Home » Security

Researchers propose a way to use your heartbeat as a password | Computerworld

By |January 26th, 2017|Security, Sensors|

Patients’ electrocardiograph readings would be used as an encryption key to access their medical records.

Researchers at Binghamton State University in New York think your heart could be the key to your personal data. By measuring the electrical activity of the heart, researchers say they can encrypt patients’ health records.  
The fundamental idea is this: In the future, all patients will be outfitted with a wearable device, which will continuously collect physiological data and transmit it to the patients’ doctors. Because electrocardiogram (ECG) signals are already collected for clinical diagnosis, the system would simply reuse the data during transmission, thus reducing the cost and computational power needed to create an encryption key from scratch.

“There have been so many mature encryption techniques available, but the problem is that those encryption techniques rely on some complicated arithmetic calculations and random key generations,” said Zhanpeng Jin, a co-author of the paper “A Robust and Reusable ECG-based Authentication and Data Encryption Scheme for eHealth Systems.”

Those encryption techniques can’t be “directly applied on the energy-hungry mobile and wearable devices,” Jin added. “If you apply those kinds of encryptions on top of the mobile device, then you can burn the battery very quickly.”

But there are drawbacks. According to Jin, one of the reasons ECG encryption has not been widely adopted is because it’s generally more sensitive and vulnerable to variations than some other biometric measures. For instance, your electrical activity could change depending on factors such as physical exertion and mental state. Other more permanent factors such as age and health can also have an effect. 

“ECG itself cannot be used for a biometric authentication purpose alone, but it’s a very effective way as a secondary authentication,” Jin said.

While the technology for ECG encryption is already here, its adoption will depend on patients’ willingness to don wearables and on their comfort with constantly sharing their biometrics.

http://www.computerworld.com/article/3159661/security/researchers-propose-a-way-to-use-your-heartbeat-as-a-password.html?google_editors_picks=true

Internet of Things: Securing Medical & Patient Data | ARM

By |August 7th, 2016|HealthCare (mHealth & TeleHealth), Internet of Things, Security|

Securing Medical & Wellness Data

Your health data is one of most important pieces of a data that is personal and confidential to you.   Through the advent of sensor innovations we are finding many more devices gathering this data such as your fitness bands, smartwatch, even phone counting your steps automatically without you having to do anything. This is only the beginning we are starting to see innovations in medical and wellness monitoring from all sorts of devices such as toothbrushes which can detect cancer, to patches you wear that monitor UV exposure or hydration.  Innovations in microfluidic technologies are enabling analysis of your blood, sweat, and urine at price points where it can reach consumers hands in both developed and developing countries.

This data, if used correctly, will keep us more informed of what’s happening inside and outside our bodies and give us alert with the right information at the right time to make informed decisions.  Taking it one step further, mobile and cloud platforms can enable a holistic system of health to inform close trusted family/friend circle about changes in health to help individuals make the right lifestyle choices.   It will also help caregivers know the right time to intervene, potentially staving off a more severe condition.

Unfortunately, as with any technological innovation, it can also have potential malicious uses resulting in substantial financial and social consequences:

  • Insurance providers could use the data to increase premiums or cancel policies
  • Informed employers may choose healthier candidates (to keep costs down)
  • Dating applications could add medical filters

But how is the data being handled from when it gets created at the source? Is it being guarded all the way from the sensor to the phone, to the cloud? What happens to your data in the cloud? Is it shared with 3rd parties? Have you read to read the Terms and Conditions for each of your digital devices to understand the answers to these questions? In this blog, we will aim to address some of the basic vulnerabilities of data as it travels from sensor -> phone -> cloud and explore a method to safeguard it as well as talk about some the initiatives taking place to help safeguard our health data.

Threats and Hacks

There are two threat vectors that we will address in this video:

  1. Screen Scrape Attacks
  2. BLE attacks

Screen scrape attacks leverage the ability to “record” the frame buffer of the screen of a device to steal the data as an app renders to the screen.  This technique has been used to steal everything from passwords to high value video content.    The video below demonstrates this threat:

     

https://community.arm.com/groups/internet-of-things/blog/2016/07/28/securing-medical-wellness-data