Please follow our publications on Mendeley.

November 2019: Yazhou Tu, Sara Rampazzi, Bin Hao, Angel Rodriguez, Kevin Fu, and Xiali Hei. Trick or Heat?: Manipulating Critical Temperature-Based Control Systems Using Rectification Attacks. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 2301–2315, November 2019. ACM Press. DOI: 10.1145/3319535.3354195

October 2019: Timothy J. Pierson, Travis Peters, Ronald Peterson, and David Kotz. Proximity Detection with Single-Antenna IoT Devices. In ACM International Conference on Mobile Computing and Networking (MobiCom), pages 1–15, October 2019. ACM Press. DOI: 10.1145/3300061.3300120Paper describes scheme for single antenna wi-fi device to determine its proximity to another wi-fi device with which it is communicating, in order to assure it is not unwittingly communicating with a distant adversary device rather than a nearby device.

September 2019: Sung J. Choi, M. Eric Johnson, and Christoph U. Lehmann. Data breach remediation efforts and their implications for hospital quality. Health Services Research 54(5), pages 971–980, September 2019. John Wiley & Sons. DOI: 10.1111/1475-6773.13203

September 2019: Tuo Yu and Klara Nahrstedt. ShoesHacker: Indoor Corridor Map and User Location Leakage through Force Sensors in Smart Shoes. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 3(3), September 2019. ACM. DOI: 10.1145/3351278

June 2019: Bo Chen, Zhisheng Yan, Haiming Jin, and Klara Nahrstedt. Event-driven stitching for tile-based live 360 video streaming. In ACM Multimedia Systems Conference (MMSys ’19), pages 1–12, June 2019. ACM Press. DOI: 10.1145/3304109.3306234Paper presents an event-driven stitching algorithm for tile-based 360 video live streaming, which abstracts various semantic information as events and makes tiling scheme decisions based on a tile actuator. A streaming system is implemented based on an event-driven stitching scheme called LiveTexture. Evaluation by comparison with other baseline systems and shows that LiveTexture adapts well to various timing budgets by meeting 89.4% of the timing constraints while utilizing timing budget more efficiently.

June 2019: Timothy J. Pierson, Travis Peters, Ronald Peterson, and David Kotz. CloseTalker: Secure, Short-Range Ad Hoc Wireless Communication. In ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), pages 340–352, June 2019. ACM Press. DOI: 10.1145/3307334.3326100Paper describes design, implementation, and evaluation of CloseTalker, a system that leverages multiple antennas and the physics of near-field radio to ensure wireless devices in close physical proximity can securely communicate while more distant devices cannot recover the information transmitted. CloseTalker works irrespective of device type or manufacturer and without additional hardware, out-of-band channels, complicated computation, or manual configuration.

May 2019: Andrew Kwong, Wenyuan Xu, and Kevin Fu. Hard Drive of Hearing: Disks that Eavesdrop with a Synthesized Microphone. In IEEE Symposium on Security and Privacy, pages 125–139, May 2019. IEEE. DOI: 10.1109/SP.2019.00008Documents how acoustic signals may be recovered from hard drives, whose read/write heads are sensitive to pressure changes and thus can provide as a side channel, a record of acoustic signals.

April 2019: Tuo Yu, Haiming Jin, and Klara Nahrstedt. Mobile devices based eavesdropping of handwriting. IEEE Transactions on Mobile Computing, April 2019. IEEE. DOI: 10.1109/TMC.2019.2912747Demonstrates how content of handwriting (as in patient information forms) may be deduced from audio signals generated by writing implements and recorded by nearby mobile devices in contacr with the writing surface.

March 2019: Joe Carlson. 750,000 Medtronic Defibrillators Vulnerable to Hacking, March 2019. Star Tribune. Download from report of security vulnerability in Medtronics implantable defibrillators.

March 2019: Bo Chen and Klara Nahrstedt. FIS: Facial Information Segmentation for Video Redaction. In IEEE Conference on Multimedia Information Processing and Retrieval (MIPR), March 2019. IEEE. DOI: 10.1109/MIPR.2019.00071Paper proposes the Facial Information Segmentation algorithm (FIS), which combines the Harris Corner, the color information and an off-the-shelf face detection algorithm to identify pixels revealing facial information. Evaluation is by comparison with the human trace tracking (HTT) and an off-the-shelf face detection algorithm (FD) proposed in earlier works. The result demonstrates that FD is unsuitable for video redaction. Further, compared with HTT, FIS achieves higher background preservation with negligible loss of video privacy in most cases.

March 2019: Tuo Yu, Haiming Jin, and Klara Nahrstedt. ShoesLoc: In-shoe force sensor-based indoor walking path tracking. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 3(1), March 2019. ACM. DOI: 10.1145/3314418Walking direction change and the stride length of each step made by the user are estimated based on insole sensors. A particle filter is applied to the data to improve the accuracy of the estimated walking path.

February 2019: Shrirang Mare, Reza Rawassizadeh, Ronald Peterson, and David Kotz. Continuous Smartphone Authentication using Wristbands. In Proceedings Workshop on Usable Security, February 2019. Internet Society. DOI: 10.14722/usec.2019.23013

February 2019: Lanier Watkins, Shreya Aggarwal, Omotola Akeredolu, William H. Robinson, and Aviel Rubin. Tattle Tale Security: An Intrusion Detection System for Medical Body Area Networks (MBAN). In Workshop on Decentralized IoT Systems and Security (DISS), February 2019. Internet Society. DOI: 10.14722/diss.2019.23003Paper is about human machine interaction in the sense that it deals with a body area network and devices that may be sensing the state of the body. The idea is to detect intrusions into a body area network on the basis of anomalous power usage exhibited by devices in the network.

January 2019: Sung J. Choi and M. Eric Johnson. Understanding the relationship between data breaches and hospital advertising expenditures. The American Journal of Managed Care 25(1), pages e14–e20, January 2019. Download from to investigate advertising costs for healthcare institutions that have suffered data breaches. Finding is that advertising costs rise significantly in the period of two years following the breach.

January 2019: Chen Yan, Kevin Fu, and Wenyuan Xu. On Cuba, diplomats, ultrasound, and intermodulation distortion. Computers in Biology and Medicine 104, pages 250–266, January 2019. DOI: 10.1016/j.compbiomed.2018.11.012Paper proposes that disturbing sounds heard by US workers in Cuban embassy could have arison from intermodulation distortion coming from ultrasound-based sensing systems operating at different frequencies. Experiments are conducted to show that the released signals are not inconsistent with this hypothesis.

December 2018: Juhee Kwon and M. Eric Johnson. Meaningful healthcare security: does meaningful-use attestation improve information security performance? MIS Quarterly 42(4), pages 1043–1067, December 2018. DOI: 10.25300/MISQ/2018/13580Study of hospitals that have/have not achieved Stage 1 ’meaningful use’ certification for EHR use to see effects on security breaches. Findings include that institutions reaching Stage 1 meaningful use standards experience a temporary reduction in external breaches and at the same time experience an increase in internal breaches, but do see reductions in both types in the longer term.

November 2018: Bo Chen, Klara Nahrstedt, and Carl A. Gunter. ReSPonSe: Real-time, Secure, and Privacy-aware Video Redaction System. In EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous), pages 39–48, November 2018. ACM Press. DOI: 10.1145/3286978.3286990Paper presents a real-time video redaction system (ReSPonSe), which aims to protect private information in personal videos according to permissions of people-in-video for other viewers to view them in the video. Video production has two stages: Encapsulation, which produces neutral videos in real-time, and Decapsulation, which provides privacy-aware video to the viewer, revealing private content of people-in-video who grants access rights to that viewer. Efficiency and accuracy of the system in protecting private information are evaluated.

November 2018: Tuo Yu, Haiming Jin, Wai-Tian Tan, and Klara Nahrstedt. SKEPRID: Pose and illumination change-resistant skeleton-based person re-identification. ACM Transactions on Multimedia Computing, Communications, and Applications (TOMM) – Special Section on Deep Learning for Intelligent Multimedia Analytics 14(4), November 2018. ACM. DOI: 10.1145/3243217Paper presents SKEPRID, a re-identification method that is resistant to strong pose and lighting changes. By incorporating skeleton information, the impact of changes in pose is reduced, and a set of skeleton-based illumination-independent features can be designed that significantly improves re-id accuracy. Experimental results show that SKEPRID outperforms other current approaches and confirms the benefit of handling complex poses and various illumination jointly.

