Authentication has become an integral part of computer usage, but it still remains an interruptive step in people’s workflow. To authenticate to a computer, depending on the authentication method, users must exert mental effort (e.g., recall their password) and/or physical effort (e.g., type their password). These factors increase the cost of context switch for users – cost of switching attention from a primary task to the authentication step and back to the task – disrupting users’ workflow. Clinical staff have often told us they are frustrated by the need to repeatedly log into their clinical desktop computers – sometimes hundreds of times in a day.
In this paper, presented by David Kotz at Ubicomp’18 in Singapore, we propose Seamless Authentication using Wristbands (SAW). SAW is an authentication method designed to address this shortcoming of proximity-based authentication methods, and we do so by adding a quick low-effort user input step that explicitly captures user intentionality for authentication. In SAW, the user’s wristband (e.g., fitness tracker, smartwatch) acts as the user’s authentication token. Read more below, and in the paper.
THaW welcomes Professor Kevin Kornegay and his students from Morgan State University in Baltimore MD. Kevin’s lab brings deep expertise in Medical IoT device security assessment, profiling, and hardening to an exploration of voice-based assistants.
Voice-assisted IoT devices such as Alexa, Siri, and Google Assistant are gaining use as portals for medical services. However, the potential safety and security issues they pose are not well understood by patients and consumers. In this collaboration, we will investigate some of the potential security issues of these devices using reverse engineering techniques to expose the vulnerabilities and propose recommendations for secure usage.
In June, THaW’s Eric Johnson once again met with a prominent Information Security Officer to discuss the state of security in health care. Juniper Networks’ CISO Sherry Ryan met with Eric to discuss the global implications of cloud-based computing, and attacks from hostile nation states. Click above to watch the discussion in full.
A team featuring THaW PI Carl Gunter and led by his student Guliz Seray Tuncay recently won “Best Paper” at NDSS. Resolving the Predicament of Android Custom Permissions was so well received at the conference it took home highest honors. To check out the full text, and what the team discovered about conflicting trust levels in regard to Android permissions, click through on the link below.
PDF: Resolving the Predicament of Android Custom Permissions
THaW researcher Kevin Fu, along with colleagues Chen Yan and Wenyuan Xu, recently released a technical report on a mysterious ailment at the United States embassy in Cuba. After exploring a wide variety of options, the trio concluded that the ailment may in fact have inadvertently been caused by interfering ultrasonic waves in the environment. Click through below to see some press coverage their discoveries have received, in addition to the full technical report.
The Conversation – Can Sound Be Used As A Weapon?
IEEE Spectrum – Finally, A Likely Explanation for the “Sonic Weapon” Used At The US Embassy In Cuba
PDF: On Cuba, Diplomats, Ultrasound, and Intermodulation Distortion
As part of THaW’s efforts towards community outreach and education, we have developed a curriculum based on the FitBit technology platform. This curriculum has been successfully deployed in two pilot groups let by THaW associates over the past two years.
Now, THaW researcher Joseph Carrigan, along with PI’s David Kotz and Avi Rubin, has formalized the curriculum into a technical report to allow others to use our implementation. Said Carrigan, “We developed an outreach activity that is engaging, informative, and repeatable. We are interested to see how it will be used at other locations.” To peruse the technical report and access the curriculum guidelines, please click below.
STEM Outreach Activity with Fitbit Wearable Devices
THaW member Eric Johnson (along with co-author Sung Choi) recently published at the 14th Workshop on The Economics of Information Security. In the paper, the two explore the ramifications of hospital data breaches, and if these breaches have an effect on quality of care. To learn more, click through to the paper below.
PDF: Do Hospital Data Breaches Reduce Patient Care Quality?
Professor David Kotz attended the NSF INCLUDES Summit on Broadening Participation and presented a poster about THaW engagement and broadening participation activities. The workshop was a great opportunity to share ideas and to learn from the best practices of others.
THaW researcher Kevin Fu recently joined his colleague Harold Thimbleby to discuss the challenges and obstacles created by ransomware. Read their comprehensive assessment of the problem, as well as possible solutions, at the link below.
HealthcareITNews — Ransomware:
How we can climb out of this mess
THaW contributor Eric Johnson’s conversations from the CISO conference continued with VP and CISO of Kindred Healthcare, Charles Lebo. The two had a conversation to discuss some of the emerging challenges of healthcare security. The topics ranged from the scope of large healthcare datasets, to the emergence of ransomware and maintaining data security.
Click here, or play the embedded video above, to hear the discussion in full.