and location data. Such information stored in fitness bands is just the beginning of a long trail of evidence fitness bands can store, which represents a huge opportunity to digital forensic practitioners. On the surface of recent work and research in this area, there does not appear to be any similar work that has already taken place on fitness bands and particularly, the devices in this study, a Garmin Forerunner 110, a Fitbit Charge HR and a Generic low-cost HETP fitness tracker. In this paper, we present our analysis of these devices for any possible digital evidence in a forensically sound manner, identifying files of interest and location data on the device. Data accuracy and validity of the evidence is shown, as a test run scenario wearing all of the devices allowed for data comparison analysis.
Alsumayt, Albandari, Albawardy, Norah, Aldossary, Wejdan, Alghamdi, Ebtehal, Aljammaz, Aljawhra.  2019.  Improve the security over the wireless sensor networks in medical sector. 2019 2nd International Conference on Computer Applications Information Security (ICCAIS). :1–4.
Nowadays with the huge technological development, the reliance on technology has become enormous. Wireless Sensor Networks (WSN) is an example of using the Internet and communication between the patient and the hospital. Easy use of such networks helps to increase the quality of communication between patient and hospital. With the development of technology increased risk in use. Any change in this data between the patient and the hospital may cause false data that may harm the patient. In this paper, a secure protocol is designed to ensure the confidentiality, integrity, and availability of data transfer between the hospital and the patient, depending on the AES and RC4 algorithms.
Handa, Jigyasa, Singh, Saurabh, Saraswat, Shipra.  2019.  A Comparative Study of Mouse and Keystroke Based Authentication. 2019 9th International Conference on Cloud Computing, Data Science Engineering (Confluence). :670–674.

One of the basic behavioural biometric methods is keystroke element. Being less expensive and not requiring any extra bit of equipment is the main advantage of keystroke element. The primary concentration of this paper is to give an inevitable review of behavioural biometrics strategies, measurements and different methodologies and difficulties and future bearings specially of keystroke analysis and mouse dynamics. Keystrokes elements frameworks utilize insights, e.g. time between keystrokes, word decisions, word mixes, general speed of writing and so on. Mouse Dynamics is termed as the course of actions captured from the moving mouse by an individual when interacting with a GUI. These are representative factors which may be called mouse dynamics signature of an individual, and may be used for verification of identity of an individual. In this paper, we compare the authentication system based on keystroke dynamics and mouse dynamics.

Almehmadi, Tahani, Alshehri, Suhair, Tahir, Sabeen.  2019.  A Secure Fog-Cloud Based Architecture for MIoT. 2019 2nd International Conference on Computer Applications Information Security (ICCAIS). :1–6.

Medical Internet of Things (MIoT) offers innovative solutions to a healthier life, making radical changes in people's lives. Healthcare providers are enabled to continuously and remotely monitor their patients for many medial issues outside hospitals and healthcare providers' offices. MIoT systems and applications lead to increase availability, accessibility, quality and cost-effectiveness of healthcare services. On the other hand, MIoT devices generate a large amount of diverse real-time data, which is highly sensitive. Thus, securing medical data is an essential requirement when developing MIoT architectures. However, the MIoT architectures being developed in the literature have many security issues. To address the challenge of data security in MIoT, the integration of fog computing and MIoT is studied as an emerging and appropriate solution. By data security, it means that medial data is stored in fog nodes and transferred to the cloud in a secure manner to prevent any unauthorized access. In this paper, we propose a design for a secure fog-cloud based architecture for MIoT.

Harrison, William L., Allwein, Gerard.  2018.  Semantics-Directed Prototyping of Hardware Runtime Monitors. 2018 International Symposium on Rapid System Prototyping (RSP). :42-48.

Building memory protection mechanisms into embedded hardware is attractive because it has the potential to neutralize a host of software-based attacks with relatively small performance overhead. A hardware monitor, being at the lowest level of the system stack, is more difficult to bypass than a software monitor and hardware-based protections are also potentially more fine-grained than is possible in software: an individual instruction executing on a processor may entail multiple memory accesses, all of which may be tracked in hardware. Finally, hardware-based protection can be performed without the necessity of altering application binaries. This article presents a proof-of-concept codesign of a small embedded processor with a hardware monitor protecting against ROP-style code reuse attacks. While the case study is small, it indicates, we argue, an approach to rapid-prototyping runtime monitors in hardware that is quick, flexible, and extensible as well as being amenable to formal verification.

