Tag Archives: THaW

THaW Comes to a Close

Posted on by
Reply

In 2013, the National Science Foundation’s Secure and Trustworthy Cyberspace program awarded a Frontier grant to a consortium of four institutions — Dartmouth College, the University of Michigan, the University of Illinois Urbana-Champaign, and Johns Hopkins University — to enable trustworthy cybersystems for health and wellness. Over the years, THaW grew to include researchers from Vanderbilt University, Morgan State University, and George Washington University.

Over 80 students and postdocs engaged in THaW research activities over the span of the project, and the project’s bibliography includes more than 130 significant publications. You can find an organized overview of these publications here. The THaW team devised systems and methods to enhance security, resulting in 11 patents. Team members were featured in various news outlets, and THaW PI Kevin Fu co-founded VirtaLabs to identify, assess, patch, and track clinical assets in health care environments.

THaW collaborated with The Archimedes Center for Medical Device Security in Michigan to offer a twice-annual training conference on how to integrate THaW security principles into the design of medical devices to clinical engineers and CISOs from hospitals and medical device manufacturers. Over 10,000 people and more than 100 industry organizations attended the events. In addition, Archimedes conducted on-site security training for more than 500 medical device engineers over the years.

If you are interested in taking advantage of any of the resources within this site, the contact us page of this website will remain active. The rest of the website will no longer be updated. Thank you to those of you who have followed this site and the THaW project over the past 11 years.

The THaW group at its annual meeting in 2017 (top) and its first annual meeting in 2013 (bottom)
The THaW group at its annual meeting in 2017 (top) and its first annual meeting in 2013 (bottom)

VibeRing: An out-of-band channel for sharing secret keys

Posted on by
Reply

Health-oriented smart devices, such as a blood-glucose monitor, collect meaningful data when they are in use and in physical contact with their user. The smart device’s (“smartThing’s”) wireless connectivity allows it to transfer that data to its user’s trusted device, for example a smartphone. However, an adversary could impersonate the user and bootstrap a communication channel with the smartThing while the smartThing is being used by an oblivious legitimate user. 

To address this problem, in this paper, we investigate the use of vibration, generated by a smartRing, as an out-of-band communication channel to unobtrusively share a secret with a smartThing. This exchanged secret can be used to bootstrap a secure wireless channel over which the smartphone (or another trusted device) and the smartThing can communicate. We present the design, implementation, and evaluation of this system, which we call VibeRing. We describe the hardware and software details of the smartThing and smartRing. Through a user study we demonstrate that it is possible to share a secret with various objects quickly, accurately and securely as compared to several existing techniques.

Sougata Sen and David Kotz. VibeRing: Using vibrations from a smart ring as an out-of-band channel for sharing secret keys. Journal of Pervasive and Mobile Computing, volume 78, article 101505, 16 pages. Elsevier, December 2021. doi:10.1016/j.pmcj.2021.101505. ©Copyright Elsevier. Revision of sen:vibering.

New THaW Patent

Posted on by
Reply

The THaW team is pleased to announce one new patent derived from THaW research. For the complete list of patents, visit our Tech Transfer page.

Abstract: Apparatuses that provide for secure wireless communications between wireless devices under cover of one or more jamming signals. Each such apparatus includes at least one data antenna and at least one jamming antenna. During secure-communications operations, the apparatus transmits a data signal containing desired data via the at least one data antenna while also at least partially simultaneously transmitting a jamming signal via the at least one jamming antenna. When a target antenna of a target device is in close proximity to the data antenna and is closer to the data antenna than to the jamming antenna, the target device can successfully receive the desired data contained in the data signal because the data signal is sufficiently stronger than the jamming signal within a finite secure-communications envelope due to the Inverse Square Law of signal propagation. Various related methods and machine-executable instructions are also disclosed.

Image describes the steps to ensure secure wireless data transfer between devices.

