About David Kotz

David Kotz is serving as the Interim Provost at Dartmouth College through October 2018. He is also the Champion International Professor in the Department of Computer Science. He previously served as Associate Dean of the Faculty for the Sciences, as the Executive Director of the Institute for Security Technology Studies, and on the US Healthcare IT Policy Committee. His research interests include security and privacy, pervasive computing for healthcare, and wireless networks. He has published over 130 refereed journal and conference papers and obtained over $65m in grant funding. He is an IEEE Fellow, a Senior Member of the ACM, a 2008 Fulbright Fellow to India, and an elected member of Phi Beta Kappa. After receiving his A.B. in Computer Science and Physics from Dartmouth in 1986, he completed his Ph.D in Computer Science from Duke University in 1991 and returned to Dartmouth to join the faculty. For more information see http://www.cs.dartmouth.edu/~dfk/.

Morgan State joins THaW

KornegayTHaW welcomes Professor Kevin Kornegay and his students from Morgan State University in Baltimore MD.  Kevin’s lab brings deep expertise in Medical IoT device security assessment, profiling, and hardening to an exploration of voice-based assistants.

Voice-assisted IoT devices such as Alexa, Siri, and Google Assistant are gaining use as portals for medical services. However, the potential safety and security issues they pose are not well understood by patients and consumers. In this collaboration, we will investigate some of the potential security issues of these devices using reverse engineering techniques to expose the vulnerabilities and propose recommendations for secure usage.

Ubicomp’18: vocal resonance as a biometric

At the Joint Conference on Pervasive and Ubiquitous Computing conference, Ubicomp, David Kotz presented THaW’s work to develop a novel biometric approach to identifying and verifying who is wearing a device – an important consideration for a medical device that may be collecting diagnostic information that is fed into an electronic health record. Their novel approach is to use vocal resonance, i.e., the sound of your voice as it passes through bones and tissues, for a device to recognize its wearer and verify that it is physically in contact with the wearer… not just nearby.  They implemented the method on a wearable-class computing device and showed high accuracy and low energy consumption. 2018-10-08-00147-crop.jpg

Rui Liu, Cory Cornelius, Reza Rawassizadeh, Ron Peterson, and David Kotz. Vocal Resonance: Using Internal Body Voice for Wearable AuthenticationProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (UbiComp), 2(1), March 2018. DOI 10.1145/3191751.

Abstract: We observe the advent of body-area networks of pervasive wearable devices, whether for health monitoring, personal assistance, entertainment, or home automation. For many devices, it is critical to identify the wearer, allowing sensor data to be properly labeled or personalized behavior to be properly achieved. In this paper we propose the use of vocal resonance, that is, the sound of the person’s voice as it travels through the person’s body – a method we anticipate would be suitable for devices worn on the head, neck, or chest. In this regard, we go well beyond the simple challenge of speaker recognition: we want to know who is wearing the device. We explore two machine-learning approaches that analyze voice samples from a small throat-mounted microphone and allow the device to determine whether (a) the speaker is indeed the expected person, and (b) the microphone-enabled device is physically on the speaker’s body. We collected data from 29 subjects, demonstrate the feasibility of a prototype, and show that our DNN method achieved balanced accuracy 0.914 for identification and 0.961 for verification by using an LSTM-based deep-learning model, while our efficient GMM method achieved balanced accuracy 0.875 for identification and 0.942 for verification.

WearSys papers, MobiSys posters

THaW researchers are showing off some cool research at this week’s MobiSys conference in Niagara Falls, with three papers at MobiSys workshops and a poster in the poster session.

  • Aarathi Prasad and David Kotz. ENACT: Encounter-based Architecture for Contact Tracing. In ACM Workshop on Physical Analytics (WPA), pages 37-42, June 2017. ACM Press. DOI 10.1145/3092305.3092310.
  • Rui Liu, Reza Rawassizadeh, and David Kotz. Toward Accurate and Efficient Feature Selection for Speaker Recognition on Wearables. InProceedings of the ACM Workshop on Wearable Systems and Applications (WearSys), pages 41-46, 2017. ACM Press. DOI 10.1145/3089351.3089352.
  • Rui Liu, Cory Cornelius, Reza Rawassizadeh, Ron Peterson, and David Kotz. Poster: Vocal Resonance as a Passive Biometric. In Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), pages 160, 2017. ACM Press. DOI 10.1145/3081333.3089304.
  • Xiaohui Liang and David Kotz. AuthoRing: Wearable User-presence Authentication. In Proceedings of the ACM Workshop on Wearable Systems and Applications (WearSys), pages 5-10, 2017. ACM Press. DOI 10.1145/3089351.3089357.

Wanda – Securely introducing mobile devices

A few months ago we announced the results of our Wanda project, as published in INFOCOM 2016.  Today we’re excited to share this new video description of the project! Thanks to Abby Starr and Shiyao Peng of Dartmouth’s DALI lab, and Tim Pierson of the THaW team, for this fun and informative production.

Nearly every setting is increasingly populated with wireless and mobile devices – whether appliances in a home, medical devices in a health clinic, sensors in an industrial setting, or devices in an office or school. There are three fundamental operations when bringing a new device into any of these settings: (1) to configure the device to join the wireless local-area network, (2) to partner the device with other nearby devices so they can work together, and (3) to configure the device so it connects to the relevant individual or organizational account in the cloud. The challenge is to accomplish all three goals simply, securely, and consistent with user intent. We call our approach Wanda – a `magic wand’ that accomplishes all three of the above goals – and evaluate a prototype implementation.

NSF website highlights THaW

NSF highlighted the THaW project on its website last week, gaining notice in blogs like Politico morning eHealth, the HealthITSecurity, and FierceMobileHealthcare.  NSF’s article describes THaW research on mobile-app security and on the authentication of clinical staff to clinical information systems, among other things.

Klara Nahrstedt honored

nahrstedt_thawACM SIGMOBILE’s group N2Women announced today its inaugural list of “10 women in networking/ communications that you should know”, including THaW co-PI Klara Nahrstedt from UIUC.  She is in impressive company – details on these ten amazing women, as well as quotes from the many people who nominated these women, are available at the link below.

http://sites.ieee.org/com-n2women/files/2015/12/Top10-20151.pdf

Congratulations to Professor Klara Nahrstedt!

THaW researchers help secure the Precision Medicine Initiative

Earlier this year, President Obama presented a plan to launch the Precision Medicine Initiative (PMI), an ambitious research effort to recruit over one million participants in a long-term effort to understand the individual characteristics of health and disease. The research effort will aggregate clinical data as well as behavioral and environmental data – including, potentially, sensor data from smartphones and wearables – which will, needless to say, require careful security precautions and wise privacy policies.

The PMI advisory board invited THaW researcher David Kotz to a summer workshop on the potential for mobile technology in collecting data for PMI, and specifically to comment on mechanisms to support privacy.  The PMI’s proposed Privacy and Trust Principles are an interesting read! [pdf]

White HouseToday, the White House Office of Science and Technology Policy (OSTP) gathered a dozen thought leaders – including THaW team members Darren Lacey and David Kotz – to advise them as they begin developing a security framework for the Precision Medicine Initiative.  This fascinating discussion was led by Chief Data Scientist DJ Patil, and is just the first step in developing a comprehensive security framework for this important national research initiative.