It made it seem a lot more fun and engaging of a pursuit. The consensus in the student panel seemed to be that it was very difficult but well worth it.
Student participant, Explore Graduate Studies in CSE Workshop
Launched by Prof. Kevin Fu in November, 2014 and co-led by Profs. Jenna Wiens and David Kotz in 2015, THaW professors and students led two workshops in October 2015 on “Exploring Graduate Study in CS and Engineering”. These workshops targeted undergraduate students, primarily juniors and seniors, majoring in Computer Science or related fields. The workshops aimed to educate students about the potential for an exciting career in CS&E research, either in academia and industry, and to coach them in effective ways to prepare their graduate school application.
Both the University of Michigan and Dartmouth College hosted one-day workshops that were open to students from around the country. A diverse set of more than 60 students enjoyed
- an overview of the exciting research underway at the two schools,
- Q&A panels of faculty and current graduate students,
- a writing clinic with tips and tricks for preparing their academic statement of purpose, and
- one-on-one advising by professors.
Survey results show that students overwhelmingly found the workshops to be helpful in thinking about their career options. Several students mentioned that the workshops increased their overall interest in pursuing graduate studies in CSE. The workshops were funded by the NSF through the THaW grant, by Dartmouth, and by the University of Michigan.
Researchers: Professor Avi Rubin, Michael Rushanan – Johns Hopkins University
After some researchers proposed the use of electrocardiograms (ECG) as a source of biometric information for secure authentication and identification of individuals, THaW Professor Rubin and graduate student Michael Rushanan set out to test this assumption by extending work done at MIT on the post-processing of ECG data.
Their research grew out of concern with the proliferation of implantable medical devices and how to secure these devices against external network-based attacks.
Commercial companies have built their businesses upon the unique nature of ECG data. Most of the current applications have been focused on the supposed uniqueness of ECG as a biometric identifier for use in commercial transactions. Rubin and Rushanan set out to determine whether a person’s ECG really is a secure and reliable means of identification and authentication.
The ECG example below uses three different electrode placements and IPI peak identification. The purpose of this experiment was to validate if the authentication scheme under test works with slightly, but expected, noisy experiments that require physical contact.
Rushanan identified temporal granularity as their biggest research challenge and expects his first research results should be available in the coming months.
Earlier this year, President Obama presented a plan to launch the Precision Medicine Initiative (PMI), an ambitious research effort to recruit over one million participants in a long-term effort to understand the individual characteristics of health and disease. The research effort will aggregate clinical data as well as behavioral and environmental data – including, potentially, sensor data from smartphones and wearables – which will, needless to say, require careful security precautions and wise privacy policies.
The PMI advisory board invited THaW researcher David Kotz to a summer workshop on the potential for mobile technology in collecting data for PMI, and specifically to comment on mechanisms to support privacy. The PMI’s proposed Privacy and Trust Principles are an interesting read! [pdf]
Today, the White House Office of Science and Technology Policy (OSTP) gathered a dozen thought leaders – including THaW team members Darren Lacey and David Kotz – to advise them as they begin developing a security framework for the Precision Medicine Initiative. This fascinating discussion was led by Chief Data Scientist DJ Patil, and is just the first step in developing a comprehensive security framework for this important national research initiative.
Security and Privacy: Mobile Medical Applications
David Kotz, PhD – Dartmouth College
September 8, 2015 12pm-1pm ET
NSF CISE: Smart and Connected Health Presentation and Webcast
4201 Wilson Boulevard, Arlington VA, Room 110
Mobile medical applications offer tremendous opportunities to improve quality and access to care, reduce cost, and improve individual wellness and public health. These new technologies, whether in the form of software for smartphones as specialized devices to be worn, carried, or applied as needed, may also pose risks if they are not designed or configured with security and privacy in mind. For example, a patient’s insulin pump may accept dosage instructions from unauthorized smartphones running a spoofed application; another patient’s fertility-tracking app may be probing the Bluetooth network for its associated device, exposing her use of this app to nearby strangers. In this webinar, Dr. David Kotz presents an overview of the security and privacy challenges posed by mobile medical applications, including important open issues that require further research.
