Abstract
As healthcare in many countries faces an aging population and rising costs, mobile sensing technologies promise a new opportunity. Using mobile health (mHealth) sensing, which uses medical sensors to collect data about the patients, and mobile phones to act as a gateway between sensors and electronic health record systems, caregivers can continuously monitor the patients and deliver better care. Furthermore, individuals can become better engaged in monitoring and managing their own health. Although some work on mHealth sensing has addressed security, achieving strong privacy for low-power sensors remains a challenge. We make three contributions. First, we propose an mHealth sensing protocol that provides strong security and privacy properties at the link layer, with low energy overhead, suitable for low-power sensors. The protocol uses three novel techniques: adaptive security, to dynamically modify transmission overhead; MAC striping, to make forgery difficult even for small-sized Message Authentication Codes; and asymmetric resource requirements, in recognition of the limited resources in tiny mHealth sensors. Second, we demonstrate its feasibility by implementing a prototype on a Chronos wrist device, and evaluating it experimentally. Third, we provide a security, privacy, and energy analysis of our system.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
To intercept a message, the adversary captures the message header when it is being transmitted, and then disrupts some bits in the payload or the MAC so that the receiver discards the message because it will fail the MAC verification process.
A string is said indistinguishable from random bits if any computationally bounded adversary cannot guess correctly whether the string is truly random or not with a non-negligibly higher probability than the probability that she guesses incorrectly. The formal treatment of this security property can be found in [14].
For the adversary to inject sensor data chosen by itself, the adversary needs to compute the corresponding ciphertext, which is difficult because it requires knowledge of the encryption key and nonce. As a forgery attack, however, it suffices to make the MN accept the ciphertext chosen by the adversary, whatever the decrypted data might be.
References
Agarwal S, Lau CT (2010) Remote health monitoring using mobile phones and web services. Telemed e-Health 16(5):603–607. doi:10.1089/tmj.2009.0165
Arcelus A, Goubran R, Sveistrup H, Bilodeau M, Knoefel F (2010) Context-aware smart home monitoring through pressure measurement sequences. In: Proceedings of the IEEE international workshop on medical measurement and applications (MeMeA), pp 32–37. doi:10.1109/MEMEA.2010.5480223
Armknecht F, Girao J, Matos A, Aguiar RL (2007) Who said that? Privacy at link layer. In: IEEE international conference on computer communications (INFOCOM), pp 2521–2525. doi:10.1109/INFCOM.2007.313
Avancha S, Baxi A, Kotz D (2013) Privacy in mobile technology for personal healthcare. ACM Comput Surv 45(3). Online at http://www.cs.dartmouth.edu/dfk/papers/avancha-survey.pdf
Buttussi F, Chittaro L (2010) Smarter phones for healthier lifestyles: an adaptive fitness game. IEEE Pervasive Comput 9(4):51–57. doi:10.1109/MPRV.2010.52
Buttyan L, Holczer T (2012) Traffic analysis attacks and countermeasures in wireless body area sensor networks. In: IEEE international symposium on a world of wireless, mobile and multimedia networks (WoWMoM), pp 1–6. doi:10.1109/WoWMoM.2012.6263774
Chang H-L, Shaw MJ, Lai F, Ko W-J, Ho Y-L, Chen H-S, Shu C-C (2010) U-health: an example of a high-quality individualized healthcare service. Personalized Med 7(6):677–687. doi:10.2217/pme.10.64
TI eZ430 Chronos. http://processors.wiki.ti.com/index.php/EZ430-Chronos
Coyle S, Benito-Lopez F, Byrne R, Diamond D (2010) On-body chemical sensors for monitoring sweat. In: Wearable and autonomous biomedical devices and systems for smart environment, volume 75 of lecture notes in electrical engineering, pp 177–193. Springer. doi:10.1007/978-3-642-15687-8_9
Greenstein B, McCoy D, Pang J, Kohno T, Seshan S, Wetherall D (2008) Improving wireless privacy with an identifier-free link layer protocol. In: Proceedings of the international conference on mobile systems, applications, and services (MobiSys), pp 40–53. ACM. doi:10.1145/1378600.1378607
Kotz D (2011) A threat taxonomy for mHealth privacy. In: Proceedings of the workshop on networked healthcare technology (NetHealth). IEEE Press. doi:10.1109/COMSNETS.2011.5716518
Kumar A, Saxena N, Tsudik G, Uzun E (2009) A comparative study of secure device pairing methods. Pervasive Mob Comput 5(6):734–749. doi:10.1016/j.pmcj.2009.07.008
Monsoon power monitor. http://www.msoon.com/LabEquipment/PowerMonitor/
Pang J (2009) Quantifying and mitigating privacy threats in wireless protocols and services. PhD thesis, School of Computer Science, Carnegie Mellon University
Patwari N, Kasera SK (2007) Robust location distinction using temporal link signatures. In: Proceedings of the ACM international conference on mobile computing and networking (MobiCom), pp 111–122. ACM. doi:10.1145/1287853.1287867
Perrig A, Szewczyk R, Tygar JD, Wen V, Culler DE (2002) SPINS: security protocols for sensor networks. Wirel Netw 8(5):521–534. doi:10.1023/A:1016598314198
Portilla J, Otero A, de la Torre E, Riesgo T, Stecklina O, Peter S, Langendörfer P (2010) Adaptable security in wireless sensor networks by using reconfigurable ECC hardware coprocessors. Intern J Distrib Sens Netw 2011(2011). doi:10.1155/2010/740823
Prasad NR, Alam M (2006) Security framework for wireless sensor networks. Wirel Pers Commun 37:455–469. doi:10.1007/s11277-006-9044-7
Saxon LA, Hayes DL, Gilliam FR, Heidenreich PA, Day J, Seth M, Meyer TE, Jones PW, Boehmer JP (2010) Long-term outcome after ICD and CRT implantation and influence of remote device follow-up: the ALTITUDE survival study. Circulation 122(23):2359–2367. doi:10.1161/CIRCULATIONAHA.110.960633
Shon T, Koo B, Choi H, Park Y (2009) Security architecture for IEEE 802.15.4-based wireless sensor network. In: Proceedings of the International Symposium on Wireless Pervasive Computing (ISWPC), pp 1–5. doi:10.1109/ISWPC.2009.4800607
Singelée D, Preneel B (2006) Location privacy in wireless personal area networks. In: Proceedings of the ACM Workshop on Wireless Security (WiSe), pp 11–18. ACM. doi:10.1145/1161289.1161292
Sorber JM, Shin M, Peterson R, Kotz D (2012) Plug-n-Trust: practical trusted sensing for mHealth. In: Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys), pp 309–322. doi:10.1145/2307636.2307665
Wright CV, Ballard L, Coull SE, Monrose F, Masson GM (2010) Uncovering spoken phrases in encrypted voice over IP conversations. ACM Trans Inf Syst Secur (TISSEC) 13(4):35:1–35:30. doi:10.1145/1880022.1880029
Acknowledgments
This research results from a research program at the Institute for Security, Technology, and Society at Dartmouth College, supported by the National Science Foundation under award number 0910842, and by the Department of Health and Human Services (SHARP program) under award number 90TR0003-01. The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the sponsors.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mare, S., Sorber, J., Shin, M. et al. Hide-n-Sense: Preserving Privacy Efficiently in Wireless mHealth. Mobile Netw Appl 19, 331–344 (2014). https://doi.org/10.1007/s11036-013-0447-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-013-0447-x