30-06-2012, 01:38 PM
Securing Mobile Devices with Biotelemetry
Securing Mobile Devices.pdf (Size: 757.41 KB / Downloads: 66)
Abstract
As the value of information placed on mobile
devices increases, so does the risk that the information will be lost
or stolen. In dire scenarios, such as soldiers on the battlefield,
there is a tension between accessing critical information quickly
and protecting that information from unauthorized viewers.
Lightweight body sensors that detect and process physiological
information can provide an unconventional means for
simultaneously securing data on a mobile device and making
pertinent health information available to authorized remote
viewers. In this paper we present the design, implementation, and
evaluation of our three-tier Secure Mobile Computing (SMC)
system.
INTRODUCTION
The security of mobile devices is a pertinent issue in several
domains, including healthcare facilities, businesses, and the
military. The risk of revealing sensitive information
necessitates data protection, but at the cost of data usability.
Although conventional solutions such as encrypting data or
setting up access control mechanisms tend to be effective, once
the data is decrypted or accessed the data becomes susceptible
to a wider range of attacks. Fig. 1 outlines the basic problem
and our approach to a solution. Ad-hoc file encryption can be
cumbersome; it is easy to circumvent or the user may simply
forget to enable it. Sophisticated access control for a singleuser
mobile device is generally not an issue for personal
devices, but access should not be extended to unauthorized
viewers in security-critical situations.
ELECTROCARDIOGRAPH
This section provides background on the ECG from a
physiological perspective. Since SMC uses characteristics of an
ECG signal to effect actions, we discuss how the signal is
obtained and how it is used. We also highlight the clinical
significance of the ECG and current approaches to ECG
monitoring and analysis.
SYSTEM DESIGN
The SMC system comprises three tiers: (1) the body sensor,
(2) the mobile device, and (3) the external network and
environment. The first tier’s responsibility is to obtain a
physiological signal and send information as requested by the
mobile device. The second tier is the mobile device—the
information hub where signal information is delivered and
propagated. The mobile device stores the user’s sensitive
information and its SMC service intercepts the sensor’s data
and implements security policies. The third tier, the web
service interface, broadcasts user-related information to a
central location (such as a telemedicine center or operation
control) that assumes a central role in a monitoring situation.
Fig. 3 is a picture of the patch and mobile device working
together to show the ECG.
RELATED WORK
The security of mobile devices and the unique problems
associated with pervasive computing have been well
documented [6, 13]. Attacks such as radio jamming and sleep
deprivation torture (i.e., keeping a device awake to drain the
battery) are legitimate problems, but SMC addresses them
through the policy engine. Denial of service will simply cause a
disconnection or timeout event and sleep deprivation torture is
difficult because once the Bluetooth is connected, it does not
respond to service inquiries. More subtle attacks based on
traffic analysis and surveillance are mitigated by the
Bluetooth’s power and range (which are limited to an
immediate area around the radio).
CONCLUSIONS
We have presented SMC, a novel approach to securing
mobile devices based on a body sensor. We have shown that
our QRS detection algorithm has sufficient predictivity to be
used as a security policy. Our heuristics for other policy events,
including electrode removal and disconnection, are sufficient to
discriminate them. The use of averaging windows (both for RR
intervals and within the QRS detection algorithm) are critical
to ensure continuity in spite of local anomalous events. While
flexibility and configurability are important attributes of the
system, intelligent defaults lead to a convenient security
implementation. As sensors become smaller and fade into the
world around us, we can leverage them for both security and
remote health monitoring.