October 2018: Karan Ganju, Qi Wang, Wei Yang, Carl A. Gunter, and Nikita Borisov. Property Inference Attacks on Fully Connected Neural Networks using Permutation Invariant Representations. In ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 619–633, October 2018. ACM. DOI: 10.1145/3243734.3243834Paper studies fully-connected neural nets (FCNNs) and shows how adversarial machine learning techniques can reveal properties that the developer of the model did not intend to share.

October 2018: Shubhra Kanti Karmaker Santu, Vincent Bindschadler, ChengXiang Zhai, and Carl A. Gunter. NRF: A Naive Re-identification Framework. In ACM Workshop on Privacy in the Electronic Society (WPES ’18), pages 121–132, October 2018. DOI: 10.1145/3267323.3268948De-identification of data is performed in order to enable data to be analyzed without revealing identities of study participants. But de-identification is done by rules derived from HIPAA that cannot guarantee participants are not later re-identified using outside data sources. This paper develops models that enable estimating the probability that individuals can be re-identified.

October 2018: Timothy J. Pierson, Travis Peters, Ronald Peterson, and David Kotz. Poster: Proximity Detection with Single-Antenna IoT Devices. In International Conference on Mobile Computing and Networking (MobiCom), pages 663–665, October 2018. ACM. DOI: 10.1145/3241539.3267751Poster describes scheme for single antenna wi-fi device to determine its proximity to another wi-fi device with which it is communicating, in order to assure it is not unwittingly communicating with a distant adversary device rather than a nearby device.

October 2018: Sougata Sen, Archan Misra, Vigneshwaran Subbaraju, Karan Grover, Meera Radhakrishnan, Rajesh K. Balan, and Youngki Lee. I4S: capturing shopper’s in-store interactions. In ACM International Symposium on Wearable Computers (ISWC), pages 156–159, October 2018. DOI: 10.1145/3267242.3267259Paper describes a system for monitoring and recording shoppers’ interactions with products on shelves in a retail environment, recording both items selected and items considered but not selected for purchase. The system incorporates information from Bluetooth Low Energy beacons, smartwatches, and smartphones. System details, implementation, evaluation covered very lightly.

September 2018: Shrirang Mare, Reza Rawassizadeh, Ronald Peterson, and David Kotz. SAW: Wristband-based authentication for desktop computers. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (Ubicomp) 2(3), September 2018. DOI: 10.1145/3264935Paper describes a wristband device that, by detecting motions of the wearer’s wrist and conveying these to a monitor, permits those motions to be correlated (or not) with the motions of an authenticated user. In this way, if the authenticated wearer of the wristband is replaced by another user at the same workstation, for example, the new user’s inputs will not correlate with the wristband of the authenticated user. In this way, the device provides a means for continuous authentication.

July 2018: David J. Slotwiner, Thomas F. Deering, Kevin Fu, Andrea M. Russo, Mary N. Walsh, and George F. Van Hare. Cybersecurity vulnerabilities of cardiac implantable electronic devices: communication strategies for clinicians. Heart Rhythm 15(7), pages e61–e67, July 2018. DOI: 10.1016/j.hrthm.2018.05.001Paper describes vulnerabilities/attacks on medical devices (cardiac implantable devices) and discusses whom to notify when vulnerabilities are discovered and appropriate communication methods to use. (Proceedings of the Heart Rhythm Society’s Leadership Summit).

June 2018: Travis Peters, Reshma Lal, Srikanth Varadarajan, Pradeep Pappachan, and David Kotz. BASTION-SGX: Bluetooth and Architectural Support for Trusted I/O on SGX. In International Workshop on Hardware and Architectural Support for Security and Privacy (HASP), June 2018. ACM. DOI: 10.1145/3214292.3214295Paper documents an approach to provide a trusted path for data transmitted wirelessly over Bluetooth to an Intel SGX Trusted Execution Environment, eliminating the need to trust drivers, middleware, OS, or hypervisor.

June 2018: Timothy J. Pierson. Secure Short-range Communications, June 2018. Dartmouth Computer Science. Download from Dissertation incorporates work on Wanda, SNAP, and CloseTalker (JamFi), generally addressing issues of radio communications over short distances and exploiting properties of antennas and electromagnetic waves to achieve authentication and secure communication without altering commercial products.

June 2018: Aston Zhang, Xun Lu, Carl A. Gunter, Shuochao Yao, Fangbo Tao, Rongda Zhu, Huan Gui, Daniel Fabbri, David Liebovitz, and Bradley Malin. De facto diagnosis specialties: recognition and discovery. Learning Health Systems 2(3), June 2018. DOI: 10.1002/lrh2.10057Paper applies AI methods (supervised/unsupervised learning) to study records of diagnoses in relation to identified medical specialties (listed in the Health Care Provider Taxonomy Code Set) in order to identify de facto diagnosis specialties and potentially identify new specialties. Existing specialties are confirmed and new de facto specialties in breast cancer and obesity are identified.

May 2018: Connor Bolton, Sara Rampazzi, Chaohao Li, Andrew Kwong, Wenyuan Xu, and Kevin Fu. Blue Note: How Intentional Acoustic Interference Damages Availability and Integrity in Hard Disk Drives and Operating Systems. In IEEE Symposium on Security and Privacy (SP), pages 1048–1062, May 2018. IEEE. DOI: 10.1109/SP.2018.00050Paper documents mechanisms by which acoustic interference can disrupt hard drive performance, demonstrates the effects, and proposes protective measures to protect hard drives against such interference.

May 2018: A. J. Burns and Eric Johnson. The evolving threat to privacy: analyzing breach data to understand the cyberthreat vector. IT Professional 20(3), pages 64–72, May 2018. DOI: 10.1109/MITP.2018.032501749Article reviews the distinct impact of data breaches involving PII, finding that these breaches are significantly larger compared to other breaches, and shows that past breaches are useful for predicting future breaches.

May 2018: Xiaohui Liang, Ronald Peterson, and David Kotz. Securely connecting wearables to ambient displays with user intent. IEEE Transactions on Dependable and Secure Computing, page 1, May 2018. DOI: 10.1109/TDSC.2018.2840979Paper describes the LightTouch system for displaying wristband information securely on nearby displays, coordinating by using an ambient light sensor on the wristband and light output by the display. Experiments demonstrate the feasibility, security, and reliability of the approach.

May 2018: Andrés Molina-Markham, Shrirang Mare, Ronald Peterson Jr., and David Kotz. Continuous Seamless Mobile Device Authentication Using a Separate Electronic Wearable Apparatus, May 2018. U.S. Patent 9,961,547. Download from invention is a wearable device whose motions can be correlated to inputs to a mobile device. The inventions supports continuous authentication for users wearing the device.

April 2018: Soteris Demetriou. Analyzing & designing the security of shared resources on smartphone operating systems, April 2018. University of Illinois at Urbana-Champaign. Download from Dissertation studies Android platform, particularly isolation mechanisms and permission model, discovers weaknesses from side channels, third party libraries and various other aspects that may be exploited by untrustworthy application, including medical apps, and proposes mitigations for them.

April 2018: Soteris Demetriou, Nathaniel D. Kaufman, Jonah Baim, Adam J. Goldsher, and Carl A. Gunter. Toward an Extensible Framework for Redaction. In Workshop on Security and Privacy for the Internet-of-Things (IoTSec), April 2018. Download from paper introduces the concept of a ’decognizer’ toolkit which could be used to redact sensitive information in an image or text, complementing the function of a recognizer toolkit, which helps detect such information.

April 2018: Karan Ganju. Inferring properties of neural networks with intelligent designs, April 2018. University of Illinois at Urbana-Champaign. Download from Thesis reviews neural network techniques and the extent to which an attacker may infer properties of the data set used to train the network.

