Category Archives: Project news

THaW Comes to a Close

Posted on by
Reply

In 2013, the National Science Foundation’s Secure and Trustworthy Cyberspace program awarded a Frontier grant to a consortium of four institutions — Dartmouth College, the University of Michigan, the University of Illinois Urbana-Champaign, and Johns Hopkins University — to enable trustworthy cybersystems for health and wellness. Over the years, THaW grew to include researchers from Vanderbilt University, Morgan State University, and George Washington University.

Over 80 students and postdocs engaged in THaW research activities over the span of the project, and the project’s bibliography includes more than 130 significant publications. You can find an organized overview of these publications here. The THaW team devised systems and methods to enhance security, resulting in 11 patents. Team members were featured in various news outlets, and THaW PI Kevin Fu co-founded VirtaLabs to identify, assess, patch, and track clinical assets in health care environments.

THaW collaborated with The Archimedes Center for Medical Device Security in Michigan to offer a twice-annual training conference on how to integrate THaW security principles into the design of medical devices to clinical engineers and CISOs from hospitals and medical device manufacturers. Over 10,000 people and more than 100 industry organizations attended the events. In addition, Archimedes conducted on-site security training for more than 500 medical device engineers over the years.

If you are interested in taking advantage of any of the resources within this site, the contact us page of this website will remain active. The rest of the website will no longer be updated. Thank you to those of you who have followed this site and the THaW project over the past 11 years.

The THaW group at its annual meeting in 2017 (top) and its first annual meeting in 2013 (bottom)
The THaW group at its annual meeting in 2017 (top) and its first annual meeting in 2013 (bottom)

New THaW Patent: Secure Short-Range Wireless Communication

Posted on by
Reply

The THaW team is proud to announce the issuing of a patent for apparatuses, methods, and software for secure short-range wireless communication.

With the number and diversity of Internet of Things (IoT) devices growing, cryptography is not a blanket solution for secure message exchange. Devices may encounter dozens or hundreds of new devices each day, and many of these new IoT devices will have limited or non-existent user interfaces, making this manual secret entry even more cumbersome than configuring existing devices.

This work focuses on a secure method to wirelessly transmit data between devices that are in short-range of each other. In this setup, the sending device has two antennas and two transmitters. One transmitter sends a data signal via the first antenna, which is closer to the target device than the second antenna, and another transmits a jamming signal via the second antenna. Because of the close proximity between the target device and the first antenna, which results in a stronger signal, the receiving device can retrieve the data despite the presence of the jamming signal. This ensures a secure-communications process between the sending device and the target device.

To learn more, check out the patent. If you are interested in taking advantage of this patent, please contact us.

Timothy J. Pierson, Ronald Peterson, and David Kotz. Apparatuses, Methods, and Software for Secure Short-Range Wireless Communication. U.S. Patent 11,894,920 B2. February 06, 2024. Download from https://patents.google.com/patent/US11894920B2/en

See also: Timothy J. Pierson, Ronald Peterson, and David Kotz. Apparatuses, Methods, and Software For Secure Short-Range Wireless Communication. U.S. Patent 11,153,026, October 19, 2021. Download from https://patents.google.com/patent/US11153026B2/en

See also: Timothy J. Pierson, Travis Peters, Ronald Peterson, and David Kotz. CloseTalker: secure, short-range ad hoc wireless communication. Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), pages 340–352. ACM, June 2019. doi:10.1145/3307334.3326100. [Details]

New THaW Patent: Proximity Detection with Single-Antenna Device

Posted on by
Reply

The THaW team is proud to announce the issuing of a patent for new methods for single-antenna devices to determine proximity between themselves and another device. Previous work in this field provides a method for secure short-range information exchange between a multi-antenna device and a target device. However, a single-antenna device cannot use a multi-antenna-based method and, therefore, has no way to verify its proximity to the target device.