Shrestha, P., Shrestha, B., Saxena, N..  2018.  Home Alone: The Insider Threat of Unattended Wearables and A Defense using Audio Proximity. 2018 IEEE Conference on Communications and Network Security (CNS). :1–9.

In this paper, we highlight and study the threat arising from the unattended wearable devices pre-paired with a smartphone over a wireless communication medium. Most users may not lock their wearables due to their small form factor, and may strip themselves off of these devices often, leaving or forgetting them unattended while away from homes (or shared office spaces). An “insider” attacker (potentially a disgruntled friend, roommate, colleague, or even a spouse) can therefore get hold of the wearable, take it near the user's phone (i.e., within radio communication range) at another location (e.g., user's office), and surreptitiously use it across physical barriers for various nefarious purposes, including pulling and learning sensitive information from the phone (such as messages, photos or emails), and pushing sensitive commands to the phone (such as making phone calls, sending text messages and taking pictures). The attacker can then safely restore the wearable, wait for it to be left unattended again and may repeat the process for maximum impact, while the victim remains completely oblivious to the ongoing attack activity. This malicious behavior is in sharp contrast to the threat of stolen wearables where the victim would unpair the wearable as soon as the theft is detected. Considering the severity of this threat, we also respond by building a defense based on audio proximity, which limits the wearable to interface with the phone only when it can pick up on an active audio challenge produced by the phone.

Lee, K., Reardon, C., Fink, J..  2018.  Augmented Reality in Human-Robot Cooperative Search. 2018 IEEE International Symposium on Safety, Security, and Rescue Robotics (SSRR). :1–1.

Robots operating alongside humans in field environments have the potential to greatly increase the situational awareness of their human teammates. A significant challenge, however, is the efficient conveyance of what the robot perceives to the human in order to achieve improved situational awareness. We believe augmented reality (AR), which allows a human to simultaneously perceive the real world and digital information situated virtually in the real world, has the potential to address this issue. We propose to demonstrate that augmented reality can be used to enable human-robot cooperative search, where the robot can both share search results and assist the human teammate in navigating to a search target.

Zeng, J., Dong, L., Wu, Y., Chen, H., Li, C., Wang, S..  2017.  Privacy-Preserving and Multi-Dimensional Range Query in Two-Tiered Wireless Sensor Networks. GLOBECOM 2017 - 2017 IEEE Global Communications Conference. :1–7.

With the advancement of sensor electronic devices, wireless sensor networks have attracted more and more attention. Range query has become a significant part of sensor networks due to its availability and convenience. However, It is challenging to process range query while still protecting sensitive data from disclosure. Existing work mainly focuses on privacy- preserving range query, but neglects the damage of collusion attacks, probability attacks and differential attacks. In this paper, we propose a privacy- preserving, energy-efficient and multi-dimensional range query protocol called PERQ, which not only achieves data privacy, but also considers collusion attacks, probability attacks and differential attacks. Generalized distance-based and modular arithmetic range query mechanism are used. In addition, a novel cyclic modular verification scheme is proposed to verify the data integrity. Extensive theoretical analysis and experimental results confirm the high performance of PERQ in terms of energy efficiency, security and accountability requirements.

Jonsdottir, G., Wood, D., Doshi, R..  2017.  IoT network monitor. 2017 IEEE MIT Undergraduate Research Technology Conference (URTC). :1–5.
IoT Network Monitor is an intuitive and user-friendly interface for consumers to visualize vulnerabilities of IoT devices in their home. Running on a Raspberry Pi configured as a router, the IoT Network Monitor analyzes the traffic of connected devices in three ways. First, it detects devices with default passwords exploited by previous attacks such as the Mirai Botnet, changes default device passwords to randomly generated 12 character strings, and reports the new passwords to the user. Second, it conducts deep packet analysis on the network data from each device and notifies the user of potentially sensitive personal information that is being transmitted in cleartext. Lastly, it detects botnet traffic originating from an IoT device connected to the network and instructs the user to disconnect the device if it has been hacked. The user-friendly IoT Network Monitor will enable homeowners to maintain the security of their home network and better understand what actions are appropriate when a certain security vulnerability is detected. Wide adoption of this tool will make consumer home IoT networks more secure.
Langone, M., Setola, R., Lopez, J..  2017.  Cybersecurity of Wearable Devices: An Experimental Analysis and a Vulnerability Assessment Method. 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC). 2:304–309.