April 2018: Paul D. Martin, David Russell, Aviel D. Rubin, Stephen Checkoway, and Malek Ben Salem. Sentinel: Secure Mode Profiling and Enforcement for Embedded Systems. In IEEE/ACM International Conference on Internet-of-Things Design and Implementation (IoTDI), April 2018. IEEE. DOI: 10.1109/IoTDI.2018.00020Paper reports on Sentinel, a secure mode profiler for embedded devices. Sentinel uses a bus-tapping interface to derive a partial control flow graph during device operation. The control flow graph can then be used to audit device execution and detect deviations, which may be attacks.

April 2018: Wei Yang. Adversarial-resilience assurance for mobile security systems, April 2018. University of Illinois at Urbana-Champaign. Download from Dissertation focuses on Android app security: how to detect malicious apps, particularly based on characterizion of the app’s behavior in context. Differences in structure in malware (command and control structure with remote communication) and non-malware apps Static analysis of app is part of the method.

April 2018: Tuo Yu, Haiming Jin, and Klara Nahrstedt. Audio Based Handwriting Input for Tiny Mobile Devices. In IEEE Conference on Multimedia Information Processing and Retrieval (MIPR), April 2018. IEEE. DOI: 10.1109/MIPR.2018.00030Handwriting recognition system using audio signals and tabletop writing with fingers. Machine Learning and gesture tracking are used to train the system, and techniques to deal with audio multipath yield a claimed accuracy of 90-95% accuracy in laboratory environments.

March 2018: Rui Liu, Cory Cornelius, Reza Rawassizadeh, Ron Peterson, and David Kotz. Vocal resonance: using internal body voice for wearable authentication. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (UbiComp) 2(1), page Article No. 19, March 2018. DOI: 10.1145/3191751Paper proposes that internal body voice (vocal resonance within the body, as measured by a contact microphone) can be used as a biometric. An objective is to assure the device is physically on the authenticated speaker’s body, not merely nearby. Results indicate the method is a feasible authentication method.

March 2018: Reza Rawassizadeh, Timothy Pierson, Ronald Peterson, and David Kotz. NoCloud: exploring network disconnection through on-device data analysis. IEEE Pervasive Computing 17(1), pages 64–74, March 2018. DOI: 10.1109/MPRV.2018.011591063Article advocates that device designers think twice about offloading mobile and wearable device storage and processing tasks to cloud services. Instead, consider a ’no-cloud’ architecture for better privacy and trust, energy efficiency, network reliability, and response time.

March 2018: Michael L. Rinke, Hardeep Singh, Moonseong Heo, Jason S. Adelman, Heather C. O’Donnell, Steven J. Choi, Amanda Norton, Ruth E. K. Stein, Tammy M. Brady, Christoph U. Lehmann, Steven W. Kairys, Elizabeth Rice-Conboy, Keri Thiessen, and David G. Bundy. Diagnostic errors in primary care pediatrics: Project RedDE. Academic Pediatrics 18(2), pages 220–227, March 2018. DOI: 10.1016/j.acap.2017.08.005Study of diagnostic errors in pediatrics, based on randomized collection of retrospective data. Significant frequencies of diagnostic errors and missed opportunities for diagnosis were found.

February 2018: Joseph Carrigan, David Kotz, and Aviel Rubin. STEM Outreach Activity with Fitbit Wearable Devices. TR2018-839, February 2018. Dartmouth College. Download from is a template for a STEM classroom outreach activity involving student use of activity monitoring devices (e.g. FitBit).

February 2018: Kevin Fu and Wenyuan Xu. Inside risks: risks of trusting the physics of sensors. Communications of the ACM 61(2), pages 20–23, February 2018. DOI: 10.1145/3176402CACM Viewpoint argues that sensors need to be designed to be checkable in order to detect/defeat malicious attacks on them; also notes need to educate students about physical aspects of computing.

February 2018: Güliz Seray Tuncay, Soteris Demetriou, Karan Ganju, and Carl A. Gunter. Resolving the Predicament of Android Custom Permissions. In Network and Distributed System Security Symposium (NDSS), February 2018. Internet Society. DOI: 10.14722/ndss.2018.23210Paper describes weakness in Android runtime permissions structure, which allows untrusted apps to set custom permissions, which are then treated the same as system permissions. A fix called Cusper, which allows custom permissions to be distinguished from system permissions, is proposed, implemented, and analyzed.

February 2018: Qi Wang, Wajih Ul Hassan, Adam Bates, and Carl A. Gunter. Fear and Logging in the Internet of Things. In Network and Distributed System Security Symposium (NDSS), February 2018. Internet Society. DOI: 10.14722/ndss.2018.23282Paper proposes a platform-centric scheme for collecting audit data from IoT devices and providing provenance.

December 2017: Daniel B. Kramer and Kevin Fu. Cybersecurity concerns and medical devices: lessons from a pacemaker advisory. Journal of the American Medical Association (JAMA) 318(21), pages 2077–2078, December 2017. DOI: 10.1001/jama.2017.15692Viewpoint discussing FDA’s release of a safety communication concerning cybersecurity of pacemakers from St. Jude Medical.

December 2017: Yunhui Long, Vincent Bindschaedler, and Carl A. Gunter. Towards Measuring Membership Privacy. In arXiv, December 2017. University of Illinois at Urbana-Champaign. Download from introduces the concept of Differential Training Privacy (DTP), intended to enable estimating the privacy risk to the training data of a machine-learning-based system that is posed by the release of a classifier of those data. It proposes that classifiers with DTP measures greater than 1 should not be published.

November 2017: David Kotz and Travis Peters. Challenges to Ensuring Human Safety Throughout the Life-cycle of Smart Environments. In ACM Workshop on the Internet of Safe Things (SafeThings), pages 1–7, November 2017. ACM. DOI: 10.1145/3137003.3137012Paper lists challenges in the Internet of Things environment, and in particular what issues arise as people and ’things’ move into and out of new (and old) environments. The context is challenges to safety, but many of these challenges could be posed as security challenges as well. The life cycle of ’things’ – creation, deployment, configuration, renewal, disposal – provides a framework.

November 2017: Shrirang Mare, Andrés Molina-Markham, Ronald Peterson, and David Kotz. System, Method and Authorization Device for Biometric Access Control to Digital Devices, November 2017. U.S. Patent 9,832,206. Download from covers technology reported under ’SAW’ project papers for continuous authentication of users of medical systems through motion-detecting wristbands.

November 2017: Aarathi Prasad, Xiaohui Liang, and David Kotz. SPICE: Secure Proximity-based Infrastructure for Close Encounters. In ACM Workshop on Mobile Crowdsensing Systems and Applications (CrowdSenSys), pages 56–61, November 2017. ACM. DOI: 10.1145/3139243.3139245Paper introduces SPICE, a system using crowdsourcing to identify ’close encounters’ – events when system users are close to each other in space and/or time. The security model calls for unlinkability, anonymity, and confidentiality of the information about close encounters. The system design therefore avoids the use of a trusted third party server.

October 2017: Tarek Elgamal, Bo Chen, and Klara Nahrstedt. Teleconsultant: Communication and Analysis of Wearable Videos in Emergency Medical Environments. In ACM International Conference on Multimedia (MM), pages 1241–1242, October 2017. DOI: 10.1145/3123266.3127920This short paper reports on a telemedicine demonstration in the context of emergency medicine. A person at the site of the emergency with a wearable camera (Microsoft HoloLens) surveys the victim and transmits images to a medical provider also wearing a HoloLens at the remote site. Algrotithms for detecting facial droop were developed and employed to alert the provider to the state of the victim.

October 2017: Timothy J. Pierson, Reza Rawassizadeh, Ronald Peterson, and David Kotz. Secure Information Transfer Between Nearby Wireless Devices. In ACM Workshop on Wireless of the Students, by the Students, and for the Students (S3), pages 11–13, October 2017. DOI: 10.1145/3131348.3131355Paper proposes to facilitate secure transmission of data over short distances (less than 10 centimeters) by using one antenna of a wifi router to send the data while the other antenna transmits a jamming signal, blocking reception by devices not close by because of the inverse square law governing received power from a point source. Elsewhere referred to as JamFi.

October 2017: Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX. In ACM Computer and Communications Security (CCS ’17), pages 2421–2434, October 2017. DOI: 10.1145/3133956.3134038Paper explores vulnerabiltiies of Intel’s SGX platform, particularly memory side channel attacks.

