Emily Greene, Patrick Proctor, and David Kotz recently published a paper titled Secure Sharing of mHealth Data Streams through Cryptographically-Enforced Access Control:
Abstract: Owners of mobile-health apps and devices often want to share their mHealth data with others, such as physicians, therapists, coaches, and caregivers. For privacy reasons, however, they typically want to share a limited subset of their information with each recipient according to their preferences. In this paper, we introduce ShareHealth, a scalable, usable, and practical system that allows mHealth-data owners to specify access-control policies and to cryptographically enforce those policies so that only parties with the proper corresponding permissions are able to decrypt data. The design and prototype implementation of this system make three contributions: (1) they apply cryptographically-enforced access-control measures to stream-based (specifically mHealth) data, (2) they recognize the temporal nature of mHealth data streams and support revocation of access to part or all of a data stream, and (3) they depart from the vendor- and device-specific silos of mHealth data by implementing a secure end-to-end system that can be applied to data collected from a variety of mHealth apps and devices.
Journal of Smart Health, 12:49-65, April 2019. DOI 10.1016/j.smhl.2018.01.003.
David Kotz recently presented a paper titled Amulet: an open-source wrist-worn platform for mHealth research and education.
Abstract: The advent of mobile and wearable computing technology has opened up tremendous opportunities for health and wellness applications. It is increasingly possible for individuals to wear devices that can sense their physiology or health-related behaviors, collecting valuable data in support of diagnosis, treatment, public health, or other applications. From a researcher’s point of view, the commercial availability of these “mHealth” devices has made it feasible to conduct scientific studies of health conditions and to explore health-related interventions. It remains difficult, however, to conduct systems work or other experimental research involving the hardware, software, security, and networking aspects of mobile and wearable technology. In this paper we describe the Amulet platform, an open-hardware, open-software wrist-worn computing device designed specifically for mHealth applications. Our position is that the Amulet is an inexpensive platform for research and education, and we encourage the mHealth community to explore its potential.
In Workshop on Networked Healthcare Technology (NetHealth), pages 891-897, January 2019. IEEE Computer Society Press.
A new paper from the extended Amulet group.
John A. Batsis, John A. Naslund, Alexandra B. Zagaria, David Kotz, Rachel Dokko, Stephen J. Bartels & Elizabeth Carpenter-Song. Technology for Behavioral Change in Rural Older Adults with Obesity. Journal of Nutrition in Gerontology and Geriatrics, April 2019.DOI: 10.1080/21551197.2019.1600097
John Batsis et al. recently published a paper in Gerontechnology titled Usability evaluation for the Amulet Wearable Device in rural older adults with obesity:
Mobile health (mHealth) interventions hold the promise of augmenting existing health promotion interventions. Older adults present unique challenges in advancing new models of health promotion using technology including sensory limitations and less experience with mHealth, underscoring the need for specialized usability testing. We use an open-source mHealth device as a case example for its integration in a newly designed health services intervention. We performed a convergent, parallel mixed-methods study including semi-structured interviews, focus groups, and questionnaires, using purposive sampling of 29 older adults, 4 community leaders, and 7 clinicians in a rural setting. We transcribed the data, developed codes informed by thematic analysis using inductive and deductive methods, and assessed the quantitative data using descriptive statistics. Our results suggest the importance of end-users in user-centered design of mHealth devices and that aesthetics are critically important. The prototype could potentially be feasibly integrated within health behavior interventions. Centralized dashboards were desired by all participants and ecological momentary assessment could be an important part of monitoring. Concerns of mHealth, including the prototype device, include the device’s accuracy, its intrusiveness in daily life and privacy. Formative evaluations are critically important prior to deploying large-scale interventions.
PDF: 2018 Batsis et al Gerontechnology Amulet
Last month in Boston at the annual USENIX conference, the Amulet team’s most recent paper was selected for presentation. Entitled “Application Memory Isolation on Ultra-Low-Power MCUs”, the paper explores increasing the security level of the Amulet platform, through novel uses of memory protection and isolation. To read more, click through to the PDF below.
PDF: Application Memory Isolation on Ultra-Low-Power MCUs
Equipped with sensors that are capable of collecting physiological and environmental data continuously, wearable technologies have the potential to become a valuable component of personalized healthcare and health management. However, in addition to the potential benefits of wearable devices, the widespread and continuous use of wearables also poses many privacy challenges. In some instances, users may not be aware of the risks associated with wearable devices, while in other cases, users may be aware of the privacy-related risks, but may be unable to negotiate complicated privacy settings to meet their needs and preferences. This lack of awareness could have an adverse impact on users in the future, even becoming a “skeleton in the closet.” In this work, we conducted 32 semi-structured interviews to understand how users perceive privacy in wearable computing. Results suggest that user concerns toward wearable privacy have different levels of variety ranging from no concern to highly concerned. In addition, while user concerns and benefits are similar among participants in our study, these variablesshould be investigated more extensively for the development of privacy enhanced wearable technologies.