The widespread diffusion of the Internet of Things (IoT) is introducing a huge number of Internet-connected devices in our daily life. Mainly, wearable devices are going to have a large impact on our lifestyle, especially in a healthcare scenario. In this framework, it is fundamental to secure exchanged information between these devices. Among other factors, it is important to take into account the link between a wearable device and a smart unit (e.g., smartphone). This connection is generally obtained via specific wireless protocols such as Bluetooth Low Energy (BLE): the main topic of this work is to analyse the security of this communication link. In this paper we expose, via an experimental campaign, a methodology to perform a vulnerability assessment (VA) on wearable devices communicating with a smartphone. In this way, we identify several security issues in a set of commercial wearable devices.

Vhaduri, S., Poellabauer, C..  2017.  Wearable Device User Authentication Using Physiological and Behavioral Metrics. 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC). :1–6.

Wearables, such as Fitbit, Apple Watch, and Microsoft Band, with their rich collection of sensors, facilitate the tracking of healthcare- and wellness-related metrics. However, the assessment of the physiological metrics collected by these devices could also be useful in identifying the user of the wearable, e.g., to detect unauthorized use or to correctly associate the data to a user if wearables are shared among multiple users. Further, researchers and healthcare providers often rely on these smart wearables to monitor research subjects and patients in their natural environments over extended periods of time. Here, it is important to associate the sensed data with the corresponding user and to detect if a device is being used by an unauthorized individual, to ensure study compliance. Existing one-time authentication approaches using credentials (e.g., passwords, certificates) or trait-based biometrics (e.g., face, fingerprints, iris, voice) might fail, since such credentials can easily be shared among users. In this paper, we present a continuous and reliable wearable-user authentication mechanism using coarse-grain minute-level physical activity (step counts) and physiological data (heart rate, calorie burn, and metabolic equivalent of task). From our analysis of 421 Fitbit users from a two-year long health study, we are able to statistically distinguish nearly 100% of the subject-pairs and to identify subjects with an average accuracy of 92.97%.

Siddiqi, M., All, S. T., Sivaraman, V..  2017.  Secure Lightweight Context-Driven Data Logging for Bodyworn Sensing Devices. 2017 5th International Symposium on Digital Forensic and Security (ISDFS). :1–6.

Rapid advancement in wearable technology has unlocked a tremendous potential of its applications in the medical domain. Among the challenges in making the technology more useful for medical purposes is the lack of confidence in the data thus generated and communicated. Incentives have led to attacks on such systems. We propose a novel lightweight scheme to securely log the data from bodyworn sensing devices by utilizing neighboring devices as witnesses who store the fingerprints of data in Bloom filters to be later used for forensics. Medical data from each sensor is stored at various locations of the system in chronological epoch-level blocks chained together, similar to the blockchain. Besides secure logging, the scheme offers to secure other contextual information such as localization and timestamping. We prove the effectiveness of the scheme through experimental results. We define performance parameters of our scheme and quantify their cost benefit trade-offs through simulation.

Cai, H., Yun, T., Hester, J., Venkatasubramanian, K. K..  2017.  Deploying Data-Driven Security Solutions on Resource-Constrained Wearable IoT Systems. 2017 IEEE 37th International Conference on Distributed Computing Systems Workshops (ICDCSW). :199–204.

Wearable Internet-of-Things (WIoT) environments have demonstrated great potential in a broad range of applications in healthcare and well-being. Security is essential for WIoT environments. Lack of security in WIoTs not only harms user privacy, but may also harm the user's safety. Though devices in the WIoT can be attacked in many ways, in this paper we focus on adversaries who mount what we call sensor-hijacking attacks, which prevent the constituent medical devices from accurately collecting and reporting the user's health state (e.g., reporting old or wrong physiological measurements). In this paper we outline some of our experiences in implementing a data-driven security solution for detecting sensor-hijacking attack on a secure wearable internet-of-things (WIoT) base station called the Amulet. Given the limited capabilities (computation, memory, battery power) of the Amulet platform, implementing such a security solution is quite challenging and presents several trade-offs with respect to detection accuracy and resources requirements. We conclude the paper with a list of insights into what capabilities constrained WIoT platforms should provide developers so as to make the inclusion of data-driven security primitives in such systems.