September 2017: John Poikonen, Edward Fotsch, and Christoph U. Lehmann. Response to Lapkoff and Sittig – Who watches the watchers: working towards safety for clinical decision support knowledge resources. Applied Clinical Informatics 8(3), pages 945–948, September 2017. DOI: 10.4338/ACI2017050081Appears to be response to an editorial in the journal that advocated an oversight body to help assure Electronic Health Records.

August 2017: Reinhold Haux, Antoine Geissbuhler, Justice Holmes, Marie-Christine Jaulent, Sabine Koch, Casimir A. Kulikowski, Christoph U. Lehmann, Alexa T. McCray, Brigitte Séroussi, Lina Fatima Soualmia, and Jan H. van Bemmel. On contributing to the progress of medical informatics as publisher. Yearbook of Medical Informatics 26(01), pages 9–15, August 2017. DOI: 10.15265/iy-2017-003Paper is a laudatory account of the history of Dieter Breggeman as a publisher of bioinformatics journals and proceedings.

August 2017: Christopher U. Lehmann, Hyeoun-Ae Park, Edward H. Shortliffe, and Patrice Degoulet. The international academy of health sciences informatics: an academy of excellence. Yearbook of Medical Informatics 26(01), pages 7–8, August 2017. DOI: 10.15265/IY-2016-015Brief article announces the creation of the International Academy of Health Sciences Informatics and the membership of the inaugural membership class. The IAHSI is intended to be a national academy-like organization.

August 2017: Stephane M. Meystre, Christian Lovis, T. Bürkle, Gabriella Tognola, Andrius Budrionis, and Christoph U. Lehmann. Clinical data reuse or secondary use: current status and potential future progress. Yearbook of Medical Informatics 26(01), pages 38–52, August 2017. DOI: 10.15265/iy-2017-007The paper reviews research in clinical data reuse or secondary use by surveying the literature published from 2005 – 2016 in MEDLINE (via PUBMED),conference proceedings, and the ACM Digital Library. It concludes that this fast-growing field holds promise for achieving high quality healthcare, improved healthcare management, reduced healthcare costs, population health management, and effective clinical research.

July 2017: Soteris Demetriou, Nan Zhang, Yeonjoon Lee, XiaoFeng Wang, Carl A. Gunter, Xiaoyong Zhou, and Michael Grace. HanGuard: SDN-driven Protection of Smart Home WiFi Devices from Malicious Mobile Apps. In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), pages 122–133, July 2017. ACM. DOI: 10.1145/3098243.3098251Paper presents an architecture for protecting IoT devices from some classes of threats, using concepts borrowed from Software-Defined Networking. Prototype implementations are developed and tested.

July 2017: Haiming Jin, Lu Su, and Klara Nahrstedt. Theseus: Incentivizing Truth Discovery in Mobile Crowd Sensing Systems. In ACM International Symposium on Mobile Ad Hoc Networking and Computing (Mobihoc), July 2017. DOI: 10.1145/3084041.3084063Paper proposes a payment mechanism, THESEUS, to compensate participants in a mobile crowd sensing (MCS) system for the effort they devote to sensing. The overall scheme is designed to ensure that, at the Bayesian Nash Equilibrium of the non-cooperative game induced by Theseus, all participating workers will spend their maximum possible effort on sensing, which improves their data quality. As a result, the aggregated results calculated subsequently by truth discovery algorithms based on workers’ data will be highly accurate. Analysis and simulation are employed to validate results.

June 2017: Sung Choi and M. Eric Johnson. Do Hospital Data Breaches Reduce Patient Care Quality? In Workshop on the Economics of Information Security, June 2017. Download from studies hospital mortality figures, comparing those hospitals that suffered data breaches with those that didn’t. Findings include that hospitals suffering breaches showed reduced declines in mortality relative to those that didn’t, suggesting that the response to the breach had some negative effects on healthcare delivery.

June 2017: Kevin Fu and Harold Thimbleby. Ransomware: How We Can Climb Out of This Mess, June 2017. Download from advocates good practices for healthcare enterprises but also buildng systems with fewer flaws to start with.

June 2017: Xiaohui Liang and David Kotz. AuthoRing: Wearable User-presence Authentication. In ACM Workshop on Wearable Systems and Applications (WearSys), pages 5–10, June 2017. ACM. DOI: 10.1145/3089351.3089357Paper introduces a device for continuous authentication – a ring with an embedded accelerometer. Software correlates user input actions with ring movements for authentication. An experimental prototype is built and evaluated.

June 2017: Rui Liu, Cory Cornelius, Reza Rawassizadeh, Ron Peterson, and David Kotz. Poster: Vocal Resonance as a Passive Biometric. In International Conference on Mobile Systems, Applications, and Services (MobiSys), page 160, June 2017. ACM. DOI: 10.1145/3081333.3089304Poster reports on a system to use a device with a contact microphone to receive acoustic (speech) signals transmitted through the body and to use these signals to authenticate the wearer of the device. The speaker must first have gone through an enrollment process. Reported accuracy of recognition is good.

June 2017: Rui Liu, Reza Rawassizadeh, and David Kotz. Toward Accurate and Efficient Feature Selection for Speaker Recognition on Wearables. In ACM Workshop on Wearable Systems and Applications (WearSys), pages 41–46, June 2017. ACM. DOI: 10.1145/3089351.3089352Paper reports results of experiments in techniques for speaker identification and verification in the constrained computing environment of a wearable device. Experiments showed that Principal Component Analysis (PCA) with frequency-domain features had the highest accuracy, Pearson Correlation (PC) with time-domain features had the lowest energy use, and recursive feature elimination (RFE) with frequency-domain features had the least latency.

June 2017: Aarathi Prasad and David Kotz. ENACT: Encounter-based Architecture for Contact Tracing. In International Workshop on Physical Analytics (WPA), pages 37–42, June 2017. ACM. DOI: 10.1145/3092305.3092310Paper proposes a problem, detecting ’close encounters’ – instances where people were at the same place at slightly different times so that, if one carried a virus, the other might have been exposed to it. The idea is to be able to alert those exposed. The proposed scheme aims to protect users locational privacy and to prevent fake alerts.

May 2017: Haiming Jin, Lu Su, and Klara Nahrstedt. CENTURION: Incentivizing Multi-Requester Mobile Crowd Sensing. In IEEE Conference on Computer Communications (INFOCOM), May 2017. IEEE. DOI: 10.1109/INFOCOM.2017.8057111The paper reports a new scheme for crowd sourcing the task of sensing that addresses the case where there are multiple requestors of sensing tasks as well as multiple performers of sensing tasks (workers). A double-auction-based scheme provides the mechanism to incentivize both requestors and workers. The scheme is both analyzed and simulated to validate its properties.

May 2017: Christoph U. Lehmann, Susan Kressly, Winston W. Hart, Kevin B. Johnson, and Mark E. Frisse. Barriers to pediatric health information exchange. Pediatrics 139(5), May 2017. DOI: 10.1542/peds.2016-2653Article describes the difficulties faced by ambulatory pediatricians in exchanging patient health data electronically and calls for improving incentives for construction and use of mechanisms for this purpose.

May 2017: Xiaohui Liang, Tianlong Yun, Ronald Peterson, and David Kotz. LightTouch: Securely Connecting Wearables to Ambient Displays with User Intent. In IEEE International Conference on Computer Communications (INFOCOM), May 2017. IEEE. DOI: 10.1109/INFOCOM.2017.8057210Paper describes a system enabling information from mobile health sensors (eg Fitbit) to be displayed onto nearby screens without being affected by local security threats. The scheme uses visible light sensor on the mobile device. Prototype system built and evaluated.

May 2017: Travis W. Peters. A Survey of Trustworthy Computing on Mobile & Wearable Systems. TR2017-823, May 2017. Dartmouth College. Download from current hardware/software approaches to provide security / trustworthiness on both ’unconstrained’ (PC / server) platforms and ’constrained’ (mobile, limited power/size) platforms.

May 2017: Aston Zhang. Analyzing intentions from big data traces of human activities, May 2017. University of Illinois at Urbana-Champaign. Download from Dissertation studies analysis of intentions from big data traces of human activities as a means to improve accuracy of computational models, for example in query auto-completion (QAC), both for static and mobile devices. Security and Privacy implications for some medical applications are considered.

