NSF (09/17 - 08/19)

Project Description

HealthSense: Assessing and Protecting Privacy in Wireless Wearable Sensor-generated Medical Data(Sep. 2017 - Aug. 2019)
  • Client:

    Project Sponsor- NSF
Privacy plays an important role in the physical and cyberspace, and has raised significant amount of discussion and research. Privacy issues in networked systems have been addressed by conventional techniques (e.g., cryptographic protocols) developed for Internet applications. However, privacy-related challenges evolves with the advances in communication and computation technologies. The emergence of various types of wearable sensors, for which market estimates predict the use of over 3 billion wearable sensors by 2015, motivates researchers in how to strengthen data confidentiality when transmitting health information through multiple sensors. Certainly, wearable sensors promote the appearance of new and varied attack vectors targeting privacy intrusions. This is because of their resource constraints, software and hardware security vulnerabilities, and their potential to gather sensitive data. These three factors make wearable sensors targets of new attack vectors. Hence, ensuring that user’s vital physiological data is confidentially transmitted from wearable sensors to a centralized data repository/processing cloud, and transmitting through various devices, is of paramount importance.

Our goal in this research project is to develop methodologies to assess privacy intrusion, and protect the privacy of user’s vital physiological data transmitted from different types of wearable sensors to a centralized data repository/processing cloud. To enable seamless and secure transmission of health data through wearable sensors, the main research question that HealthSense addresses are: how can we improve the security and privacy of the transmission of a given user’s vital physiological data? Considering both the resource limitations in wearable sensors and the tremendous increase in mobile data related to health-related sensing, answering this question in a holistic way is a demanding task.

Fig. 1. Architecture of intra-body side-channel using galvanic coupling for privacy-protection. (a) human tissue equivalent circuit model, (b) functional blocks of the side-channel.

HealthSense has twofold objectives: (i) Assessing privacy intrusion: we will investigate the collection of private information by an unauthorized entity such as sensor type, the specific medical condition, and user identity, by analyzing the sensor traffic sent by a specific user and operational patterns across the protocol stack. As a first step, we will build on our prior work to investigate and demonstrate how cross-layer and joint hardware/software fingerprinting techniques can be used to track a given user over time and space, and then identify with high probability, which types of medical sensing applications are active. (ii) Privacy protection: we will demonstrate a first-of-its-kind side-channel technique, using a non-radiating body channel, to exchange secret information between the wearable sensors and the information relaying device, such as a mobile phone. This shared secret can be both an encryption key as well as a randomized traffic shaping seed that intentionally obfuscates the RF sniffing undertaken, thereby mitigating the above types of privacy intrusions.