Seven years ago, the National Science Foundation’s Secure and Trustworthy Cyberspace program awarded a grant creating the Trustworthy Health and Wellness (THaW) project. Most project activities have now wound down, after publishing more than a hundred journal papers, conference papers, workshop contributions, dissertations, theses, patents, and more. We just released an annotated bibliography, with all the references organized in a Zotero library that provides ready access to citation materials and abstracts. In the annotated bibliography we organize papers by cluster (category), identify content tags, and give a brief annotation summarizing the work’s contribution. Thanks to Carl Landwehr for leading this important summary of THaW work!
Connectivity reached new extremes, when wearable technologies enabled smart device communications to appear where analogue watches, rings, and vision-enhancing glasses used to sit. Risks of sensitive data being wrongly transmitted, as a result of malicious or non-malicious intent, grow alongside these new technologies. To ensure that this continued interconnectivity of smart devices and wearables is safe and secure, the THaW team devised, published, and patented LightTouch. This technology, conceptually compatible with existing smart bracelet and display designs, uses optical sensors on the smart device and digital radio links to create a shared secret key that enables the secure and private connection between devices.
LightTouch makes it easy for a person to securely connect their wearable device to a computerized device they encounter, for the purpose of viewing information from their device and possibly sharing that information with nearby acquaintances. To learn more, check out this recent Spotlight in IEEE Computer, or click the links below to read the journal article, the patent specifics, or the conference presentation.
Xiaohui Liang, Ronald Peterson, and David Kotz. Securely Connecting Wearables to Ambient Displays with User Intent. IEEE Transactions on Dependable and Secure Computing 17(4), pages 676–690, July 2020. IEEE. DOI: 10.1109/TDSC.2018.2840979
Xiaohui Liang, Tianlong Yun, Ron Peterson, and David Kotz. Secure System For Coupling Wearable Devices To Computerized Devices with Displays, March 2020. USPTO; U.S. Patent 10,581,606; USPTO. Download from https://patents.google.com/patent/US20170279612A1/en — Priority date 2014-08-18, Grant date 2020-03-03.
Xiaohui Liang, Tianlong Yun, Ronald Peterson, and David Kotz. LightTouch: Securely Connecting Wearables to Ambient Displays with User Intent. In IEEE International Conference on Computer Communications (INFOCOM), May 2017. IEEE. DOI: 10.1109/INFOCOM.2017.8057210
The THaW team is pleased to announce one new patent derived from THaW research. For the complete list of patents, visit our Tech Transfer page.
Abstract: Systems and methods are disclosed for providing a trusted computing environment that provides data security in commodity computing systems. Such systems and methods deploy a flexible architecture comprised of distributed trusted platform modules (TPMs) configured to establish a root-of-trust within a heterogeneous network environment comprised of non-TPM enabled IoT devices and legacy computing devices. A data traffic module is positioned between a local area network and one or more non-TPM enabled IoT devices and legacy computing devices, and is configured to control and monitor data communication among such IoT devices and legacy computing devices and from such IoT devices and legacy computing devices to external computers. The data traffic module supports attestation of the IoT devices and legacy computing devices, supports secure boot operations of the IoT devices and legacy computing devices, and provides tamper resistance to such IoT devices and legacy computing devices.
Kevin Kornegay and Willie Lee Thompson II. Decentralized Root-of-Trust Framework for Heterogeneous Networks, November 2020. Morgan State University; USPTO. Download from https://patents.google.com/patent/US20180196945A1/en
As the THaW project draws to a close, we are proud to recognize the many students and postdocs who were involved in THaW research over the years. As noted below, they have moved on to positions in academia or industry. Unless otherwise noted, each is a PhD. (Please send any corrections or additions to David Kotz at email@example.com.)
