Securing Mobile Devices with Biotelemetry

As the value of information placed on mobile devices increases, so does the risk that the information will be lost or stolen. In dire scenarios, such as soldiers on the battlefield, there is a tension between accessing critical information quickly and protecting that information from unauthorized viewers. Lightweight body sensors that detect and process physiological information can provide an unconventional means for simultaneously securing data on a mobile device and making pertinent health information available to authorized remote viewers. In this paper we present the design, implementation, and evaluation of our three-tier Secure Mobile Computing (SMC) system. Tier one consists of a physiological sensor (initially an electrocardiograph), microcontroller, and radio (initially Bluetooth) with the form factor of a bandage, collectively termed the "patch." The patch prototype collects and processes electrocardiograph (ECG) data and transmits the processed information over the wireless channel either continuously or periodically. The primary processing functionality, the heartbeat detection algorithm, has an average accuracy of over 99.5%. Tier two is the mobile device (e.g., cell phone, PDA, or laptop). SMC makes the utility of the mobile device dependent upon receipt of the patch's telemetry signal. SMC supports a number of programmable security policies that can either lock (e.g., encrypt) or erase data if the user is incapacitated or the mobile device loses proximity to the patch. Tier three is a web service that allows authorized viewers to view the sensor information remotely. We explore how SMC manages the interfaces between the tiers to implement security policies on the mobile device.

[1]  Paolo Fiorini,et al.  Human++: Emerging Technology for Body Area Networks , 2006, VLSI-SoC.

[2]  Carmen C. Y. Poon,et al.  A novel biometrics method to secure wireless body area sensor networks for telemedicine and m-health , 2006, IEEE Communications Magazine.

[3]  Sandeep Kumar,et al.  Using continuous biometric verification to protect interactive login sessions , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[4]  Jean-Pierre Hubaux,et al.  The quest for security in mobile ad hoc networks , 2001, MobiHoc '01.

[5]  Frank Stajano,et al.  The Resurrecting Duckling: security issues for ubiquitous computing , 2002, S&P 2002.

[6]  Jeffrey M. Hausdorff,et al.  Physionet: Components of a New Research Resource for Complex Physiologic Signals". Circu-lation Vol , 2000 .

[7]  Paul Lukowicz,et al.  AMON: a wearable medical computer for high risk patients , 2002, Proceedings. Sixth International Symposium on Wearable Computers,.

[8]  L. Biel,et al.  ECG analysis: a new approach in human identification , 1999, IMTC/99. Proceedings of the 16th IEEE Instrumentation and Measurement Technology Conference (Cat. No.99CH36309).

[9]  Patrick E. McSharry,et al.  Advanced Methods And Tools for ECG Data Analysis , 2006 .

[10]  Brenda K. Wiederhold,et al.  ECG to identify individuals , 2005, Pattern Recognit..

[11]  G. Cataldo,et al.  A portable ECG monitoring device with Bluetooth and Holter capabilities for telemedicine applications , 2006, 2006 International Conference of the IEEE Engineering in Medicine and Biology Society.

[12]  Willis J. Tompkins,et al.  A Real-Time QRS Detection Algorithm , 1985, IEEE Transactions on Biomedical Engineering.

[13]  Ying Bai,et al.  An ultra-wearable, wireless, low power ECG monitoring system , 2006, 2006 IEEE Biomedical Circuits and Systems Conference.