The THaW team is pleased to welcome Prof. Michel Reece, of Morgan State University, as a new collaborator in research on security and privacy issues medical devices. Together with Tim Pierson (Dartmouth) and David Kotz (Dartmouth), Michel and her group will investigate the potential for identifying devices through features sensed at the PHY and MAC layers, and validating the authenticity of such devices.
Dr. Michel A. Reece currently serves as the interim Chairperson and the director of the laboratory for Advanced RF/Microwave Measurement and Electronic Design (ARMMED) in the Department of Electrical and Computer Engineering at Morgan State University (MSU). Her research interests include wireless signal characterization and device authentication of IoT devices, high frequency device characterization and modeling for III-V semiconductors, RF/ MMIC circuit design, adaptable electronic components for software defined radio applications and most recently power amplifier development for THz mobile communication applications. She received her B.S from Morgan State in 1995 and her M.S.E.E. from Penn State in 1997, both in Electrical Engineering. She became the first female recipient at MSU to obtain her doctorate degree in Engineering in 2003. Previously, she served as a post- doctoral researcher of the Microwave Systems Section of the RF Engineering Group at Johns Hopkins University Applied Physics Laboratory Space Department. She has a passion for education where she has developed curriculum for the RF Microwave Engineering concentration offered at MSU, one out of a few HBCUs to have a dedicated program in this area. She has also taught as an adjunct faculty member at Johns Hopkins University Engineering Professionals Program.
THaW’s A.J. Burns and Eric Johnson recently published a piece in IT Professional:
Issue No. 03 – May./Jun. (2018 vol. 20)
Scott Breece, VP and CISO of Community Health Systems, discusses the rising security threat in healthcare with M. Eric Johnson, Dean of Vanderbilt University’s Owen Graduate School of Management. Scott highlights how health IT is transforming healthcare, improving the patient experience and outcomes. However, digitization of healthcare data also creates new risks for the healthcare system. Scott discusses how Community Health Systems is staying ahead of those threats and securing patient data. This video was partially supported by the THaW project, which is co-led by Eric Johnson.
A large fraction of faculty, postdocs, staff and students gathered for the annual THaW meeting. This year the meeting was hosted by UIUC in glorious fall weather.
THaW Researchers Xiaohui Liang, Tianlong Yun, Ronald Peterson, and David Kotz have been researching new methods for connecting wearables to external screens. Their paper, LightTouch: Securely Connecting Wearables to Ambient Displays with User Intent, has been accepted to INFOCOM 2017. In it, they explore a security system that uses a screen’s brightness level to ensure secure connection between screen and device. Moreover, they also address additional screen-based counter measures that can be taken to further secure the protocol. For more information and to read the paper, click the link below.
THaW researcher Kevin Fu’s work on acoustic device hacking has recently been featured in the New York Times. The article discusses the team’s work on using acoustic signals to fool sensors in mobile device, and create the potential for security violations. For more information beyond the article, click here for a quick video, or read the complete paper below.
WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks
In mid-November THaW was excited to co-host, along with the Center For Digital Strategies at the Tuck School of Business and the Owen School of Management, a workshop on building secure connected healthcare organizations.
The workshop was attended by CISOs from twelve interested healthcare organizations, as well as members of the THaW project. It provided for a day of conversation about cybersecurity best practices and challenges. Over the course of the workshop, with moderation by Eric Johnson and Hans Brechbuhl, the group touched upon a wide array of subjects; we are now happy to present some key insights and a summary of the day’s proceedings. Highlights include insights regarding phishing attacks, medical device security, and the emerging Internet of things.
Click through below to review the document, and feel free to share with your colleagues!
Overview: Building Secure Connected Healthcare Organizations
A few months ago we announced the results of our Wanda project, as published in INFOCOM 2016. Today we’re excited to share this new video description of the project! Thanks to Abby Starr and Shiyao Peng of Dartmouth’s DALI lab, and Tim Pierson of the THaW team, for this fun and informative production.
Nearly every setting is increasingly populated with wireless and mobile devices – whether appliances in a home, medical devices in a health clinic, sensors in an industrial setting, or devices in an office or school. There are three fundamental operations when bringing a new device into any of these settings: (1) to configure the device to join the wireless local-area network, (2) to partner the device with other nearby devices so they can work together, and (3) to configure the device so it connects to the relevant individual or organizational account in the cloud. The challenge is to accomplish all three goals simply, securely, and consistent with user intent. We call our approach Wanda – a `magic wand’ that accomplishes all three of the above goals – and evaluate a prototype implementation.
THaW PhD student, Tim Pierson, along with the Wanda team have built a ‘magic wand’ that simplifies the integration of new medical devices into existing wireless networks. A detailed description of their work is found below in the abstract to their recently accepted IEEE INFOCOM paper.
Abstract: Nearly every setting is increasingly populated with wireless and mobile devices – whether appliances in a home, medical devices in a health clinic, sensors in an industrial setting, or devices in an office or school. There are three fundamental operations when bringing a new device into any of these settings: (1) to configure the device to join the wireless local-area network, (2) to partner the device with other nearby devices so they can work together, and (3) to configure the device so it connects to the relevant individual or organizational account in the cloud. The challenge is to accomplish all three goals simply, securely, and consistent with user intent. We present a novel approach we call Wanda – a `magic wand’ that accomplishes all three of the above goals – and evaluate a prototype implementation.
A prepublication version is available here.
Professor Kotz, at the request of the Center for the Clinical Trials Network, presented a webinar on the 26th of January 2016. His presentation was an overview of the THaW research agenda as it relates to the security challenges faced by health care professionals.
Here is a brief synopsis of Professor Kotz’s presentation:
The Mobile medical applications offer tremendous opportunities to improve quality and access to care, reduce cost, and improve individual wellness and public health. These new technologies, whether in the form of software for smartphones as specialized devices to be worn, carried, or applied as needed, may also pose risks if they are not designed or configured with security and privacy in mind. For example, a patient’s insulin pump may accept dosage instructions from unauthorized smartphones running a spoofed application; another patient’s fertility-tracking app may be probing the Bluetooth network for its associated device, exposing her use of this app to nearby strangers. In this webinar, Dr. David Kotz presents an overview of the security and privacy challenges posed by mobile medical applications, including important open issues that require further research.
To view the entire presentation click here.