In this patented work, a single-antenna devices uses the phase and/or amplitude of a preamble received from a transmitting device, particularly a repeating portion of the preamble, to determine whether the receiving device is in close proximity to the transmitting device. If the transmitting device is close to the single-antenna device, the repeating portions of the preamble will differ in phase and amplitude, while a large distance between the two will cause the repeating portions to have a substantially consistent phase and amplitude. This can be helpful in preventing a distant adversary from tricking the single-antenna-device into believing that a malformed preamble is a legitimate signal from a nearby device.

Interested in learning more? Check out the patent here!

PIERSON, Timothy J., Ronald Peterson, and David F. KOTZ. System and method for proximity detection with single-antenna device. US 11,871,233 B2, issued January 9, 2024. https://patents.google.com/patent/US11871233B2/en.

New THaW Patent: Pairing Wireless Devices

Posted on by
Reply

The THaW team is proud to announce the issuing of a patent for new methods to pair wireless devices resulting from the THaW project.

Current Internet of Things (IoT) device authentication protocols are functional, but not scalable, which is increasingly pertinent as more and more homes and health-focused establishments have multiple ‘smart’ devices. For example, a manufacturer of an Internet-connected blood oxygen monitor will not know the name or Wi-Fi password of an end-user’s wireless network and cannot program the device to immediately pair with the user’s access point (AP). As a result, end-users may have to set up the monitor on their own… along with dozens of other home devices. Traditional pairing protocols also rely on a one-way authentication scheme, which does not prevent the user from pairing a new device with a spoofed AP.

This recently patented pairing process involves two devices sending signals between each other and leverages the movement of objects near both of these devices, which similarly impacts both devices’ signal strength. The devices can confirm trust in each other if the signal-strength-pattern they receive substantially matches the signal-strength-pattern the other device receives.

Interested in learning more? Check out the patent here or below!

Pierson, Timothy J., and Jonathan F. Alter. Methods and software for pairing wireless devices using dynamic multipath signal matching, and wireless devices implementing the same. US11856408B2, issued December 26, 2023. https://patents.google.com/patent/US11856408B2/en.

New THaW Patent

Posted on by
Reply

The THaW team is pleased to announce one new patent derived from THaW research. For the complete list of patents, visit our Tech Transfer page.

Abstract: Apparatuses that provide for secure wireless communications between wireless devices under cover of one or more jamming signals. Each such apparatus includes at least one data antenna and at least one jamming antenna. During secure-communications operations, the apparatus transmits a data signal containing desired data via the at least one data antenna while also at least partially simultaneously transmitting a jamming signal via the at least one jamming antenna. When a target antenna of a target device is in close proximity to the data antenna and is closer to the data antenna than to the jamming antenna, the target device can successfully receive the desired data contained in the data signal because the data signal is sufficiently stronger than the jamming signal within a finite secure-communications envelope due to the Inverse Square Law of signal propagation. Various related methods and machine-executable instructions are also disclosed.

Image describes the steps to ensure secure wireless data transfer between devices.

Timothy J. Pierson, Ronald Peterson, and David Kotz. Apparatuses, Methods, and Software For Secure Short-Range Wireless Communication. U.S. Patent 11,153,026, October 19, 2021. Download from https://patents.google.com/patent/US11153026B2/en

See also: Timothy J. Pierson, Travis Peters, Ronald Peterson, and David Kotz. CloseTalker: secure, short-range ad hoc wireless communication. Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), pages 340–352. ACM, June 2019. doi:10.1145/3307334.3326100. [Details]

Professor Kevin Fu appointed Acting Director of Medical Device Cybersecurity at the U.S. FDA Center for Devices and Radiological Health (CDRH)

Posted on by
Reply

Kevin Fu, THaW PI from the University of Michigan, is heading to Washington D.C. for a one-year term as Acting Director of Medical Device Cybersecurity at the U.S. FDA Center for Devices and Radiological Health (CDRH). This role includes an appointment with the Digital Health Center of Excellence (DHCoE).The DHCoE fosters responsible and high-quality digital health innovation.

To learn more about the role, Professor Fu’s numerous achievements in the cross-section of health technologies and cybersecurity, as well as his other notable contributions, check out the University of Michigan’s official press release here.

