Developing a platform to evaluate and assess the security of wearable devices

Matthew L Hale, Kerolos Lotfy, Rose F. Gamble, Charles Walter, Jessica Lin

Research output: Contribution to journalArticle

Abstract

Operating in a body area network around a smartphone user, wearables serve a variety of commercial, medical and personal uses. Depending on a certain smartphone application, a wearable can capture sensitive data about the user and provide critical, possibly life-or-death, functionality. When using wearables, security problems might occur on hardware/software of wearables, connected phone apps or web services devices, or Bluetooth channels used for communication. This paper develops an open source platform called SecuWear for identifying vulnerabilities in these areas and facilitating wearable security research to mitigate them. SecuWear supports the creation, evaluation, and analysis of security vulnerability tests on actual hardwares. Extending earlier results, this paper includes an empirical evaluation that demonstrates proof of concept attacks on commercial wearable devices and shows how SecuWear captures the information necessary for identifying such attacks. Also included is a process for releasing attack and mitigation information to the security community.

Original languageEnglish (US)
JournalDigital Communications and Networks
DOIs
StatePublished - Jan 1 2019

Fingerprint

Smartphones
Bluetooth
Application programs
Web services
Computer hardware
hardware
vulnerability
data capture
Hardware
Communication
evaluation
functionality
death
communication
community

Keywords

  • Bluetooth LE
  • Internet of things
  • Man-in-the-middle attacks
  • Security
  • Vulnerability discovery
  • Wearables

ASJC Scopus subject areas

  • Communication
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Developing a platform to evaluate and assess the security of wearable devices. / Hale, Matthew L; Lotfy, Kerolos; Gamble, Rose F.; Walter, Charles; Lin, Jessica.

In: Digital Communications and Networks, 01.01.2019.

Research output: Contribution to journalArticle

Hale, Matthew L ; Lotfy, Kerolos ; Gamble, Rose F. ; Walter, Charles ; Lin, Jessica. / Developing a platform to evaluate and assess the security of wearable devices. In: Digital Communications and Networks. 2019.
@article{a9c28ccb528548a8a335e0c402182c6c,
title = "Developing a platform to evaluate and assess the security of wearable devices",
abstract = "Operating in a body area network around a smartphone user, wearables serve a variety of commercial, medical and personal uses. Depending on a certain smartphone application, a wearable can capture sensitive data about the user and provide critical, possibly life-or-death, functionality. When using wearables, security problems might occur on hardware/software of wearables, connected phone apps or web services devices, or Bluetooth channels used for communication. This paper develops an open source platform called SecuWear for identifying vulnerabilities in these areas and facilitating wearable security research to mitigate them. SecuWear supports the creation, evaluation, and analysis of security vulnerability tests on actual hardwares. Extending earlier results, this paper includes an empirical evaluation that demonstrates proof of concept attacks on commercial wearable devices and shows how SecuWear captures the information necessary for identifying such attacks. Also included is a process for releasing attack and mitigation information to the security community.",
keywords = "Bluetooth LE, Internet of things, Man-in-the-middle attacks, Security, Vulnerability discovery, Wearables",
author = "Hale, {Matthew L} and Kerolos Lotfy and Gamble, {Rose F.} and Charles Walter and Jessica Lin",
year = "2019",
month = "1",
day = "1",
doi = "10.1016/j.dcan.2018.10.009",
language = "English (US)",
journal = "Digital Communications and Networks",
issn = "2468-5925",
publisher = "Chongqing University of Posts and Telecommunications",

}

TY - JOUR

T1 - Developing a platform to evaluate and assess the security of wearable devices

AU - Hale, Matthew L

AU - Lotfy, Kerolos

AU - Gamble, Rose F.

AU - Walter, Charles

AU - Lin, Jessica

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Operating in a body area network around a smartphone user, wearables serve a variety of commercial, medical and personal uses. Depending on a certain smartphone application, a wearable can capture sensitive data about the user and provide critical, possibly life-or-death, functionality. When using wearables, security problems might occur on hardware/software of wearables, connected phone apps or web services devices, or Bluetooth channels used for communication. This paper develops an open source platform called SecuWear for identifying vulnerabilities in these areas and facilitating wearable security research to mitigate them. SecuWear supports the creation, evaluation, and analysis of security vulnerability tests on actual hardwares. Extending earlier results, this paper includes an empirical evaluation that demonstrates proof of concept attacks on commercial wearable devices and shows how SecuWear captures the information necessary for identifying such attacks. Also included is a process for releasing attack and mitigation information to the security community.

AB - Operating in a body area network around a smartphone user, wearables serve a variety of commercial, medical and personal uses. Depending on a certain smartphone application, a wearable can capture sensitive data about the user and provide critical, possibly life-or-death, functionality. When using wearables, security problems might occur on hardware/software of wearables, connected phone apps or web services devices, or Bluetooth channels used for communication. This paper develops an open source platform called SecuWear for identifying vulnerabilities in these areas and facilitating wearable security research to mitigate them. SecuWear supports the creation, evaluation, and analysis of security vulnerability tests on actual hardwares. Extending earlier results, this paper includes an empirical evaluation that demonstrates proof of concept attacks on commercial wearable devices and shows how SecuWear captures the information necessary for identifying such attacks. Also included is a process for releasing attack and mitigation information to the security community.

KW - Bluetooth LE

KW - Internet of things

KW - Man-in-the-middle attacks

KW - Security

KW - Vulnerability discovery

KW - Wearables

UR - http://www.scopus.com/inward/record.url?scp=85061238456&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85061238456&partnerID=8YFLogxK

U2 - 10.1016/j.dcan.2018.10.009

DO - 10.1016/j.dcan.2018.10.009

M3 - Article

JO - Digital Communications and Networks

JF - Digital Communications and Networks

SN - 2468-5925

ER -