Timothy J. Pierson, Ronald Peterson, and David Kotz. Apparatuses, Methods, and Software For Secure Short-Range Wireless Communication. U.S. Patent 11,153,026, October 19, 2021. Download from https://patents.google.com/patent/US11153026B2/en

See also: Timothy J. Pierson, Travis Peters, Ronald Peterson, and David Kotz. CloseTalker: secure, short-range ad hoc wireless communication. Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), pages 340–352. ACM, June 2019. doi:10.1145/3307334.3326100. [Details]

THaW’s Eric Johnson on recent health system cyberattacks

Posted on by
Reply
Eric Johnson
Eric Johnson, PhD and dean of Vanderbilt University’s Owen Graduate School of Management

Cyberattacks targeting healthcare systems have been growing in prevalence and are wreaking more havoc with the healthcare industry’s increased dependence on electronic systems. Cyberattacks such as denial-of-service attacks, can have immediate impact on patient care by leaving medical staff without important patient records. The impacts don’t end there. With healthcare systems increasing their cybersecurity protocols in the aftermath of a cyberattack, patient information can be harder to access for those who should be accessing that information. Johnson’s research with co-author S.J. Choi, PhD, shows that at hospitals where security protocols slowed computer access by just a minute or so, people who came in with a heart attack were more likely to die. “When I talk to doctors about security, a lot of times they’re very negative,” Johnson said. “So they’re pretty far behind, and at this point, incredibly vulnerable.” It’s certainly not a stretch, Johnson says, to say that delays from a ransomware attack are likely to have more serious effects.

To read more about the recent cyberattacks on healthcare systems and coverage of THaW research on those topics, check out the THaW press page.

New THaW Paper on Recurring Device Verification

Posted on by
Reply

An IoT device user with a blood-pressure monitoring device should have the assurance that the device operates how a blood-pressure monitor should operate. If the monitor is connected to a measurement app that collects, stores, and reports data, but interacts in a way that is inconsistent with typical interactions for this type of device, there may be cause for concern. The reality of ubiquitous connectivity and frequent mobility gives rise to a myriad of opportunities for devices to be compromised. Thus, we argue that one-time, single-factor, device-to-device authentication (i.e., an initial pairing) is not enough, and that there must exist some mechanism to frequently (re-)verify the authenticity of devices and their connections.

In this paper we propose a device-to-device recurring authentication scheme – Verification of Interaction Authenticity (VIA) – that is based on evaluating characteristics of the communications (interactions) between devices. We adapt techniques from wireless traffic analysis and intrusion detection systems to develop behavioral models that capture typical, authentic device interactions (behavior); these models enable recurring verification of device behavior. 

To read more, check out the paper here.

Travis Peters, Timothy J. Pierson, Sougata Sen, José Camacho, and David Kotz. Recurring Verification of Interaction Authenticity Within Bluetooth Networks. Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2021), pages 192–203. ACM, June 2021. doi:10.1145/3448300.3468287. ©

How to curtail oversensing in the home

Posted on by
Reply

Recent THaW paper:

Future homes are an IoT hotspot that will be particularly at risk. Sensitive information such as passwords, identification, and financial transactions are abundant in the home—as are sensor systems such as digital assistants, smartphones, and interactive home appliances that may unintentionally capture this sensitive information. For example, how motion sensors can capture nearby sounds, including words and keystrokes. We call this oversensing: where authorized access to sensor data provides an application with superfluous and potentially sensitive information. Manufacturers and system designers must employ the principle of least privilege at a more fine-grained level and with awareness of how often different sensors overlap in the sensitive information they leak. We project that directing technical efforts toward a more holistic conception of sensor data in system design and permissioning will reduce risks of oversensing.

Connor Bolton, Kevin Fu, Josiah Hester, and Jun Han. How to curtail oversensing in the homeCommunications of the ACM 63(6), pages 20–24, June 2020. ACM. DOI: 10.1145/3396261

VibeRing: Using vibrations from a smart ring as an out-of-band channel for sharing secret keys

Posted on by
Reply

A recent THaW paper was nominated for Best Paper at the IoT conference:

With the rapid growth in the number of Internet of Things (IoT) devices with wireless communication capabilities, and sensitive information collection capabilities, it is becoming increasingly necessary to ensure that these devices communicate securely with only authorized devices. A major requirement of this secure communication is to ensure that both the devices share a secret, which can be used for secure pairing and encrypted communication. Manually imparting this secret to these devices becomes an unnecessary overhead, especially when the device interaction is transient. In this work, we empirically investigate the possibility of using an out-of-band communication channel – vibration, generated by a custom smartRing – to share a secret with a compatible IoT device. Through a user study with 12 participants we show that in the best case we can exchange 85.9% messages successfully. Our technique demonstrates the possibility of sharing messages accurately, quickly, and securely as compared to several existing techniques.