- Vincent Bindschaedler, Assistant Professor at University of Florida
- A.J. Burns, Assistant Professor at Baylor University
- Sung Choi, Assistant Professor at University of Central Florida
- Soteris Demetriou, Lecturer (Assistant Professor) at Imperial College London
- Karan Ganju (MS), Google
- Siddharth Gupta (MS), Twitch
- Dongjing He (MS), Google
- Haiming Jin, Assistant Professor at Shanghai Jiao-Tong University
- Gabe Kaptchuk, non-tenure track faculty at Boston University (starting fall 2020)
- Juhee Kwon, Assistant Professor at City University of Hong Kong
- Xiaohui Liang, Assistant Professor at UMass Boston
- Yunhui Long, Facebook
- Xun Lu (MS), Google
- Shrirang Mare, Assistant Professor at Western Washington University (starting fall 2020)
- Paul Martin, Director of Firmware Security at Harbor Labs
- Whitney Merrill (MS), Privacy Counsel at Asana
- Andrés Molina-Markham, member of research staff at MITRE
- Muhammad Naveed, Assistant Professor at University of Southern California (USC)
- Aarathi Prasad, Assistant Professor of Computer Science at Skidmore College
- Travis Peters, Assistant Professor of Computer Science at Montana State University
- Tim Pierson, Lecturer at Dartmouth College
- Sara Rampazzi, Assistant Professor at the University of Florida
- Reza Rawassizadeh, Assistant Professor at Boston University
- Mike Rushanan, Director of Medical Security at Harbor Labs
- David Russell, Software Engineer at Ardoq in Oslo, Norway
- Sougata Sen, Postdoc at Northwestern University
- Güliz Seray Tuncay, Google
- Bingyue Wang (AB), Google
- Ting-Yu Wang (MS), ?
- Ofir Weisse, Google
- Wei Yang, Assistant Professor at University of Texas at Dallas
- Tuo Yu, Research Scientist, Facebook
- Aston Zhang, Amazon
The THaW team is pleased to announce two new patents derived from THaW research, bringing the project total to five patents and one pending. For the complete list, visit our Tech Transfer page. The two new patents are described below.
- March 2020: Xiaohui Liang, Tianlong Yun, Ron Peterson, and David Kotz. Secure System For Coupling Wearable Devices To Computerized Devices with Displays, March 2020. USPTO; U.S. Patent 10,581,606; USPTO. Download from https://patents.google.com/patent/US20170279612A1/en — Priority date 2014-08-18, Grant date 2020-03-03. Patent describes a system enabling information from mobile health sensors (eg Fitbit) to be displayed onto nearby screens without being affected by local security threats. The scheme uses visible light sensor on the mobile device. See papers liang:lighttouch and liang:jlighttouch.
- February 2020: Timothy J. Pierson, Xiaohui Liang, Ronald Peterson, and David Kotz. Apparatus for Securely Configuring A Target Device and Associated Methods, February 2020. U.S. Patent 10,574,298; USPTO. Download from https://patents.google.com/patent/US20180191403A1/en — This is a patent. Priority date 2015-06-23, Grant date 2020-02-25. Patent based on “Wanda” device, described in other publications. Device implements a scheme for single antenna wi-fi device to determine its proximity to another wi-fi device with which it is communicating, in order to assure it is not unwittingly communicating with a distant adversary device rather than a nearby device. See paper pierson:wanda.
THaW professor Eric Johnson was recently interviewed on the DataBreach Today podcast. “How do hospitals’ efforts to bolster information security in the aftermath of data breaches potentially affect patient outcomes? Professor Eric Johnson of Vanderbilt University discusses recent research that shows a worrisome relationship between breach remediation and the delivery of timely patient care.”
You can find the 14-minute podcast, and written summary, on DataBreachToday.com.
The podcast discusses a recent THaW paper:
Sung J. Choi, M. Eric Johnson, and Christoph U. Lehmann. Data breach remediation efforts and their implications for hospital quality. Health Services Research 54(5), pages 971–980, September 2019. John Wiley & Sons. DOI: 10.1111/1475-6773.13203
ACM SIGMOBILE has posted a video of our presentation of the THaW paper Proximity detection with single-antenna IoT devices at MobiCom’19. Abstract below the video.
Timothy J. Pierson, Travis Peters, Ronald Peterson, and David Kotz. Proximity Detection with Single-Antenna IoT Devices. In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom), Article #21, October 2019. ACM Press. DOI 10.1145/3300061.3300120.