April 2017: Kevin R. Dufendach, Sabine Koch, Kim M. Unertl, and Christoph U. Lehmann. A randomized trial comparing classical participatory design to VandAID, an interactive crowdsourcing platform to facilitate user-centered design. Methods of Information in Medicine, April 2017. DOI: 10.3414/ME16-01-0098Describes a software tool that enables users to customize visual interfaces to help in requirements definition. The system was used successfully by neonatal clinicians to help create a neonatal handoff tool.

April 2017: Gabriel Kaptchuk, Matthew Green, and Aviel Rubin. Outsourcing Medical Dataset Analysis: A Possible Solution. In Financial Cryptography and Data Security (FC),. Springer, Cham, pages 98–123, April 2017. Springer, Cham. DOI: 10.1007/978-3-319-70972-7_6The paper documents an effort to support outsourcing of medical data analysis without resorting to a trusted third party. Currently available methods for fully homomorphic encryption and differential privacy are described and applied in the context of a dataset of 2.5 million patient encounters, cost is considered, and the researchers conclude that the methods are practical.

April 2017: Timothy Trippel, Ofir Weisse, Wenyuan Xu, Peter Honeyman, and Kevin Fu. WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks. In IEEE European Symposium on Security and Privacy (EuroS&P), April 2017. IEEE. DOI: 10.1109/eurosp.2017.42Paper reports on attacks on MEMs accelerometers through acoustic signals, in detail.

March 2017: Reza Rawassizadeh, Chelsea Dobbins, Manouchehr Nourizadeh, Zahra Ghamchili, and Michael Pazzani. A Natural Language Query Interface for Searching Personal Information on Smartwatches. In IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pages 679–684, March 2017. IEEE. DOI: 10.1109/PERCOMW.2017.7917645Based on user observations, researchers develop a natural language (textual) interface to enable users to query mobile health devices (e.g. wristbands) for quantified health data (e.g. step count).

January 2017: Vincent Bindschaedler, Reza Shokri, and Carl A. Gunter. Plausible deniability for privacy-preserving data synthesis. Proceedings of the VLDB Endowment 10(5), pages 481–492, January 2017. DOI: 10.14778/3055540.3055542Paper proposes and analyzes an alternative criterion to differential privacy, called plausible deniability, to enable release of medical datasets without unduly compromising privacy or degrading potential analysis.

January 2017: Amy Tsou, Christoph Lehmann, Jeremy Michel, Ronni Solomon, Lorraine Possanza, and Tejal Gandhi. Safe practices for copy and paste in the EHR: systematic review, recommendations, and novel model for health IT collaboration. Applied Clinical Informatics 8(01), pages 12–34, January 2017. DOI: 10.4338/ACI-2016-09-R-0150Systematic literature review of publications addressing frequency, perceptions/attitudes, patient safety risks, existing guidance, and potential interventions and mitigation practices for the use of copy and paste operations in EHRs. Provides four best practice recommendations.

October 2016: Erman Ayday and Jean-Pierre Hubaux. Privacy and Security in the Genomic Era. In ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 1863–1865, October 2016. ACM. DOI: 10.1145/2976749.2976751Brief introduction to genomics and the security and privacy issues raised by storing and processing genomic data. This is the abstract for a tutorial at CCS based on ThaW survey paper

October 2016: A. J. Burns, M. .Eric Johnson, and Peter Honeyman. A brief chronology of medical device security. Communications of the ACM 59(10), pages 66–72, October 2016. ACM. DOI: 10.1145/2890488Short survey of medical device security history, organized into four overlapping periods, with comments on the future. Eric Johnson video segment available.

October 2016: Paul D. Martin, Michael Rushanan, Thomas Tantillo, Christoph U. Lehmann, and Aviel D. Rubin. Applications of Secure Location Sensing in Healthcare. In ACM International Conference on Bioinformatics, Computational Biology, and Health Informatics (BCB), pages 58–67, October 2016. ACM. DOI: 10.1145/2975167.2975173Paper describes a beacon system that provides authenticated location information and so is not subject to spoofing attacks that Apple iBeacon could be. Application to medical device asset tracking and other areas.

October 2016: Guliz S. Tuncay, Soteris Demetriou, and Carl A. Gunter. Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android. In ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 104–115, October 2016. ACM. DOI: 10.1145/2976749.2978322Develops in-app browser access controls for Android to support safe in-app browsing (using WebView) without heavyweight browser.

September 2016: Kevin Fu, John Halamka, Jack Kufahl, and Mary Logan. Commentary: Hospitals need better cybersecurity, not more fear, September 2016. Modern Healthcare. Download from

September 2016: Tuo Yu, Haiming Jin, and Klara Nahrstedt. WritingHacker: Audio-based Eavesdropping of Handwriting via Mobile Devices. In ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp), pages 463–473, September 2016. ACM. DOI: 10.1145/2971648.2971681Noting that the sounds from keyboards have been used to eavesdrop on content of the typed information, this paper presents WritingHacker, a prototype system which explores the possibility of audio-based eavesdropping on handwriting via mobile devices.

July 2016: Haiming Jin, Lu Su, Houping Xiao, and Klara Nahrstedt. INCEPTION: Incentivizing Privacy-Preserving Data Aggregation for Mobile Crowd Sensing Systems. In ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), pages 341–350, July 2016. ACM. DOI: 10.1145/2942358.2942375Paper proposes an auction scheme to be used in mobile crowd sensing applications. The scheme takes into account an incentive, a data aggregation, and a data perturbation mechanism. The incentive mechanism rewards reliable workers and compensates their costs for sensing and privacy leakage, which meanwhile satisfies truthfulness and individual rationality. The scheme is analyzed and simulated to show its effectiveness.

June 2016: Alexander G. Fiks, Nathalie DuRivage, Stephanie L. Mayne, Stacia Finch, Michelle E. Ross, Kelli Giacomini, Andrew Suh, Banita McCarn, Elias Brandt, Dean Karavite, Elizabeth W. Staton, Laura P. Shone, Valerie McGoldrick, Kathleen Noonan, Dorothy Miller, Christoph U. Lehmann, Wilson D. Pace, and Robert W. Grundmeier. Adoption of a portal for the primary care management of pediatric asthma: a mixed methods implementation study. Journal of Medical Internet Research 18(6), page e172, June 2016. DOI: 10.2196/jmir.5610Describes ’mixed-methods implementation study’ in which patient portal was offered to pediatric asthma patients/families. Of 9133 patients invited to enroll, 237 (less than 3%) enrolled. ’Although use was associated with higher treatment engagement, our results suggest that achieving widespread portal adoption is unlikely in the short term. Implementation efforts should include workflow redesign and prioritize enrollment of symptomatic children.’.

June 2016: Haiming Jin, Lu Su, Bolin Ding, Klara Nahrstedt, and Nikita Borisov. Enabling Privacy-Preserving Incentives for Mobile Crowd Sensing Systems. In IEEE International Conference on Distributed Computing Systems (ICDCS), pages 344–353, June 2016. IEEE. DOI: 10.1109/ICDCS.2016.50Paper proposes an auction scheme to be used in mobile crowd sensing applications. The scheme takes an approach based on differential privacy to protect users bid data. The scheme is analyzed and simulated to show its effectiveness.

June 2016: David Kotz, Carl A. Gunter, Santosh Kumar, and Jonathan P. Weiner. Privacy and security in mobile health: a research agenda. Computer 49(6), pages 22–30, June 2016. DOI: 10.1109/MC.2016.185Paper identifies health IT privacy and security challenges and proposes a research agenda to address issues in data sharing and consent management, access control and authentication, confidentiality and anonymity, behavioral privacy, continuous and unintended sensing, multiple-use sensors, mHealth smartphone apps, policies and compliance, accuracy and data provenance, and security technology.

June 2016: Timothy J. Pierson, Xiaohui Liang, Ronald Peterson, and David Kotz. Demo: Wanda, Securely Introducing Mobile Devices. In International Conference on Mobile Systems, Applications, and Services Companion (MobiSys Companion), page 113, June 2016. ACM. DOI: 10.1145/2938559.2938581Demonstration of novel device that exploits the differences in signals received over two antennas separated by a half wavelength to associate a wi-fi enabled device with a wi-fi network.