- Byron Lowens, Vivian G. Motti, and Kelly E. Caine. Wearable Privacy: Skeletons in the Data Closet. Proceedings of IEEE International Conference on Healthcare Informatics (ICHI). Park City, UT, 2017, pp. 295-304. DOI: 10.1109/ICHI.2017.29
Byron presenting his paper, “Wearable Privacy: Skeletons in the Data Closet” at ICHI 2017
Abstract: In this work, we attempt to determine whether the contextual information of a participant can be used to predict whether the participant will respond to a particular EMA trigger. We use a publicly available dataset for our work, and find that by using basic contextual features about the participant’s activity, conversation status, audio, and location, we can predict if an EMA triggered at a particular time will be answered with a precision of 0.647, which is significantly higher than a baseline precision of 0.41. Using this knowledge, the researchers conducting field studies can efficiently schedule EMAs and achieve higher response rates.
Varun Mishra, Byron Lowens, Sarah Lord, Kelly Caine, and David Kotz. Investigating Contextual Cues As Indicators for EMA Delivery. In Proceedings of the International Workshop on Smart & Ambient Notification and Attention Management (UbiTtention), pages 935-940, September 2017. ACM. DOI 10.1145/3123024.3124571.
Taylor Hardin presented a poster at ACM MobiSys conference this week, about some clever new ideas for protecting the memory inside an MSP430 when mutually-untrusted apps have to share the same small memory. Abstract below.
Taylor Hardin explains his work to attendees at MobiSys.
David Harmon ’17 develops and evaluates a novel protocol for secure transfer of sensor data from an Amulet to a smartphone, in this Senior Honors Thesis released as a Dartmouth Computer Science Technical Report.
Abstract. The authenticity, confidentiality, and integrity of data streams from wearable healthcare devices are critical to patients, researchers, physicians, and others who depend on this data to measure the effectiveness of treatment plans and clinical trials. Many forms of mHealth data are highly sensitive; in the hands of unintended parties such data may reveal indicators of a patient’s disorder, disability, or identity. Furthermore, if a malicious party tampers with the data, it can affect the diagnosis or treatment of patients, or the results of a research study. Although existing network protocols leverage encryption for confidentiality and integrity, network-level encryption does not provide end-to-end security from the device, through the smartphone and database, to downstream data consumers. In this thesis we provide a new open protocol that provides end-to-end authentication, confidentiality, and integrity for healthcare data in such a pipeline.
We present and evaluate a prototype implementation to demonstrate this protocol’s feasibility on low-power wearable devices, and present a case for the system’s ability to meet critical security properties under a specific adversary model and trust assumptions.
Advisor: David Kotz.
George Boateng, M.S., reports on new Amulet research in his Master’s thesis, available as a Dartmouth Computer Science Technical Report.
Abstract. Physical activity helps reduce the risk of cardiovascular disease, hypertension and obesity. The ability to monitor a person’s daily activity level can inform self-management of physical activity and related interventions. For older adults with obesity, the importance of regular, physical activity is critical to reduce the risk of long-term disability. In this work, we present ActivityAware, an application on the Amulet wrist-worn device that monitors the daily activity levels (low, moderate and vigorous) of older adults in real-time. The app continuously collects acceleration data on the Amulet, classifies the current activity level, updates the day’s accumulated time spent at that activity level, displays the results on the screen and logs summary data for later analysis.
The app implements an activity-level detection model we developed using a Linear Support Vector Machine (SVM). We trained our model using data from a user study, where subjects performed common physical activities (sit, stand, lay down, walk and run). We obtained accuracies up to 99.2% and 98.5% with 10-fold cross validation and leave-one-subject-out (LOSO) cross-validation respectively. We ran a week-long field study to evaluate the utility, usability and battery life of the ActivityAware system where 5 older adults wore the Amulet as it monitored their activity level. The utility evaluation showed that the app was somewhat useful in achieving the daily physical activity goal. The usability feedback showed that the ActivityAware system has the potential to be used by people for monitoring their activity levels. Our energy-efficiency evaluation revealed a battery life of at least 1 week before needing to recharge. The results are promising, indicating that the app may be used for activity-level monitoring by individuals or researchers for epidemiological studies, and eventually for the development of interventions that could improve the health of older adults.
Advisors: David Kotz, Ryan Halter, John Batsis