Abstract: Providing secure communications between wireless devices that encounter each other on an ad-hoc basis is a challenge that has not yet been fully addressed. In these cases, close physical proximity among devices that have never shared a secret key is sometimes used as a basis of trust; devices in close proximity are deemed trustworthy while more distant devices are viewed as potential adversaries. Because radio waves are invisible, however, a user may believe a wireless device is communicating with a nearby device when in fact the user’s device is communicating with a distant adversary. Researchers have previously proposed methods for multi-antenna devices to ascertain physical proximity with other devices, but devices with a single antenna, such as those commonly used in the Internet of Things, cannot take advantage of these techniques.
We present theoretical and practical evaluation of a method called SNAP – SiNgle Antenna Proximity – that allows a single-antenna Wi-Fi device to quickly determine proximity with another Wi-Fi device. Our proximity detection technique leverages the repeating nature Wi-Fi’s preamble and the behavior of a signal in a transmitting antenna’s near-field region to detect proximity with high probability; SNAP never falsely declares proximity at ranges longer than 14 cm.
THaW is proud to share news that Prof. Klara Nahrstedt, co-PI of the THaW project, has been recognized by the American Academy for the Advancement of Science as a Fellow of the AAAS. To be named an AAAS Fellow is one of the most prestigious recognitions in the science community. Congratulations to Klara!
More about her recognition here.
The THaW team is pleased to welcome Dr. Timothy Pierson as an affiliated faculty member. Tim is no stranger to THaW – he completed his PhD within the THaW project, publishing his work about systems named Wanda, SNAP, and CloseTalker.
Tim now serves as a Lecturer at Dartmouth College after completing a PhD in Computer Science in 2018. He previously spent more than 20 years working in strategy, technology, finance, and operations. He has led teams in a wide variety of organizations including: technology start-ups, hedge funds, management consulting, non-profits, and the military.
Tim’s PhD research focused on the privacy, security, and usability of wireless sensor networks. His work on a project called Wanda was featured in over 200 newspaper, radio and television stations, including the New York Times and the Washington Post.
Most recently before returning to school, Tim worked with a technology start-up where he developed and deployed 11,000 Internet of Things sensors in San Francisco to help the city manage traffic congestion and parking. Tim served on the firm’s Management Committee and was Chief Technology Officer.
Before the start-up, Tim was the Chief Technology Officer at Elliott Associates, one of the oldest and largest hedge funds in the world. There he led teams in New York, London, Hong Kong and Tokyo.
Prior to joining Elliott, Tim was a consultant at McKinsey & Company where he advised senior executives and helped craft the long-term strategic vision for companies in financial services, supply chain, energy, aviation, telecom, and retailing.
Before McKinsey & Company, Tim was Assistant Security Manager at the Metropolitan Museum of Art in New York where he managed projects and helped lead the Museum’s force of nearly 500 security guards that protect the multi-billion dollar art collection and ensure public safety.
Tim began his career in the US Air Force Special Operation Command where he conducted unconventional warfare operations around the world.
Tim holds a PhD in Computer Science as well as an MBA from Dartmouth College, and a BS in Computer Science from Michigan Tech.
Recent THaW research has demonstrated that temperature control systems, particularly in sensitive devices like infant incubators or industrial thermal chambers, can be affected by (and thus manipulated by) electromagnetic waves. The team included Prof. Kevin Fu and Research Investigator Sara Rampazzi from THaW, and Prof. Xiali Hei and PhD student Yazhou Tu from the University of Louisiana at Lafayette.
The vulnerability is due to the weakness of analog sensing components. In particular, the change in the measured temperature is due to an unintended rectification effect in amplifiers induced by injecting specific electromagnetic interferences though their temperature sensors.
The researchers demonstrate how it is possible remotely manipulate the temperature sensor measurements of critical devices, such as infant incubators, thermal chambers, and 3D printers. “In infant incubators for example, changing temperature sensor measurement can raise the risk of temperature-related health issues in infants, such as hyperthermia and hypothermia, which in turn can lead in extreme cases to hypoxia, and neurological complications.” Rampazzi says.
In a recent paper describing the attack method, the authors also describe a defense against the vulnerability, proposing a prototype of an analog anomaly detector to identify unintended interferences in the affected frequency range.
The paper was presented this month at the ACM Conference on Computer and Communications Security (CCS), and is available at DOI 10.1145/3319535.3354195.
Short video demos of the effect on an infant incubator are available on YouTube.