May 2016: Christoph U. Lehmann, Marie-Christine Jaulent, and Brigitte Séroussi. Silver Anniversary: 25 Editions of the IMIA Yearbook, May 2016. Yearbook of Medical Informatics. DOI: 10.15265/IYS-2016-s041Introduction to silver anniversary IMIA yearbook edition.

May 2016: Shrirang Mare. Seamless authentication for ubiquitous devices, May 2016. Dartmouth College, Hanover, NH. Download from Dissertation focuses on usable and continuous authentication, starting with user studies, developing the concept of bilateral authentication, and culminating in development of a seamless authentication method for desktops and smartphones that employs a wristband to detect motions of the user that can be correlated wtih inputs observed from the authenticated user’s desktop or smartphone. Available as Dartmouth Computer Science Technical Report TR2016-793.

May 2016: Aarathi Prasad. Privacy-preserving controls for sharing mHealth data, May 2016. Dartmouth College, Hanover, NH. Download from Dissertation covers development of two systems, ENACT and SPICE, that enable mobile users to collect and share health information within the bounds of user privacy requirements. Focus groups are used to understand human sharing and privacy concerns. Available as Dartmouth Computer Science Technical Report TR2016-794.

April 2016: Sayed H. Hashemi, Faraz Faghri, Paul Rausch, and Roy H. Campbell. World of Empowered IoT Users. In IEEE First International Conference on Internet-of-Things Design and Implementation (IoTDI), pages 13–24, April 2016. IEEE. DOI: 10.1109/iotdi.2015.39Noting the rise in the Internet of Things and consequent development of large aggregations of data, the paper describes a user-centric, multi-level, multiple granularity mechanism to share the data from these devices with people and organizations. Revisiting the fundamental mechanisms in security for providing protection, the proposed solution uses capabilities, access lists, and access rights following well-understood formal notions for reasoning about access. The contribution is to describe an auditable, transparent, distributed, decentralized, publication-subscription based robust mechanism and automation of these ideas in the IoT realm that is well-matched to the current generation of clouds.

April 2016: Timothy J. Pierson, Xiaohui Liang, Ronald Peterson, and David Kotz. Wanda: Securely Introducing Mobile Devices. In IEEE International Conference on Computer Communications (IEEE INFOCOM), April 2016. IEEE. DOI: 10.1109/INFOCOM.2016.7524366Paper introduces and describes Wanda, a device designed to simplify the introduction of target wireless devices, including blood pressure monitors and other home medical evices, into a wifi network. The device includes two antennas separated by a distance of a half wavelength. Information is transmitted by discriminating the received signal strength of packets sent over one antenna or the other. This discrimination is possible only when the device is physically close to its target. The idea is that the user merely touches or points Wanda to a nearby device and presses a button to introduce the device to the network.

March 2016: Jessica A. George, Paul S. Park, Joanne Hunsberger, Joanne E. Shay, Christoph U. Lehmann, Elizabeth D. White, Benjamin H. Lee, and Myron Yaster. An analysis of 34,218 pediatric outpatient controlled substance prescriptions. Anesthesia & Analgesia 122(3), pages 807–813, March 2016. DOI: 10.1213/ANE.0000000000001081.Study of the efficacy of a computerized prescription writer that has been in use since 2007. Study concludes the tool ’eliminated most but not all the errors common to handwritten prescriptions.’.

March 2016: Joseph Kannry, Patricia Sengstack, Thankam Paul Thyvalikakath, John Poikonen, Blackford Middleton, Thomas Payne, and Christoph U. Lehmann. The chief clinical informatics officer (CCIO): AMIA task force report on CCIO knowledge, education, and skillset requirements. Applied Clinical Informatics 7(1), pages 143–176, March 2016. DOI: 10.4338/ACI-2015-12-R-0174This report outlines the role of a ’Chief Clinical Informatics Officer’ and recommends appropriate training and certification for people who will fill this role.

March 2016: Howard Silverman, Christoph U. Lehmann, and Benson Munger. Milestones: critical elements in clinical informatics fellowship programs. Applied Clinical Informatics 7(1), pages 177–190, March 2016. DOI: 10.4338/ACI-2015-10-SOA-0141Paper discussing how to incorporate the evaluation of clinical informatics fellowships into the milestones defining the path of competency from novice to expert in clinical IT career path.

March 2016: Bingyue Wang. Learning device usage in context: a continuous and hierarchical smartphone authentication scheme. TR2016-790, March 2016. Dartmouth College, Hanover, NH. Download from Honors Thesis) proposes that smartphone app access controls be based partly on user location.The idea is to combine behavioral and contextual information to support a hierarchical authentication scheme for continuous authentication. Machine learning techniques are used to learn contexts.

February 2016: Joseph Carrigan, Paul D. Martin, and Michael Rushanan. KBID: Kerberos Bracelet Identification (Short Paper). In Financial Cryptography and Data Security (FC) (Lecture notes in computer science), pages 544–551, February 2016. Springer. DOI: 10.1007/978-3-662-54970-4_32Paper presents an authentication system that incorporates a user-worn bracelet that can in effect store strong authentication information (e.g. a lengthy password) and provide information based on it so that the user need not remember and recall the authentication information.

February 2016: Soteris Demetriou, Whitney Merrill, Wei Yang, Aston Zhang, and Carl A. Gunter. Free for All! Assessing User Data Exposure to Advertising Libraries on Android. In Network and Distributed System Security (NDSS) Symposium, February 2016. Internet Society. DOI: 10.14722/ndss.2016.23082Paper presents a system, Pluto, for detecting the exposure of user data to ad libraries incorporated in apps. Security and privacy risks are assessed for a range of apps, and are substantial.

February 2016: Timothy J. Pierson, Xiaohui Liang, Ronald Peterson, and David Kotz. Wanda: Securely Introducing Mobile Devices – Extended Version. TR2016-789, February 2016. Dartmouth College, Hanover, NH. Download from report providing additional details and depth on Wanda, a device to ease the introduction of wireless devices into wifi networks and in general to simplify the transmission of medical data from in-home patient monitors to remotely stored Electronic Health Records. (Expanded version of the INFOCOM 2016 paper by the same title).

February 2016: Michael W. Temple, Christoph U. Lehmann, and Daniel Fabbri. Natural language processing for cohort discovery in a discharge prediction model for the neonatal ICU. Applied Clinical Informatics 7(1), pages 101–115, February 2016. Schattauer. DOI: 10.4338/ACI-2015-09-RA-0114Paper concerned with methods for predicting discharge dates for neonatal ICU patients. Natural Language Processing (NLP) Methods are applied to sections of the daily progress notes for patients and analyzed using a Bag of Words approach. Results identified clusters of patients on whom prior models for discharge date had performed poorly. Conclusion is that the analysis can be used to help predict when patients will be ready for discharge.

December 2015: Kevin R. Dufendach and Christoph U. Lehmann. Topics in neonatal informatics: essential functionalities of the neonatal electronic health record. NeoReviews 16(12), pages e668–e673, December 2015. DOI: 10.1542/neo.16-12-e668This article describes the fundamental functionalities required in an EHR to provide safe and effective care to neonates, including neonatal data requirements and appropriate display of neonatal data; the need for the mother-infant dyad in the EHR; neonatology-specific scores; and special considerations for medication ordering, nutrition, newborn screening, transitions of care, and documentation.

November 2015: Abhishek Bafna and Jenna Wiens. Learning Useful Abstractions from the Web. In American Medical Informatics Association (AMIA) Annual Symposium, November 2015. Download from compares performance of alternative approaches to applying machine learning to electronic medical records. Specifically, compares conventional unsupervised dimensionality reduction techniques (e.g., Principal Component Analysis) to approaches that leverage large but unstructured expert knowledge available on the Web.

November 2015: Abhishek Bafna and Jenna Wiens. Automated Feature Learning: Mining Unstructured Data for Useful Abstractions. In IEEE International Conference on Data Mining, pages 703–708, November 2015. IEEE. DOI: 10.1109/icdm.2015.115Paper describes an unsupervised feature-learning framework for building useful abstractions for categorical data. The method involves using unstructured data from the web to learn a hierarchincal Pachinko allocation model to discover a set of latent variables. Non-uniform distances among the variables are accounted for using the Earth Mover’s Distance. A case study based on a healthcare application is reported.

