Protecting Privacy for Wireless Medical Devices
Affiliated CCIS Professor Guevara Noubir and ECE Associate Professor Kaushik Chowdhury were awarded a $300K NSF grant for "Assessing and Protecting Privacy in Wireless Wearable Sensor-Generated Medical Data".
Abstract Source: NSF
Medical and body-worn sensors will enhance human health monitoring and diagnosis of critical ailments in the next decade. As the popularity of such devices increases, there will be an emergence of new and varied types of attacks targeting privacy intrusions. In all such cases, ensuring that user's physiological data is only accessed by authorized entities and confidentially transmitted to the remote medical experts is of critical importance. The project will first investigate the attack vectors resulting from wearable devices such as inference of private health information by analyzing the sensor data traffic transmitted over-the-air. To address such threats, the project will involve the design of a secure method of key establishment and communications between a body sensor and an external device, where signals are sent through the human tissue to eliminate eavesdropping. The project goals will be accomplished with collaboration from wireless security experts in Brazil, which will also lead to joint publications, student and faculty exchanges, and joint coursework development.
As part of the research undertaken in this project, the PIs will investigate how cross-layer and joint hardware-software fingerprinting techniques can be used to track a given user over time and space, and then identify with high probability, which types of medical sensing applications are active. This will be the first traffic analysis of health-specific body sensor traffic and building a comprehensive set of reference signatures for wearable sensors, which has so far not been addressed by classical techniques developed for Internet applications. The proposed tasks will also demonstrate a first-of-its-kind side-channel technique, using a non-radiating body channel, for secure key establishment, communications, and multi-factor authentication between body-worn sensors and the information-relaying device, such as a mobile phone. Underlying these methods is a technique called galvanic coupling, where weak electrical currents are modulated with the data signals, and then transmitted via highly conductive pathways of the human tissue. This shared secret can be both an encryption key as well as a randomized traffic shaping seed that eliminates RF sniffing, thereby mitigating the above types of privacy intrusions.