SNAP: Proximity Detection with Single-Antenna IoT Devices

THaW graduate Tim Pierson will present SNAP, a method for proximity detection with single-antenna IoT devices at MobiCom in October.

SNAP - Likelihood of declaring proximityAbstract: Providing secure communications between wireless devices that encounter each other on an ad-hoc basis is a challenge that has not yet been fully addressed. In these cases, close physical proximity among devices that have never shared a secret key is sometimes used as a basis of trust; devices in close proximity are deemed trustworthy while more distant devices are viewed as potential adversaries. Because radio waves are invisible, however, a user may believe a wireless device is communicating with a nearby device when in fact the user’s device is communicating with a distant adversary. Researchers have previously proposed methods for multi-antenna devices to ascertain physical proximity with other devices, but devices with a single antenna, such as those commonly used in the Internet of Things, cannot take advantage of these techniques.

We present theoretical and practical evaluation of a method called SNAP — SiNgle Antenna Proximity — that allows a single-antenna Wi-Fi device to quickly determine proximity with another Wi-Fi device. Our proximity detection technique leverages the repeating nature Wi-Fi’s preamble and the behavior of a signal in a transmitting antenna’s near-field region to detect proximity with high probability; SNAP never falsely declares proximity at ranges longer than 14 cm.

In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom), Article #1-15, October 2019. ACM Press. DOI 10.1145/3300061.3300120.

CloseTalker: Secure, Short-range Communication

THaW researchers will present a paper titled CloseTalker:  Secure, Short-range Ad Hoc Wireless Communication at MobiSys next week.

Abstract: Secure communication is difficult to arrange between devices that have not previously shared a secret. Previous solutions to the problem are susceptible to man-in-the-middle attacks, require additional hardware for out-of-band communication, or require an extensive public-key infrastructure. Furthermore, as the number of wireless devices explodes with the advent of the Internet of Things, it will be impractical to manually configure each device to communicate with its neighbors.

Our system, CloseTalker, allows simple, secure, ad hoc communication between devices in close physical proximity, while jamming the signal so it is unintelligible to any receivers more than a few centimeters away. CloseTalker does not require any specialized hardware or sensors in the devices, does not require complex algorithms or cryptography libraries, occurs only when intended by the user, and can transmit a short burst of data or an address and key that can be used to establish long-term or long-range communications at full bandwidth.

In this paper we present a theoretical and practical evaluation of CloseTalker, which exploits Wi-Fi MIMO antennas and the fundamental physics of radio to establish secure communication between devices that have never previously met. We demonstrate that CloseTalker is able to facilitate secure in-band communication between devices in close physical proximity (about 5 cm), even though they have never met nor shared a key.

Timothy J. Pierson, Travis Peters, Ronald Peterson, and David Kotz. Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), June 2019. ACM Press. DOI 10.1145/3307334.3326100.

IEEE recognizes THaW researcher for establishing field of medical device security

Professor Kevin Fu’s 2008 paper called “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses” has received the inaugural IEEE Security and Privacy “Test of Time” Award:  http://eecs.umich.edu/eecs/about/articles/2019/fu-test-of-time.html 

The paper was been recognized from a pool of submissions spanning 40 years with the inaugural IEEE Security and Privacy Test of Time Award, and its impact can be felt in every corner of the medical devices industry.

In the 11 years since the paper’s publication, Fu and others in his field have worked on solutions. Many of these have been technical, but most of the larger impact the paper has had has been in leadership.

“A lot of it is about community building and standards development,” Fu says, “which is sometimes a foreign concept in academia. But it’s really important to industry.”

Welcome Michel Reece

Michel.ReeceThe THaW team is pleased to welcome Prof. Michel Reece, of Morgan State University, as a new collaborator in research on security and privacy issues medical devices.  Together with Tim Pierson (Dartmouth) and David Kotz (Dartmouth), Michel and her group will investigate the potential for identifying devices through features sensed at the PHY and MAC layers, and validating the authenticity of such devices.

