Lead Institution: Dartmouth

Project Leader: David Kotz

Research Progress

• Abstract
  Electronic health records (EHRs) are changing the way clinicians maintain patient records; clinicians can now easily access patient records from different computers in a hospital. It is important to ensure that the clinicians log out when they are done using a computer, to prevent unauthorized access to the patients’ records. Clinicians, however, often forget to log out. In the ZEBRA project we are developing an automatic deauthentication method that will automatically log clinicians out from a computer when they are done using it.

• Focus of the research/Market need for this project
  Deauthentication is a challenge in clinical settings. We have heard many times from clinical staff and clinical IT managers about the need to ensure desktop computers are not left “logged in” by busy staff that interact intermittently with these shared terminals throughout the clinical workday. Existing commercial products address authentication, and a few have proximity-based deauthentication, but none are secure in the dense workspaces common in clinics.

• Project Aims/Goals
  As part of this research we explored the use of a wrist-worn device that allows an individual to seamlessly authenticate herself to a desktop or tablet computer. In our approach, Zero-Effort Bilateral Recurring Authentication (ZEBRA), the clinician wears a wrist bracelet that embeds a motion sensor and Bluetooth wireless radio; it stores the digital identity of the clinician, installed when the bracelet was provided to the clinician. After the clinician authenticates to the computer, using whatever authentication methods are required, the bracelet continuously communicates with the desktop computer, reaffirming the user’s presence (in radio range) and providing sensor data about the user’s wrist movement. The desktop compares this data with its own observations of keyboard and mouse use, and deauthenticates the user (logs them out or locks the screen) when they no longer correlate.

• Key Conclusions/Significant Findings/Milestones reached/Deliverables
  We designed an approach based on the use of an authentication bracelet, and developed algorithms to continuously verify whether the wrist motions of the bracelet are consistent with the user’s interaction on the keyboard and mouse; we validated our method with in-lab user studies. This project continues under new funding from the NSF.

• Materials Available for Other Investigators/interested parties
  At this time, we are able to share one peer-reviewed paper and one patent application; later we plan to open the software and hardware for use by the research community.

• Market entry strategies
  We filed one patent application and are working with our technology transfer office to seek opportunities for licensing this technology.

Bibliography

• Papers
  ZEBRA: Zero-Effort Bilateral Recurring Authentication
  Shrirang Mare, Andres Molina-Markham, Cory Cornelius, Ronald Peterson, and David Kotz
  In IEEE Symposium on Security & Privacy, pages 705-720, May, 2014. DOI 10.1109/SP.2014.51

• Presentations
  ZEBRA: For secure and seamless device interaction
  Shrirang Mare
  Ph.D. forum, MobiSys 2013

• Patents pending
  System, Method and Authorization Device for Biometric Access Control to Digital Devices
  Shrirang Mare, Andrés Molina-Markham, Ronald Peterson, Cory Cornelius, and David Kotz
  Patent Application number PCT/US14/31484, March 21, 2014