Telemedicine: HIDE-n-SENSE

Lead Institution: Dartmouth

Project Leader: David Kotz

Research Progress

  • Abstract
    As individuals continue to use medical devices as part of their own body-area health network (BAHN) it is critical to ensure that the BAHN is secure.
    In a user’s body-area health network, which includes the user’s phone (the controller) and medical devices (nodes), there is always a risk of privacy leak because the nodes communicate with the phone over a wireless channel, which is also accessible to an adversary. In this project we studied these privacy risks, we developed techniques that can be applied to existing wireless protocols to make them energy-efficient, and we developed an energy-efficient privacy-preserving protocol for BAHN.

  • Focus of the research/Market need for this project
    The focus of our research was to ensure that a user’s BAHN is secure, private, and anonymous. With increasing mobile medical devices being introduced in user’s BAHN it is vital that the BAHN does not leak any sensitive information. Current commercially-available body-area networks (ANT, Bluetooth, and Zigbee) are each lacking in some aspect of security, privacy, or anonymity.

  • Project Aims/Goals
    The goal of the project was to study the network-level security and privacy issues in a body-area health network (BAHN) and develop solutions to address these problems.

    As part of the project, we first studied the Bluetooth protocol, which is the most common protocol in body-area networks, and we identified security and privacy issues with Bluetooth. (See our HealthSec paper.) Based on that research, we proposed specifications for a secure BAHN protocol. Many existing secure protocols have large transmission overhead, which makes them unsuitable for BAHN, which contains devices with limited resources. We developed techniques that can be applied to wireless protocols in a BAHN to make them energy-efficient by allowing them to reduce packet transmission overheads without significant compromise in security or privacy.
    We also proposed a specific privacy-preserving protocol, called Hide-n-Sense. We evaluated our protocol extensively: we did a thorough security analysis of the protocol, we implemented it on Chronos TI eZ430 devices, and we performed various experiments to measure the network performance and energy consumption of our protocol.

  • Key Conclusions/Significant Findings/Milestones reached/Deliverables
    Current BAHN protocols leak private information about the user. We need efficient secure and privacy-preserving protocols for BAHNs. We can leverage existing secure and privacy-preserving protocols by optimizing them for BAHN. We proposed techniques to do so; we proposed, implemented, and evaluated a privacy preserving protocol, called Hide-n-Sense, for a BAHN.
    Hide-n-Sense provides strong privacy and is far more energy-efficient than other link-layer wireless BAHN protocols that provide node anonymity. Its one limitation is that it is susceptible to a traffic-analysis attack based on packet sizes and timings. Although such an attack is hard to perform, it is a possibility. Solutions exist against traffic analysis but they are not energy-efficient.

  • Materials Available for Other Investigators/interested parties
    We published several peer-reviewed papers, as listed in the bibliography below.

  • Market entry strategies
    None.

Bibliography

  • Papers
    Hide-n-Sense: Preserving Privacy Efficiently in Wireless mHealth
    Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, and David Kotz
    Mobile Networks and Applications (MONET), 19(3):331-344, June 2014. Special issue on Wireless Technology for Pervasive Healthcare. DOI 10.1007/s11036-013-0447-x.

    Adaptive Security and Privacy for mHealth Sensing
    Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, and David Kotz
    USENIX Workshop on Health Security (HealthSec), August 2011

    Adapt-Lite: Privacy-Aware, Secure, and Efficient mHealth Sensing
    Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, and David Kotz
    Proceedings of the Workshop on Privacy in the Electronic Society (WPES), pages 137-142, October 2011

    Is Bluetooth the Right Technology for mHealth?
    Shrirang Mare and David Kotz
    USENIX Workshop on Health Security (HealthSec), August 2010

  • Presentations
    Adaptive Security and privacy for mHealth Sensing
    Shrirang Mare
    USENIX Workshop on Health Security (HealthSec), August 2011

    Adapt-lite: Privacy-aware, secure, and efficient mHealth sensing
    Shrirang Mare
    Workshop on Privacy in the Electronic Society (WPES), October 2011

    Is Bluetooth the right technology for mHealth?
    Shrirang Mare
    USENIX Workshop on Health Security (HealthSec), August 2010