Congratulations, Professor Fu!

THaW publications

Posted on by
Reply
cover sheet of the report

Seven years ago, the National Science Foundation’s Secure and Trustworthy Cyberspace program awarded a grant creating the Trustworthy Health and Wellness (THaW) project. Most project activities have now wound down, after publishing more than a hundred journal papers, conference papers, workshop contributions, dissertations, theses, patents, and more. We just released an annotated bibliography, with all the references organized in a Zotero library that provides ready access to citation materials and abstracts. In the annotated bibliography we organize papers by cluster (category), identify content tags, and give a brief annotation summarizing the work’s contribution. Thanks to Carl Landwehr for leading this important summary of THaW work!

LightTouch – Connecting Wearables to Ambient Displays

Posted on by
Reply

Connectivity reached new extremes, when wearable technologies enabled smart device communications to appear where analogue watches, rings, and vision-enhancing glasses used to sit. Risks of sensitive data being wrongly transmitted, as a result of malicious or non-malicious intent, grow alongside these new technologies. To ensure that this continued interconnectivity of smart devices and wearables is safe and secure, the THaW team devised, published, and patented LightTouch. This technology, conceptually compatible with existing smart bracelet and display designs, uses optical sensors on the smart device and digital radio links to create a shared secret key that enables the secure and private connection between devices.

LightTouch makes it easy for a person to securely connect their wearable device to a computerized device they encounter, for the purpose of viewing information from their device and possibly sharing that information with nearby acquaintances. To learn more, check out this recent Spotlight in IEEE Computer, or click the links below to read the journal article, the patent specifics, or the conference presentation.

Xiaohui Liang, Ronald Peterson, and David Kotz. Securely Connecting Wearables to Ambient Displays with User IntentIEEE Transactions on Dependable and Secure Computing 17(4), pages 676–690, July 2020. IEEE. DOI: 10.1109/TDSC.2018.2840979

Xiaohui Liang, Tianlong Yun, Ron Peterson, and David Kotz. Secure System For Coupling Wearable Devices To Computerized Devices with Displays, March 2020. USPTO; U.S. Patent 10,581,606; USPTO. Download from https://patents.google.com/patent/US20170279612A1/en — Priority date 2014-08-18, Grant date 2020-03-03.

Xiaohui Liang, Tianlong Yun, Ronald Peterson, and David Kotz. LightTouch: Securely Connecting Wearables to Ambient Displays with User Intent. In IEEE International Conference on Computer Communications (INFOCOM), May 2017. IEEE. DOI: 10.1109/INFOCOM.2017.8057210

#NSFStories

New THaW Patent

Posted on by
Reply

The THaW team is pleased to announce one new patent derived from THaW research. For the complete list of patents, visit our Tech Transfer page.

Abstract: Systems and methods are disclosed for providing a trusted computing environment that provides data security in commodity computing systems. Such systems and methods deploy a flexible architecture comprised of distributed trusted platform modules (TPMs) configured to establish a root-of-trust within a heterogeneous network environment comprised of non-TPM enabled IoT devices and legacy computing devices. A data traffic module is positioned between a local area network and one or more non-TPM enabled IoT devices and legacy computing devices, and is configured to control and monitor data communication among such IoT devices and legacy computing devices and from such IoT devices and legacy computing devices to external computers. The data traffic module supports attestation of the IoT devices and legacy computing devices, supports secure boot operations of the IoT devices and legacy computing devices, and provides tamper resistance to such IoT devices and legacy computing devices.

Kevin Kornegay and Willie Lee Thompson II. Decentralized Root-of-Trust Framework for Heterogeneous Networks, November 2020. Morgan State University; USPTO. Download from https://patents.google.com/patent/US20180196945A1/en

THaW graduates: where are they now?

Posted on by
Reply

As the THaW project draws to a close, we are proud to recognize the many students and postdocs who were involved in THaW research over the years. As noted below, they have moved on to positions in academia or industry. Unless otherwise noted, each is a PhD. (Please send any corrections or additions to David Kotz at info@thaw.org.)