Dr. Michel A. Reece currently serves as the interim Chairperson and  the director of  the laboratory for Advanced RF/Microwave Measurement and Electronic Design (ARMMED) in the Department of Electrical and Computer Engineering at Morgan State University (MSU). Her research interests include wireless  signal characterization and device authentication of IoT devices, high frequency device characterization and modeling for III-V semiconductors, RF/ MMIC circuit design, adaptable electronic components for software defined radio applications and most recently power amplifier development for THz mobile communication applications. She received her B.S from Morgan State in 1995 and her M.S.E.E.  from Penn State in 1997, both in Electrical Engineering. She became the first female recipient at MSU  to obtain her doctorate degree in Engineering in 2003.  Previously, she served as a post- doctoral researcher of the Microwave Systems Section of the RF Engineering Group at Johns Hopkins University Applied Physics Laboratory Space Department. She has a passion for education where she has developed curriculum for the RF Microwave Engineering concentration offered at MSU, one out of a few HBCUs to have a dedicated program in this area. She has also taught as an adjunct faculty member at Johns Hopkins University Engineering Professionals Program.

Cybersecurity vulnerabilities

David Slotwiner, Thomas Deering, Kevin Fu, Andrea Russo, Mary Walsh, and George Van Hare recently published a paper titled Cybersecurity vulnerabilities of cardiac implantable electronic devices: Communication strategies for clinicians:

Abstract: Computers, networking, and software have become essential tools for health care. Our daily lives increasingly depend on digital technology, and we are persistently bombarded by the need to secure the systems and data they generate and store from attack, damage, and unauthorized access. Cybersecurity vulnerabilities of cardiac implantable electronic devices (CIEDs) are no longer hypothetical. While no incident of a cybersecurity breach of a CIED implanted in a patient has been reported, and no patient is known to have been harmed to date by the exploitation of a vulnerability, the potential for such a scenario does exist. The public awareness of cybersecurity vulnerabilities in medical devices, particularly devices such as CIEDs on which a patient’s life may depend and where the potential for reprogramming or rendering the device nonfunctional exists, is raising questions and fueling fears among patients and the clinical provider community. The Heart Rhythm Society (HRS) has identified a gap in clinician-patient communication about the appropriate balance of the risks of such a potential attack against the benefits of lifesaving medical devices. To address these communication gaps, HRS convened a 1-day summit in November 2017, in partnership with the U.S. Food and Drug Administration (FDA). The goal of the meeting was to develop patient-centered communication strategies for health care professionals, industry, and governmental agencies. Participants included patient representatives, subject matter experts, HRS and the American College of Cardiology leadership, representatives from the FDA, and the Federal Bureau of Investigation (FB1) and leadership of 5 CIED manufacturers. This proceedings statement is based on the 4 communication themes that emerged from the discussion: when to notify patients, whom to notify, how to communicate with patients, and key elements to discuss with patients.

Proceedings of the Heart Rhythm Society’s Leadership Summit, Heart Rhythm Journal, July 2018.  DOI 10.1016/j.hrthm.2018.05.001.

Tattle Tail Security

Lanier Watkins, Shreya Aggarwal, Omotola Akeredolu, William H. Robinson and Aviel D. Rubin recently published a paper titled Tattle Tail Security: An Intrusion Detection System for Medical Body Area Networks:

Abstract:  Medical Body Area Networks (MBAN) are created when Wireless Sensor Nodes (WSN) are either embedded into the patient’s body or strapped onto it. MBANs are used to monitor the health of patients in real-time in their homes. Many cyber protection mechanisms exist for the infrastructure that interfaces with MBANs; however, not many effective cyber security mechanisms exist for MBANs. We introduce a low-overhead security mechanism for MBANs based on having nodes infer anomalous power dissipation in their neighbors to detect compromised nodes. Nodes will infer anomalous power dissipation in their neighbors by detecting a change in their packet send rate. After two consecutive violations, the node will “Tattle” on its neighbor to the gateway, which will alert the Telemedicine administrator and notify all other nodes to ignore the compromised node.

Workshop on Decentralized IoT Systems and Security (DISS ’19),  (February, 2019). (pdf)

Intrusion Detection for Medical Body Area Networks (MBAN)

THaW researchers recently presented a new paper at the Workshop on Decentralized IoT Systems and Security (DISS).  [PDF]

Abstract:  Medical Body Area Networks (MBAN) are created when Wireless Sensor Nodes (WSN) are either embedded into the patient’s body or strapped onto it. MBANs are used to monitor the health of patients in real-time in their homes. Many cyber protection mechanisms exist for the infrastructure that interfaces with MBANs; however, not many effective cyber security mechanisms exist for MBANs. We introduce a low-overhead security mechanism for MBANs based on having nodes infer anomalous power dissipation in their neighbors to detect compromised nodes. Nodes will infer anomalous power dissipation in their neighbors by detecting a change in their packet send rate. After two consecutive violations, the node will “Tattle” on its neighbor to the gateway, which will alert the Telemedicine administrator and notify all other nodes to ignore the compromised node.