November 2015: M. Eric Johnson and Juhee Kwon. Patient Reaction to Healthcare Data Breaches. In INFORMS Annual Conference, November 2015. Download from of hospitals that have suffered/not suffered multiple data breaches, in relation to outpatient vistis and admissions. Finding is that hospitals with multiple breaches experience declines relative to other geographically local institutions. (Poster only).

October 2015: M. Eric Johnson. Healthcare in the Age of Analytics, October 2015. Institute for Operations Research; the Management Sciences (INFORMS). Download from is a curated website published by INFORMS that organizes some of the literature and podcasts in the general area of analytics applied to healthcare.

September 2015: A.J. Burns, Jacob Young, Tom L. Roberts, James F. Courtney, and T. Selwyn Ellis. Exploring the role of contextual integrity in electronic medical record (EMR) system workaround decisions: an information security and privacy perspective. AIS Transactions on Human-Computer Interaction 7(3), pages 142–165, September 2015. Download from of how the theory of privacy as contextual integrity might explain work-arounds employed by healthcare workers with respect to security and privacy controls in Electronic Medical Record systems. Results indicate that contextual integrity provides a useful framework for understanding information transmission and workaround decisions in the health sector.

September 2015: Juhee Kwon and M. Eric Johnson. Protecting patient data-the economic perspective of healthcare security. IEEE Security & Privacy 13(5), pages 90–95, September 2015. DOI: 10.1109/msp.2015.113Paper looks at the effects of government regulation and proactive and reactive investments by health care organizations in terms of their effects on the rate of data breaches. In organizations with more mature security programs, compliance with regulations has less effect than in organizations with less mature programs. Proactive investments are also seen as more effective than investments made in response to a breach event.

September 2015: Muhammad Naveed, Erman Ayday, Ellen W. Clayton, Jacques Fellay, Carl A. Gunter, Jean-Pierre Hubaux, Bradley A. Malin, and Xiaofeng Wang. Privacy in the genomic era. ACM Computing Surveys (CSUR) 48(1), September 2015. DOI: 10.1145/2767007Extensive introduction to genomic data, genomic data processing, and the privacy and security issues raised. Results of an opinion poll of an opportunistically assembled group of 61 experts are included.

August 2015: Sai Gouravajhala, Sree Vadrevu, Matthew Hicks, Jenna Wiens, and Kevin Fu. An LED Blink is Worth a Thousand Packets: Inferring a Networked Device’s Activity from its LED Blinks. In USENIX Summit on Information Technologies for Health (HealthTech), August 2015. Download from

August 2015: David Kotz, Kevin Fu, Carl A. Gunter, and Avi Rubin. Security for mobile and cloud frontiers in healthcare. Communications of the ACM 58(8), pages 21–23, August 2015. ACM. DOI: 10.1145/2790830Viewpoint calls out research challenges in healthcare systems security and privacy, including usable authentication, trustworthy control of medical devices, and trust through accountability.

June 2015: You Chen, Joydeep Ghosh, Cosmin A. Bejan, Carl A. Gunter, Siddharth Gupta, Abel Kho, David Liebovitz, Jimeng Sun, Joshua Denny, and Bradley Malin. Building bridges across electronic health record systems through inferred phenotypic topics. Journal of Biomedical Informatics 55, pages 82–93, June 2015. DOI: 10.1016/j.jbi.2015.03.011The paper studies records of patient populations from two hospitals, aiming to see whether inferred phenotypes of patients provide a better match between the populations than do convenitonal billing codes. The inferred phenotypes are observed to perform better. Latent Dirichlet allocation is the basis for the generative topic modeling strategy used to infer phenotypes.

June 2015: Haiming Jin, Lu Su, Danyang Chen, Klara Nahrstedt, and Jinhui Xu. Quality of Information Aware Incentive Mechanisms for Mobile Crowd Sensing Systems. In ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), pages 167–176, June 2015. ACM Press. DOI: 10.1145/2746285.2746310Paper proposes an auction scheme to be used in mobile crowd sensing applications. The scheme takes into account an incentive for user Quality of Information (QoI). The incentive mechanism rewards higher information quality in a reverse cominatorial auction. Both single-minded and multi-minded cominatorial auctions are considered. Analysis and simulation are used to validate the model.

June 2015: Juhee Kwon and M. Eric Johnson. The Market Effect of Healthcare Security: Do Patients Care about Data Breaches? In Workshop on the Economics of Information Security (WEIS), June 2015. Download from of hospitals that have suffered/not suffered multiple data breaches, in relation to outpatient vistis and admissions. Finding is that hospitals with multiple breaches experience declines relative to other geographically local institutions.

June 2015: Ting-Yu Wang, Haiming Jin, and Klara Nahrstedt. mAuditor: Mobile Auditing Framework for mHealth Applications. In ACM MobiHoc Workshop on Pervasive Wireless Healthcare (MobileHealth), pages 7–12, June 2015. ACM. DOI: 10.1145/2757290.2757291Paper reports on a framework for real-time auditing of resource usage (network bandwidth and sensor access) of mHealth apps. Android logs are parsed and analyzed, and experimental results are reported.

May 2015: Tom J. Haigh and Carl Landwehr. Building Code for Medical Device Software Security. May 2015. IEEE Cyber Security; IEEE. Download from report documents an approach to specifying security requirements for medical device software to reduce the number of security vulnerabilities in delivered medical devices.

May 2015: Juhee Kwon and M. Eric Johnson. Meaningful Information Security. In Production and Operations Managment Society Annual Conference (POMS), May 2015. Download from only, assessing effects of the ’meaningful use’ criterion on hospital data breaches.

February 2015: Soteris Demetriou, Xiaoyong Zhou, Muhammad Naveed, Yeonjoon Lee, Kan Yuan, Xiaofeng Wang, and Carl A. Gunter. What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources. In Network and Distributed Systems Security Symposium (NDSS), February 2015. Internet Society. DOI: 10.14722/ndss.2015.23098Paper notes vulnerabilities introduced by customary use of Android privilege management for controlling external resources and introduces SEACAT to support more fine-grained and flexible resource management. SEACAT builds on the SE-Android base.

February 2015: James Brian Jones, Jonathan P. Weiner, Nirav R. Shah, and Walter F. Stewart. The wired patient: patterns of electronic patient portal use among patients with cardiac disease or diabetes. Journal of Medical Internet Research 17(2), page e42, February 2015. DOI: 10.2196/jmir.3157Study reviewed weblogs of patient engagements with electronic health information portals. Specifically, logs of patients with cardiovascular disease and/or diabetes who had a Geisinger Clinic primary care provider and were registered ’MyGeisinger’ Web portal users were studied. Hierarchical cluster analysis indicates that there are clusters of patients with different portal use characteristics.

February 2015: Carl Landwehr. We need a building code for building code. Communications of the ACM 58(2), pages 24–26, February 2015. DOI: 10.1145/2700341Article advocates the development of the analog of building codes for software with significant security responsibilities, and reports the development of a draft code for medical devices developed at a workshop convening researchers, developers, and government representatives.

February 2015: Andrei Sleptchenko and M. Eric Johnson. Maintaining secure and reliable distributed control systems. INFORMS Journal on Computing 27(1), pages 103–117, February 2015. DOI: 10.1287/ijoc.2014.0613Stochastic model of a network in which nodes may either fail or be brought down by malicious attack, and in which knowledge of state is uncertain. The paper formulates the problem and develops a linear-programming based model to optimize repair priorities. The optimal repair policy follows a threshold indicator: either work on the real failures or the suspected ones.

January 2015: A. J. Burns and M. Eric Johnson. Securing health information. IT Professional 17(1), pages 23–29, January 2015. DOI: 10.1109/MITP.2015.13The authors briefly describe the changing landscape of an IT-enabled healthcare ecosystem and discuss the emerging issues of mobility and security.

