PinMe: Tracking a Smartphone User around the World

With the pervasive use of smartphones that sense, collect, and process valuable information about the environment, ensuring location privacy has become one of the most important concerns in the modern age. A few recent research studies discuss the feasibility of processing data gathered by a smartphone to locate the phone's owner, even when the user does not intend to share his location information, e.g., when the Global Positioning System (GPS) is off. Previous research efforts rely on at least one of the two following fundamental requirements, which significantly limit the ability of the adversary: (i) the attacker must accurately know either the user's initial location or the set of routes through which the user travels and/or (ii) the attacker must measure a set of features, e.g., the device's acceleration, for potential routes in advance and construct a training dataset. In this paper, we demonstrate that neither of the above-mentioned requirements is essential for compromising the user's location privacy. We describe PinMe, a novel user-location mechanism that exploits non-sensory/sensory data stored on the smartphone, e.g., the environment's air pressure, along with publicly-available auxiliary information, e.g., elevation maps, to estimate the user's location when all location services, e.g., GPS, are turned off.Comment: This is the preprint version: the paper has been published in IEEE Trans. Multi-Scale Computing Systems, DOI: 0.1109/TMSCS.2017.275146

Addressing Security and Privacy Challenges in Internet of Things

Internet of Things (IoT), also referred to as the Internet of Objects, is envisioned as a holistic and transformative approach for providing numerous services. The rapid development of various communication protocols and miniaturization of transceivers along with recent advances in sensing technologies offer the opportunity to transform isolated devices into communicating smart things. Smart things, that can sense, store, and even process electrical, thermal, optical, chemical, and other signals to extract user-/environment-related information, have enabled services only limited by human imagination. Despite picturesque promises of IoT-enabled systems, the integration of smart things into the standard Internet introduces several security challenges because the majority of Internet technologies, communication protocols, and sensors were not designed to support IoT. Several recent research studies have demonstrated that launching security/privacy attacks against IoT-enabled systems, in particular wearable medical sensor (WMS)-based systems, may lead to catastrophic situations and life-threatening conditions. Therefore, security threats and privacy concerns in the IoT domain need to be proactively studied and aggressively addressed. In this thesis, we tackle several domain-specific security/privacy challenges associated with IoT-enabled systems. We first target health monitoring systems that are one of the most widely-used types of IoT-enabled systems. We discuss and evaluate several energy-efficient schemes and algorithms, which significantly reduce total energy consumption of different implantable and wearable medical devices (IWMDs). The proposed schemes make continuous long-term health monitoring feasible while providing spare energy needed for data encryption. Furthermore, we present two energy-efficient protocols for implantable medical devices (IMDs), which are essential for data encryption: (i) a secure wakeup protocol that is resilient against battery draining attacks, along with (ii) a low-power key exchange protocol that shares the encryption key between the IMD and the external device while ensuring confidentiality of the key. Moreover, we introduce a new class of attacks against the privacy of a patient who is carrying IWMDs. We describe how an attacker can infer private information about the patient by exploiting physiological information leakage, i.e., signals that continuously emanate from the human body due to the normal functioning of organs or IWMDs attached to (or implanted in) the body. Further, we propose a new generic class of security attacks, called dedicated intelligent security attacks against sensor-triggered emergency responses (DISASTER), that is applicable to a variety of sensor-based systems. DISASTER exploits design flaws and security weaknesses of safety mechanisms deployed in cyber-physical systems (CPSs) to trigger emergency responses even in the absence of a real emergency. In addition to introducing DISASTER, we comprehensively describe its serious consequences and demonstrate the possibility of launching such attacks against the two most widely-used CPSs: residential and industrial automation/monitoring systems. Finally, we present a continuous authentication system based on BioAura, i.e., information that is already gathered by WMSs for diagnostic and therapeutic purposes. We extensively examine the proposed authentication system and demonstrate that it offers promising advantages over one-time knowledge-based authentication systems, e.g., password-/pattern-based systems, and may potentially be used to protect personal computing devices and servers, software applications, and restricted physical spaces

Smart healthcare

Defines a standard framework for smart healthcare aimed at both daily and clinical settings. Discusses various considerations and challenges that should be taken into account while designing smart healthcare systems

Smart Healthcare

Internet-of-Things and machine learning promise a new era for healthcare. The emergence of transformative technologies, such as Implantable and Wearable Medical Devices (IWMDs), has enabled collection and analysis of physiological signals from anyone anywhere anytime. Machine learning allows us to unearth patterns in these signals and make healthcare predictions in both daily and clinical situations. This broadens the reach of healthcare from conventional clinical contexts to pervasive everyday scenarios, from passive data collection to active decision-making. Despite the existence of a rich literature on IWMD-based and clinical healthcare systems, the fundamental challenges associated with design and implementation of smart healthcare systems have not been well-addressed. The main objectives of this article are to define a standard framework for smart healthcare aimed at both daily and clinical settings, investigate state-of-the-art smart healthcare systems and their constituent components, discuss various considerations and challenges that should be taken into account while designing smart healthcare systems, explain how existing studies have tackled these design challenges, and finally suggest some avenues for future research based on a set of open issues and challenges