Taylor Hardin presented a poster at ACM MobiSys conference this week, about some clever new ideas for protecting the memory inside an MSP430 when mutually-untrusted apps have to share the same small memory. Abstract below.
David Harmon ’17 develops and evaluates a novel protocol for secure transfer of sensor data from an Amulet to a smartphone, in this Senior Honors Thesis released as a Dartmouth Computer Science Technical Report.
Abstract. The authenticity, confidentiality, and integrity of data streams from wearable healthcare devices are critical to patients, researchers, physicians, and others who depend on this data to measure the effectiveness of treatment plans and clinical trials. Many forms of mHealth data are highly sensitive; in the hands of unintended parties such data may reveal indicators of a patient’s disorder, disability, or identity. Furthermore, if a malicious party tampers with the data, it can affect the diagnosis or treatment of patients, or the results of a research study. Although existing network protocols leverage encryption for confidentiality and integrity, network-level encryption does not provide end-to-end security from the device, through the smartphone and database, to downstream data consumers. In this thesis we provide a new open protocol that provides end-to-end authentication, confidentiality, and integrity for healthcare data in such a pipeline.
We present and evaluate a prototype implementation to demonstrate this protocol’s feasibility on low-power wearable devices, and present a case for the system’s ability to meet critical security properties under a specific adversary model and trust assumptions.
Advisor: David Kotz.
Congratulations to Emily Greene, an undergraduate in the Amulet group, who received Honorable Mention for the NCWIT Collegiate Award from the National Center for Women & Information Technology (NCWIT). Emily is spending this week at the NCWIT Summit on Women and IT in Tucson, Arizona.
Here is her video submission, which describes a cryptographically-supported mechanism for selective sharing of streams of mHealth data, such as those that would be produced by Amulet applications.