Security and privacy aspects of mobile applications for post-surgical care

Mobile technologies have the potential to improve patient monitoring, medical decision making and in general the efficiency and quality of health delivery. They also pose new security and privacy challenges. The objectives of this work are to (i) Explore and define security and privacy requirements on the example of a post-surgical care application, and (ii) Develop and test a pilot implementation Post-Surgical Care Studies of surgical out- comes indicate that timely treatment of the most common complications in compliance with established post-surgical regiments greatly improve success rates. The goal of our pilot application is to enable physician to optimally synthesize and apply patient directed best medical practices to prevent post-operative complications in an individualized patient/procedure specific fashion. We propose a framework for a secure protocol to enable doctors to check most common complications for their patient during in-hospital post- surgical care. We also implemented our construction and cryptographic protocols as an iPhone application on the iOS using existing cryptographic services and libraries

Human Mobility Monitoring using WiFi: Analysis, Modeling, and Applications

Understanding and modeling humans and device mobility has fundamental importance in mobile computing, with implications ranging from network design and location-aware technologies to urban infrastructure planning. Today\u27s users carry a plethora of devices such as smartphones, laptops, tablets, and smartwatches, with each device offering a different set of services resulting in different usage and mobility leading to the research question of understanding and modeling multiple user device trajectories. Additionally, prior research on mobility focuses on outdoor mobility when it is known that users spend 80% of their time indoors resulting in wide gaps in knowledge in the area of indoor mobility of users and devices. Here, I try to fill the gaps in mobility modeling in the areas of understanding and modeling indoor-outdoor human mobility as well as multi-device mobility. In this thesis, I propose the characterization and modeling of human and device mobility. Further, I design and deploy mobility-aware applications for contact tracing of infectious diseases and energy-aware Heating, Ventilation, and Air Conditioning (HVAC) scheduling. I try and answer a sequence of four primary inter-related questions : (1) how is indoor and outdoor user mobility different, (2) are multiple device trajectories belonging to a single user correlated, (3) how to model indoor mobility of users and (4) how to design effective mobility aware applications that are easily deployable and align with long term goals of sustainability as well relay positive societal impact. The insights gained from each question serves as a base to build up on the next question in the series. I present answers to these questions across three main parts of my thesis. The first part comprises of characterization and analysis of human and device mobility. In this part I design and develop tool to extract device trajectories from WiFi system logs syslog and map devices to users. These extracted trajectories and device to user mapping are used to characterize and empirically analyze the mobility of users at varying spatial granularity (indoor, outdoor) and extract device mobility correlations between multiple devices of users and forms the first part of my thesis. In the second part, based on the insights gained from the multi-granular and multi-device mobility characterization stated above, I argue that mobility is inherently hierarchical in nature and propose novel indoor human mobility modeling approach. Third, I leverage the passively observed mobility to design mobility-aware applications that either look back or look ahead in time. WiFiTrace is a look back or backtracking application that is a network-centric contact tracing tool to aid healthcare workers in manual contact tracing of infectious diseases and iSchedule is a look ahead machine learning based mobility-aware energy-saving application that predicts Heating, Ventilation, and Air Conditioning (HVAC) schedule for higher energy savings while increasing user comfort

A Study of IEEE 802.15.4 Security Framework for Wireless Body Area Network

A Wireless Body Area Network (WBAN) is a collection of low-power and lightweight wireless sensor nodes that are used to monitor the human body functions and the surrounding environment. It supports a number of innovative and interesting applications, including ubiquitous healthcare and Consumer Electronics (CE) applications. Since WBAN nodes are used to collect sensitive (life-critical) information and may operate in hostile environments, they require strict security mechanisms to prevent malicious interaction with the system. In this paper, we first highlight major security requirements and Denial of Service (DoS) attacks in WBAN at Physical, Medium Access Control (MAC), Network, and Transport layers. Then we discuss the IEEE 802.15.4 security framework and identify the security vulnerabilities and major attacks in the context of WBAN. Different types of attacks on the Contention Access Period (CAP) and Contention Free Period (CFP) parts of the superframe are analyzed and discussed. It is observed that a smart attacker can successfully corrupt an increasing number of GTS slots in the CFP period and can considerably affect the Quality of Service (QoS) in WBAN (since most of the data is carried in CFP period). As we increase the number of smart attackers the corrupted GTS slots are eventually increased, which prevents the legitimate nodes to utilize the bandwidth efficiently. This means that the direct adaptation of IEEE 802.15.4 security framework for WBAN is not totally secure for certain WBAN applications. New solutions are required to integrate high level security in WBAN.Comment: 14 pages, 7 figures, 2 table