January 2015: Charles Friedman, Joshua Rubin, Jeffrey Brown, Melinda Buntin, Milton Corn, Lynn Etheredge, Carl Gunter, Mark Musen, Richard Platt, William Stead, Kevin Sullivan, and Douglas Van Houweling. Toward a science of learning systems: a research agenda for the high-functioning learning health system. Journal of the American Medical Informatics Association (JAMIA) 22(1), pages 43–50, January 2015. DOI: 10.1136/amiajnl-2014-002977Paper reports the results of a workshop to identify research challenges in the development of a comprehensive healthcare system that is able to learn from the data it collects and accumulates.

January 2015: Carl Landwehr. Workshop to Develop a Building Code and Research Agenda For Medical Device Software Security (Final Report). GW-CSPRI-2015-1, January 2015. The George Washington University. Download from describes a workshop to develop an analog of a building code for medical device software security and provides a draft code developed by the workshop. Participants included medical device developers, researchers, and government representatives.

November 2014: Dongjing He, Muhammad Naveed, Carl A. Gunter, and Klara Nahrstedt. Security Concerns in Android mHealth Apps. In AMIA Annual Symposium, pages 645–54, November 2014. Download from study of a random sample of 120 out of 1080 Android mHealth apps reveals common shortcomings in security and privacy when using communications and storage.

November 2014: Muhammad Naveed, Shashank Agrawal, Manoj Prabhakaran, XiaoFeng Wang, Erman Ayday, Jean-Pierre Hubaux, and Carl A. Gunter. Controlled Functional Encryption. In ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 1280–1291, November 2014. ACM. DOI: 10.1145/2660267.2660291As in functional encryption, a user is enabled to retrieve only cleartext related to a particular function of the ciphertext, rather than a complete decryption of the ciphertext. The ’Control’ aspect requires that the user submit a fresh key request to the authority every time it wants to evaluate a function of the cyphertext. The paper includes protocols, implementations, and evaluations of the proposed CFE.

November 2014: Andrei Sleptchenko and M. Eric Johnson. The Impact of Security in Maintaining Reliable Distributed Control Systems. In INFORMS Annual Conference, November 2014. Download from

November 2014: Wen Zhang, You Chen, Thaddeus Cybulski, Daniel Fabbri, Carl A. Gunter, Patrick Lawlor, David Liebovitz, and Bradley Malin. Decide Now or Decide Later? In ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 1182–1192, November 2014. ACM. DOI: 10.1145/2660267.2660341Paper develops cost models for access control schemes that determine access a priori (propspective) or a posteriori (retrospective). Machine learning methods are used to classify the correctness of the access control decisions, and a new method, termed bispective analysis, is developed to quantify the difference in cost between alternative access control schemes.

August 2014: Carl A. Gunter, Mike Berry, and Martin French. Decision Support for Data Segmentation (DS2): Application to Pull Architectures for HIE. In USENIX Safety, Security, Privacy, and Interoperability of Health Information Technologies (HealthTech), August 2014. Download from paper and video of talk describe a scheme for controlling the flow of information to physicians in accordance with a privacy policy. Paper records are physical and segmented and thereby provide some de facto privacy control. Digital records can flow more freely and transparently. The scheme introduced here involves predicates that determine whether a patient record implies a specified (potentially privacy-sensitive) condition, reducers that remove parts of a record so the condition cannot be inferred, and an inference analyzer that estimates the probability a condition can be inferred.

August 2014: Xiaohui Liang and David Kotz. Securely Connecting Wearable Health Devices to External Displays. In USENIX Safety, Security, Privacy, and Interoperability of Health Information Technologies (HealthTech), August 2014. USENIX. Download from describes approaches to projecting information from wristband monitor (eg FitBit) to nearby displays securely, with little user interaction, and without hardware modifications. Suggested approach involves a light-sensing monitor detecting light from screen. (No paper – workshop presentation only).

June 2014: Anthony Louie. Information leakage in mobile health sensors and applications, June 2014. University of Illinois at Urbana-Champaign. Download from Honors Thesis) surveys characteristics of several specific mobile health sensing devices, considers potential security vulnerabilties in them, discusses the severity of threats against them and lists potential research topics.

June 2014: Aarathi Prasad, Xiaohui Liang, and David Kotz. Poster: Balancing Disclosure and Utility of Personal Information. In International Conference on Mobile Systems, Applications, and Services (MobiSys), pages 380–381, June 2014. ACM. DOI: 10.1145/2594368.2601448Poster proposes a web service, ShareBuddy, that is interposed between users (subjects) and data recipients so that users can understand the risks and benefits of sharing their data before they surrender it. In addition to the web service, ShareBuddy software resides on both the subject’s and recipient’s devices (smartphones).

May 2014: Dongjing He. Security threats to Android apps, May 2014. University of Illinois at Urbana-Champaign. Download from Thesis studies mHealth apps for Android, revealing widespread use of unsecured internet communications and widespread use of third party servers. The research also finds side channels in the Android platform that could be exploited by malicious users and proposes mitigation strategies.

May 2014: Shrirang Mare, Andrés Molina-Markham, Cory Cornelius, Ronald Peterson, and David Kotz. ZEBRA: Zero-Effort Bilateral Recurring Authentication. In IEEE Symposium on Security and Privacy, pages 705–720, May 2014. IEEE. DOI: 10.1109/SP.2014.51Observing problems with current approaches to continuous authentication of users at keyboards, the paper proposes ZEBRA. In ZEBRA, a user wears a bracelet (with a built-in accelerometer, gyroscope, and radio) on her dominant wrist. When the user interacts with a computer terminal, the bracelet records the wrist movement, processes it, and sends it to the terminal. The terminal compares the wrist movement with the inputs it receives from the user (via keyboard and mouse), and confirms the continued presence of the user only if they correlate. This project has been renamed CSAW. Note: since the time this paper was published we have learned of a relevant trademark on the name ’Zebra’. Thus, we have renamed our approach ’CSAW’ and will use that name in future publications.

May 2014: Shrirang Mare, Andrés Molina-Markham, Cory Cornelius, Ronald Peterson, and David Kotz. ZEBRA: Zero-Effort Bilateral Recurring Authentication (Companion report). TR2014-748, May 2014. Dartmouth College, Computer Science, Hanover, NH. Download from report providing additional details and depth on ZEBRA, a system for providing continuous authentication for users of keyboard input devices. This project has been renamed CSAW. Note: since the time this paper was published we have learned of a relevant trademark on the name ’Zebra’. Thus, we have renamed our approach ’CSAW and will use that name in future publications.

May 2014: Muhammad Naveed. Hurdles for Genomic Data Usage Management. In IEEE Security and Privacy Workshops, pages 44–48, May 2014. IEEE. DOI: 10.1109/spw.2014.44Workshop paper lays out characteristics of genomic data and the consequent challenges in storing, processing, and preserving those data.

May 2014: Muhammad Naveed, Manoj Prabhakaran, and Carl A. Gunter. Dynamic Searchable Encryption via Blind Storage. In IEEE Symposium on Security and Privacy (S&P), May 2014. IEE. DOI: 10.1109/SP.2014.47Paper presents a new scheme for searching keywords in encrypted documents without decrypting the documents. A server is only required to support upload and download of documents, so the scheme is compatible with cloud based resources.

May 2014: Michael Rushanan, Aviel D. Rubin, Denis F. Kune, and Colleen M. Swanson. SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks. In IEEE Symposium on Security and Privacy (S&P), pages 524–539, May 2014. IEEE. DOI: 10.1109/sp.2014.40Comprehensive introduction and survey of security and privacy issues and state of knowledge in implantable medical devices and body area networks. Includes substantial graphic organizing research trends in the area.

November 2013: Jonathan P. Weiner, Susan Yeh, and David Blumenthal. The impact of health information technology and e-health on the future demand for physician services. Health Affairs 32(11), pages 1998–2004, November 2013. Project HOPE – The People-to-People Health Foundation, Inc. DOI: 10.1377/hlthaff.2013.0680Article forecasts changes in future demand for physicians and other healthcare workers as a funciton of the adoption of healthcare information technology and e-health applications, based on extensive literature review.

1 thought on “Publications

  1. Pingback: When it Comes to Medical Device Security, the Dos Outweigh the Don’ts | Trustworthy Health and Wellness

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s