To learn more, check out the video presentation here.

Sougata Sen and David Kotz. VibeRing: Using vibrations from a smart ring as an out-of-band channel for sharing secret keys. In Proceedings of the International Conference on the Internet of Things (IoT), page Article#13 (8 pages), October 2020. ACM. DOI: 10.1145/3341162.3343818

Two faces of Mobile Sensing

Posted on by
Reply

A PhD dissertation from a recent ThaW graduate.

The recent popularization of mobile devices equipped with high-performance sensors has given rise to the fast development of mobile sensing technology. Mobile sensing applications, such as gesture recognition, vital sign monitoring, localization, and identification analyze the signals generated by human activities and environment changes, and thus get a better understanding of the environment and human behaviors. While benefiting people’s lives, the growing capability of Mobile Sensing would also spawn new threats to security and privacy. On one hand, while the commercialization of new mobile devices enlarges the design space, it is challenging to design effective mobile sensing systems, which use fewer or cheaper sensors and achieve better performance or more functionalities. On the other hand, attackers can utilize the sensing strategies to track victims’ activities and cause privacy leakages. Mobile sensing attacks usually use side channels and target the information hidden in non-textual data. I present the Mobile Sensing Application-Attack (MSAA) framework, a general model showing the structures of mobile sensing applications and attacks, and how the two faces — the benefits and threats — are connected. MSAA reflects our principles of designing effective mobile sensing systems and exploring information leakages. Our experiment results show that our applications can achieve satisfactory performance, and also confirm the threats of privacy leakage if they are maliciously used, which reveals the two faces of mobile sensing.

Tuo Yu. Two faces of Mobile SensingPhD thesis, May 2020. University of Illinois at Urbana-Champaign. Download from http://hdl.handle.net/2142/107938

Mobile devices based eavesdropping of handwriting

Posted on by
Reply

Recent THaW paper:

When filling out privacy-related forms in public places such as hospitals or clinics, people usually are not aware that the sound of their handwriting can leak personal information. In this paper, we explore the possibility of eavesdropping on handwriting via nearby mobile devices based on audio signal processing and machine learning. By presenting a proof-of-concept system, WritingHacker, we show the usage of mobile devices to collect the sound of victims’ handwriting, and to extract handwriting-specific features for machine learning based analysis. An attacker can keep a mobile device, such as a common smartphone, touching the desk used by the victim to record the audio signals of handwriting. Then, the system can provide a word-level estimate for the content of the handwriting. Moreover, if the relative position between the device and the handwriting is known, a hand motion tracking method can be further applied to enhance the system’s performance. Our prototype system’s experimental results show that the accuracy of word recognition reaches around 70 – 80 percent under certain conditions, which reveals the danger of privacy leakage through the sound of handwriting.

July 2020: Tuo Yu, Haiming Jin, and Klara Nahrstedt. Mobile devices based eavesdropping of handwritingIEEE Transactions on Mobile Computing 19(7), pages 1649–1663, July 2020. IEEE. DOI: 10.1109/TMC.2019.2912747 

SoK: A Minimalist Approach to Formalizing Analog Sensor Security

Posted on by
Reply

Recent THaW paper:

May 2020: Chen Yan, Hocheol Shin, Connor Bolton, Wenyuan Xu, Yongdae Kim, and Kevin Fu. SoK: A Minimalist Approach to Formalizing Analog Sensor Security. pages 233–248, May 2020. IEEE. DOI: 10.1109/sp40000.2020.00026 

Over the last six years, several papers demonstrated how intentional analog interference based on acoustics, RF, lasers, and other physical modalities could induce faults, influence, or even control the output of sensors. Damage to the availability and integrity of sensor output carries significant risks to safety-critical systems that make automated decisions based on trusted sensor measurement. This IEEE S&P conference ‘Systematization of Knowledge’ paper provides a framework for assessing the security of analog sensors without sensor engineers needing to learn significantly new notation. The primary goals of the systematization are (1) to enable more meaningful quantification of risk for the design and evaluation of past and future sensors, (2) to better predict new attack vectors, and (3) to establish defensive design patterns that make sensors more resistant to analog attacks.