Webcast Access: https://nsf.webex.com/nsf/onstage/g.php?d=744297685&t=a
In an article in the most recent issue of the Communications of the ACM, the authors (Kotz, Fu, Gunter and Rubin) state:
The benefits of healthcare IT will be elusive if its security challenges are not adequately addressed. Security remains one of the most important concerns in a recent survey of the health and mHealth sectors, and research has illustrated the risks incurred by cyber-attacks on medical devices such as pace-makers. More than two-thirds (69%) of respondents say their organization’s IT security does not meet expectations for FDA-approved medical devices.
Privacy protection is also critical for healthcare IT; although this column focuses on security, it should be noted that many security breaches lead to disclosure of personal information and thus an impact on patient privacy.
The authors identify three critical research challenges:
- Usable authentication tools
- Trustworthy control of medical devices
- Trust through accountability
For more information on the challenges facing securing healthcare IT please see Communications of the ACM.
According to Professor Avi Rubin of Johns Hopkins University, the educational outreach program held in conjunction with the Baltimore Polytechnic Institute was successful. Despite some logistical snags, the discussions with the students were lively, and they seemed genuinely interested in the privacy implications of data aggregation. Professor Rubin and Joe Carrigan also covered some basic statistics, and spoke with the students about career paths in technology.
“PhDs Benjamin Ransford and Denis Foo Kune developed the platform which uses the “traditionally undesirable” power consumption side channel to detect malware with the accuracy of desktop anti-virus at run-time without the need to modify the hardware or software of systems.”
— Darren Pauli, 27 April 2015, The Register
To read more about Kune’s WattsUpDoc platform click here.
Professor Kevin Fu participated recently on a panel entitled, “Will Health Tech Ever Be Hack Proof?” at the New America symposium on Our Data, Our Health: The Future of Mobile Health Technology (26 March 2015). Joining Kevin to explore the personal, economic and regulatory implications of securing health related technology were Lucia Savage, Chief Privacy Officer, National Coordinator for Health IT, Alvaro Bedoya, Executive Director, Center on Privacy and Technology, Georgetown, and the panel’s moderator was Peter Singer, Strategist and Senior Fellow, New America. The video of this panel discussion can be found here.
A summary of the panel discussion described above can be found in this issue of CIO. [CIO]
Bring Your Own Device (BYOD) Practices in Healthcare– A.J. Burns and M. Eric Johnson, Vanderbilt University
Despite the many impressive technology-enabled advances in modern medicine over the past several decades, concerns over costs, reliability, and security have hindered the adoption of IT in the health sector. However, as in other industries, healthcare has seen dramatic increases in the use of personally-owned devices. In fact, 88.6 percent of those working in healthcare report using their smartphone for work. All the while, 54 percent of US organizations report that they’re unable to determine if off-site employees are using technology and informational resources in a way that addresses corporate and regulatory requirements. This lack of oversight is especially problematic for the health sector where research reveals that healthcare workers often fail to maintain basic security hygiene on their devices (e.g., 41 percent report having no password protection).
The trend toward mobile computing is radically transforming how individuals interact with IT. For example, in 2014, comScore reported that for the first time, more than half of all digital media in the US was consumed in a mobile app. In the health sector, enabled by low entry barriers and lax (often non-existent) regulation, the number of mobile health (mHealth) apps available to consumers now exceeds 100,000, with millions of total yearly downloads. Yet when it comes to these available apps, the industry provides little transparency about either the mHealth data’s security and privacy or the usage patterns among physicians and patients that have downloaded these apps. In a recent special issue on IT security in IEEE IT Professional, THaW researchers highlight emerging issues related to mobility and security in healthcare: BYOD and the mHealth application ecosystem.
Link to IEEE IT Professional publication (see pages 23-29).