TattleTale-DISS19 figure1

Proposed Telemedicine Scenario

IoT Two-Factor Neurometric Authentication

Angel Rodriguez, Sara Rampazzi, and Kevin Fu recently had a poster accepted titled IoT Two-Factor Neurometric Authentication System using Wearable EEG:

Abstract: The IoT authentication space suffers from various user-sided drawbacks, such as poor password choice, the accidental publication of biometric data, and the practice of disabling authentication completely. This is commonly attributed to the “Security vs Usability” problem – generally, the stronger the authentication, the more inconvenient it is to perform and maintain for the user. Neurometric authentication offers a compelling resistance to eavesdropping and replay attacks, and the ability for a user to simply “think to unlock”. Furthermore, the recent increase in popularity of consumer EEG devices, as well as new research demonstrating its accuracy, have made EEG-based neurometric authentication much more viable.

Using a Support Vector Machine and one-time tokens, we present a secure two-factor authentication method, that allows a user to authenticate multiple IoT devices. We perform preliminary trials on the Psyionet BCI dataset and demonstrate a qualitative comparison of extracted EEG feature sets.

RampazziLeft: IoT two factor authentication scheme –  (1)  After internal user-thought authentication, the  device securely sends a one-time token to the IoT device. (2) The IoT device securely communicates with a server to verify the token. (3) If the token is verified, the server sends a secure confirmation reply to the IoT device, authenticating the user. Right: Proof of concept using the Psyionet BCI dataset – The top row shows the averaged covariance matrices of the extracted features of two different users thinking about the same mental task (imagining closing their fists). The bottom row shows similar features for one user thinking of two different tasks (imagine closing both fists vs both feet).

Proceedings of the IEEE Workshop on the Internet of Safe Things (SafeThings), May 2019. Accepted, publication pending.

 

Testimony in support of IoT Security

Professor Avi Rubin recently testified at a Maryland State Senate Finance Committee, hearing regarding a bill about IoT security [February 26, 2019].  Below are his remarks.

My name is Avi Rubin, and I am a full professor of Computer Science at Johns Hopkins University and Technical Director of our Information Security Institute. I am also the Founder and Chief Scientist of Harbor Labs, a Maryland CyberSecurity company that has developed an IoT Security Analysis product. I have been an active researcher in the area of Computer and Network Security since 1992. The primary focus of my research is Security for the Internet of Things (IoT Security). These are the types of connected devices that are addressed in SB 553.

Continue reading

Securing the life-cycle of Smart Environments (video)

This one-hour talk by David Kotz was presented at ARM Research in Austin, TX at the end of January 2019.  The first half covers some recent THaW research about Wanda and SNAP and the second half lays out some security challenges in the Internet of Things.  Watch the video below.

Abstract: The homes, offices, and vehicles of tomorrow will be embedded with numerous “Smart Things,” networked with each other and with the Internet. Many of these Things interact with their environment, with other devices, and with human users – and yet most of their communications occur invisibly via wireless networks.  How can users express their intent about which devices should communicate – especially in situations when those devices have never encountered each other before?   We present our work exploring novel combinations of physical proximity and user interaction to ensure user intent in establishing and securing device interactions. 

What happens when an occupant moves out or transfers ownership of her Smart Environment?  How does an occupant identify and decommission all the Things in an environment before she moves out?  How does a new occupant discover, identify, validate, and configure all the Things in the environment he adopts?  When a person moves from smart home to smart office to smart hotel, how is a new environment vetted for safety and security, how are personal settings migrated, and how are they securely deleted on departure?  When the original vendor of a Thing (or the service behind it) disappears, how can that Thing (and its data, and its configuration) be transferred to a new service provider?  What interface can enable lay people to manage these complex challenges, and be assured of their privacy, security, and safety?   We present a list of key research questions to address these important challenges.