Supporting policy-based contextual reconfiguration and adaptation in ubiquitous computing

In order for pervasive computing systems to be able to perform tasks which support us in everyday life without requiring attention from the users of the environment, they need to adapt themselves in response to context. This makes context-awareness in general, and context-aware adaptation in particular, an essential requirement for pervasive computing systems. Two of the features of context-awareness are: contextual reconfiguration and contextual adaptation in which applications adapt their behaviour in response to context. We combine both these features of context-awareness to provide a broad scope of adaptation and put forward a system, called Policy-Based Contextual Reconfiguration and Adaptation (PCRA) that provides runtime support for both. The combination of both context-aware reconfiguration and context-aware adaptation provides a broad scope of adaptation and hence allows the development of diverse adaptive context-aware applications. However, another important issue is the choice of an effective means for developing, modifying and extending such applications. The main argument forming the basis of this thesis is that we advocate the use of a policy-based programming model and argue that it provides more effective means for developing, modifying and extending such applications. This thesis addresses other important surrounding issues which are associated with adaptive context-aware applications. These include the management of invalid bindings and the provision of seamless caching support for remote services involved in bindings for improved performance. The bindings may become invalid due to failure conditions that can arise due to network problems or migration of software components, causing bindings between the application component and remote service to become invalid. We have integrated reconfiguration support to manage bindings, and seamless caching support for remote services in PCRA. This thesis also describes the design and implementation of PCRA, which enables development of adaptive context-aware applications using policy specifications. Within PCRA, adaptive context-aware applications are modelled by specifying binding policies and adaptation policies. The use of policies within PCRA simplifies the development task because policies are expressed at a high-level of abstraction, and are expressed independently of each other. PCRA also allows the dynamic modification of applications since policies are independent units of execution and can be dynamically loaded and removed from the system. This is a powerful and useful capability as applications may evolve over time, i.e. the user needs and preferences may change, but re-starting is undesirable. We evaluate PCRA by comparing its features to other systems in the literature, and by performance measures

Low cost solutions to pairing issues in IEEE 802.15.4 networks

The last years have seen an important increase in the development and proliferation of wireless technologies. This success, mostly related to mobility and the relative ease with which wireless devices can be linked (no wires needed between parties), has affected consumer as well as industrial applications. There are however many areas that are still closed to the introduction of wireless systems. Among the factors that affect wireless acceptance, one can name security and the complexity often involved in setting up networks. Unlike wired systems, the extra confidence afforded by “seen wires” is not available in wireless systems, making it difficult for the users to know if communication occurs between legitimate parties. This places wireless technology before the need to introduce simple methods to improve the set up and authentication processes. These aspects are addressed by binding methods. It is our purpose in this document to present such solutions, and especially how they can be used in 802.15.4 based networks. We will mainly focus on solutions involving optical or RFID techniques. We will also suggest some improvements where needed

The Limits of Location Privacy in Mobile Devices

Mobile phones are widely adopted by users across the world today. However, the privacy implications of persistent connectivity are not well understood. This dissertation focuses on one important concern of mobile phone users: location privacy. I approach this problem from the perspective of three adversaries that users are exposed to via smartphone apps: the mobile advertiser, the app developer, and the cellular service provider. First, I quantify the proportion of mobile users who use location permissive apps and are able to be tracked through their advertising identifier, and demonstrate a mark and recapture attack that allows continued tracking of users who hide these identifiers. Ninety-five percent of the 1500 devices we tested were susceptible to this attack. We successfully identified 49% of unlabelled impressions from iOS devices, and 59% from Android, with a budget of only $5 per day, per user. Next, I evaluate an attack wherein a remote server discovers a user\u27s traveled path without permission, simply by analyzing the throughput of the connection to the user over time. In these experiments, a remote attacker can distinguish a user\u27s route among four paths within a University campus with 77% accuracy, and among eight paths surrounding the campus with 83% accuracy. I then propose a protocol for anonymous cell phone usage, which obviates the need for users to trust telecoms with their location, and I evaluate its efficacy against a passive location profiling attack used to infer identity. According to these simulations, even one day is enough to identify one device from among over a hundred with greater than 50% accuracy. To mitigate location profiling attacks, users should change these identifiers every ten minutes and remain offline for 30 seconds, to reduce their identifiability by up to 45%. I conclude by summarizing the key issues in mobile location privacy today, immediate steps that can be taken to improve them, and the inherent privacy costs of remaining constantly connected