Developing a platform to evaluate and assess the security of wearable devices

Matthew L. Hale, Kerolos Lotfy, Rose F. Gamble, Charles Walter, Jessica Lin

Research output: Contribution to journalArticle

Abstract

Operating in a body area network around a smartphone user, wearables serve a variety of commercial, medical and personal uses. Depending on a certain smartphone application, a wearable can capture sensitive data about the user and provide critical, possibly life-or-death, functionality. When using wearables, security problems might occur on hardware/software of wearables, connected phone apps or web services devices, or Bluetooth channels used for communication. This paper develops an open source platform called SecuWear for identifying vulnerabilities in these areas and facilitating wearable security research to mitigate them. SecuWear supports the creation, evaluation, and analysis of security vulnerability tests on actual hardwares. Extending earlier results, this paper includes an empirical evaluation that demonstrates proof of concept attacks on commercial wearable devices and shows how SecuWear captures the information necessary for identifying such attacks. Also included is a process for releasing attack and mitigation information to the security community.

Original languageEnglish (US)
Pages (from-to)147-159
Number of pages13
JournalDigital Communications and Networks
Volume5
Issue number3
DOIs
Publication statusPublished - Aug 2019

    Fingerprint

Keywords

  • Bluetooth LE
  • Internet of things
  • Man-in-the-middle attacks
  • Security
  • Vulnerability discovery
  • Wearables

ASJC Scopus subject areas

  • Hardware and Architecture
  • Computer Networks and Communications

Cite this