Eye-Shield: Real-Time Protection of Mobile Device Screen Information from Shoulder Surfing

People use mobile devices ubiquitously for computing, communication, storage, web browsing, and more. As a result, the information accessed and stored within mobile devices, such as financial and health information, text messages, and emails, can often be sensitive. Despite this, people frequently use their mobile devices in public areas, becoming susceptible to a simple yet effective attack, shoulder surfing. Shoulder surfing occurs when a person near a mobile user peeks at the user's mobile device, potentially acquiring passcodes, PINs, browsing behavior, or other personal information. We propose Eye-Shield, a solution to prevent shoulder surfers from accessing or stealing sensitive on-screen information. Eye-Shield is designed to protect all types of on-screen information in real time, without any serious impediment to users' interactions with their mobile devices. Eye-Shield generates images that appear readable at close distances, but appear blurry or pixelated at farther distances and wider angles. It is capable of protecting on-screen information from shoulder surfers, operating in real time, and being minimally intrusive to the intended users. Eye-Shield protects images and text from shoulder surfers by reducing recognition rates to 24.24% and 15.91%. Our implementations of Eye-Shield, with frame rates of 24 FPS for Android and 43 FPS for iOS, effectively work on screen resolutions as high as 1440x3088. Eye-Shield also incurs acceptable memory usage, CPU utilization, and energy overhead. Finally, our MTurk and in-person user studies indicate that Eye-Shield protects on-screen information without a large usability cost for privacy-conscious users.Comment: Published at 32nd USENIX Security Symposium (2023) U.S. Pat. App. No. 63/468,650-Conf. #867

PEPSI: Privacy-Enhanced Participatory Sensing Infrastructure.

Participatory Sensing combines the ubiquity of mobile phones with sensing capabilities of Wireless Sensor Networks. It targets pervasive collection of information, e.g., temperature, traffic conditions, or health-related data. As users produce measurements from their mobile devices, voluntary participation becomes essential. However, a number of privacy concerns -- due to the personal information conveyed by data reports -- hinder large-scale deployment of participatory sensing applications. Prior work on privacy protection, for participatory sensing, has often relayed on unrealistic assumptions and with no provably-secure guarantees. The goal of this project is to introduce PEPSI: a Privacy-Enhanced Participatory Sensing Infrastructure. We explore realistic architectural assumptions and a minimal set of (formal) privacy requirements, aiming at protecting privacy of both data producers and consumers. We design a solution that attains privacy guarantees with provable security at very low additional computational cost and almost no extra communication overhead

A Survey of Trustworthy Computing on Mobile & Wearable Systems

Mobile and wearable systems have generated unprecedented interest in recent years, particularly in the domain of mobile health (mHealth) where carried or worn devices are used to collect health-related information about the observed person. Much of the information - whether physiological, behavioral, or social - collected by mHealth systems is sensitive and highly personal; it follows that mHealth systems should, at the very least, be deployed with mechanisms suitable for ensuring confidentiality of the data it collects. Additional properties - such as integrity of the data, source authentication of data, and data freshness - are also desirable to address other security, privacy, and safety issues. Developing systems that are robust against capable adversaries (including physical attacks) is, and has been, an active area of research. While techniques for protecting systems that handle sensitive data are well-known today, many of the solutions in use today are not well suited for mobile and wearable systems, which are typically limited with respect to power, memory, computation, and other capabilities. In this paper we look at prior research on developing trustworthy mobile and wearable systems. To survey this topic we begin by discussing solutions for securing computing systems that are not subject to the type of strict constraints associated with mobile and wearable systems. Next, we present other efforts to design and implement trustworthy mobile and wearable systems. We end with a discussion of future directions

Cyber Physical System Based Smart Healthcare System with Federated Deep Learning Architectures with Data Analytics

Data shared between hospitals and patients using mobile and wearable Internet of Medical Things (IoMT) devices raises privacy concerns due to the methods used in training. the development of the Internet of Medical Things (IoMT) and related technologies and the most current advances in these areas The Internet of Medical Things and other recent technological advancements have transformed the traditional healthcare system into a smart one. improvement in computing power and the spread of information have transformed the healthcare system into a high-tech, data-driven operation. On the other hand, mobile and wearable IoMT devices present privacy concerns regarding the data transmitted between hospitals and end users because of the way in which artificial intelligence is trained (AI-centralized). In terms of machine learning (AI-centralized). Devices connected to the IoMT network transmit highly confidential information that could be intercepted by adversaries. Due to the portability of electronic health record data for clinical research made possible by medical cyber-physical systems, the rate at which new scientific discoveries can be made has increased. While AI helps improve medical informatics, the current methods of centralised data training and insecure data storage management risk exposing private medical information to unapproved foreign organisations. New avenues for protecting users' privacy in IoMT without requiring access to their data have been opened by the federated learning (FL) distributive AI paradigm. FL safeguards user privacy by concealing all but gradients during training. DeepFed is a novel Federated Deep Learning approach presented in this research for the purpose of detecting cyber threats to intelligent healthcare CPSs

Security and privacy aspects of mobile applications for post-surgical care

Mobile technologies have the potential to improve patient monitoring, medical decision making and in general the efficiency and quality of health delivery. They also pose new security and privacy challenges. The objectives of this work are to (i) Explore and define security and privacy requirements on the example of a post-surgical care application, and (ii) Develop and test a pilot implementation Post-Surgical Care Studies of surgical out- comes indicate that timely treatment of the most common complications in compliance with established post-surgical regiments greatly improve success rates. The goal of our pilot application is to enable physician to optimally synthesize and apply patient directed best medical practices to prevent post-operative complications in an individualized patient/procedure specific fashion. We propose a framework for a secure protocol to enable doctors to check most common complications for their patient during in-hospital post- surgical care. We also implemented our construction and cryptographic protocols as an iPhone application on the iOS using existing cryptographic services and libraries

Going Rogue: Mobile Research Applications and the Right to Privacy

This Article investigates whether nonsectoral state laws may serve as a viable source of privacy and security standards for mobile health research participants and other health data subjects until new federal laws are created or enforced. In particular, this Article (1) catalogues and analyzes the nonsectoral data privacy, security, and breach notification statutes of all fifty states and the District of Columbia; (2) applies these statutes to mobile-app-mediated health research conducted by independent scientists, citizen scientists, and patient researchers; and (3) proposes substantive amendments to state law that could help protect the privacy and security of all health data subjects, including mobile-app-mediated health research participants