At the Joint Conference on Pervasive and Ubiquitous Computing conference, Ubicomp, David Kotz presented THaW’s work to develop a novel biometric approach to identifying and verifying who is wearing a device – an important consideration for a medical device that may be collecting diagnostic information that is fed into an electronic health record. Their novel approach is to use vocal resonance, i.e., the sound of your voice as it passes through bones and tissues, for a device to recognize its wearer and verify that it is physically in contact with the wearer… not just nearby. They implemented the method on a wearable-class computing device and showed high accuracy and low energy consumption.
Rui Liu, Cory Cornelius, Reza Rawassizadeh, Ron Peterson, and David Kotz. Vocal Resonance: Using Internal Body Voice for Wearable Authentication. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (UbiComp), 2(1), March 2018. DOI 10.1145/3191751.
Abstract: We observe the advent of body-area networks of pervasive wearable devices, whether for health monitoring, personal assistance, entertainment, or home automation. For many devices, it is critical to identify the wearer, allowing sensor data to be properly labeled or personalized behavior to be properly achieved. In this paper we propose the use of vocal resonance, that is, the sound of the person’s voice as it travels through the person’s body – a method we anticipate would be suitable for devices worn on the head, neck, or chest. In this regard, we go well beyond the simple challenge of speaker recognition: we want to know who is wearing the device. We explore two machine-learning approaches that analyze voice samples from a small throat-mounted microphone and allow the device to determine whether (a) the speaker is indeed the expected person, and (b) the microphone-enabled device is physically on the speaker’s body. We collected data from 29 subjects, demonstrate the feasibility of a prototype, and show that our DNN method achieved balanced accuracy 0.914 for identification and 0.961 for verification by using an LSTM-based deep-learning model, while our efficient GMM method achieved balanced accuracy 0.875 for identification and 0.942 for verification.
In June, THaW’s Eric Johnson once again met with a prominent Information Security Officer to discuss the state of security in health care. Juniper Networks’ CISO Sherry Ryan met with Eric to discuss the global implications of cloud-based computing, and attacks from hostile nation states. Click above to watch the discussion in full.
As part of THaW’s efforts to discuss the state of security in the health care industry, Eric Johnson continues to meet with prominent Information Security Officers to discuss the current challenges in the industry. This time, Eric met with Cardinal Health’s Talvis Love to discuss a variety of topics, including the intricacies of a the migration to the cloud for data storage and retrieval. Click above to watch the discussion in full.
A team featuring THaW PI Carl Gunter and led by his student Guliz Seray Tuncay recently won “Best Paper” at NDSS. Resolving the Predicament of Android Custom Permissions was so well received at the conference it took home highest honors. To check out the full text, and what the team discovered about conflicting trust levels in regard to Android permissions, click through on the link below.
PDF: Resolving the Predicament of Android Custom Permissions
THaW researcher Kevin Fu, along with colleagues Chen Yan and Wenyuan Xu, recently released a technical report on a mysterious ailment at the United States embassy in Cuba. After exploring a wide variety of options, the trio concluded that the ailment may in fact have inadvertently been caused by interfering ultrasonic waves in the environment. Click through below to see some press coverage their discoveries have received, in addition to the full technical report.
The Conversation – Can Sound Be Used As A Weapon?
IEEE Spectrum – Finally, A Likely Explanation for the “Sonic Weapon” Used At The US Embassy In Cuba
PDF: On Cuba, Diplomats, Ultrasound, and Intermodulation Distortion
As part of THaW’s efforts towards community outreach and education, we have developed a curriculum based on the FitBit technology platform. This curriculum has been successfully deployed in two pilot groups let by THaW associates over the past two years.
Now, THaW researcher Joseph Carrigan, along with PI’s David Kotz and Avi Rubin, has formalized the curriculum into a technical report to allow others to use our implementation. Said Carrigan, “We developed an outreach activity that is engaging, informative, and repeatable. We are interested to see how it will be used at other locations.” To peruse the technical report and access the curriculum guidelines, please click below.
STEM Outreach Activity with Fitbit Wearable Devices
THaW member Eric Johnson (along with co-author Sung Choi) recently published at the 14th Workshop on The Economics of Information Security. In the paper, the two explore the ramifications of hospital data breaches, and if these breaches have an effect on quality of care. To learn more, click through to the paper below.
PDF: Do Hospital Data Breaches Reduce Patient Care Quality?
Professor David Kotz attended the NSF INCLUDES Summit on Broadening Participation and presented a poster about THaW engagement and broadening participation activities. The workshop was a great opportunity to share ideas and to learn from the best practices of others.
THaW leader Kevin Fu was recently named a fellow by the Institute of Electrical and Electronics Engineers (IEEE) for his contributions to embedded and medical device security. The honor comes as part of the 2018 class, and is “a distinction reserved for select IEEE members whose extraordinary accomplishments in any of the IEEE fields of interest are deemed fitting of this prestigious grade elevation”. To read more about Kevin’s award and accomplishments, click through below.
Kevin Fu Elected IEEE Fellow for Contributions to Embedded and Medical Device Security
In a recent Viewpoint article in JAMA, THaW member Kevin Fu explored a recent pacemaker vulnerability, and its ramifications for medical device security in general. In the post, he discusses both the full extent of the vulnerabilities, as well as the practical considerations to be taken as a result. To read the full text of the article, click the link below.
Cybersecurity Concerns and Medical Devices – Lessons From a Pacemaker Advisory