CSR: Small: Surviving Cybersecurity and Privacy Threats in Wearable Mobile Cyber-Physical Systems"

Project Title: CSR: Small: Surviving Cybersecurity and Privacy Threats in Wearable Mobile Cyber-Physical Systems

Partnering Institutions and Investigators: Murtuza Jadliwala (PI, EECS), Jibo He (Co-PI, Psychology)

Funding Agency: National Science Foundation (NSF)

Funding Division: Division of Computer and Network Systems (CNS), Computer Systems Research (CSR)

Total Funded Amount: $403,044

Project Duration: October 1, 2015 - September 30, 2018 (3 years)

Abstract: Smart wearable devices, such as smart watches, are very popular and fast replacing their traditional non-smart counterparts. By means of various high-precision on-board sensors, these devices capture rich contextual information about the wearer and his environment to enable several new and useful applications. However, this diverse set of on-board sensors also provides an additional attack surface. Access to these sensors, if not controlled appropriately, can be used as a side-channel by an adversary keen on obtaining private and sensitive information belonging to the wearer. Moreover, active misuse detection and resistance of these wearable device sensors is not straightforward. There is currently a lack of understanding of the various side-channel security vulnerabilities that are possible due to wearable devices and there is an urgent need to study the means for continuously protecting against them. The research in this project addresses this very timely topic.

The goal of this research is twofold: first, to demonstrate that wearable devices enable novel side-channel security and privacy threats, and second, to design continuous authentication techniques and adaptive access control mechanisms to survive these threats. Specifically, this research will evaluate private data inference and wearer tracking threats in wearable devices that utilize unprotected sensors as side-channels. This will be accomplished by designing appropriate learning-based classification and prediction mechanisms that can be used by an adversary for inferring sensitive data. On the protection front, this project will develop a multi-sensor activity and identity classification framework. This framework will leverage rich contextual sensor data (e.g., fine-grained movements, application usage and critical body parameters) to enable continuous identification and authentication of legitimate wearers and their activities.

By studying security and privacy preferences of a diverse population of users, this research will develop usable activity-based access control tools for this new wearable device paradigm. A significant research thrust of this project is to develop adaptive data-sharing mechanisms for dynamically regulating access to sensor data based on the wearers' security preferences, current context and perceived threats. Such mechanisms will serve as a good middle-ground between giving full access (no security) and making manual decisions for each access (poor usability). This project involves industry collaborators to facilitate adoption of research outcomes into the future design and development of wearable devices. Research results, including proof-of-concept applications, will be publicly available to allow dissemination, early industry adoption and integration with curricula.

http://www.nsf.gov/awardsearch/showAward?AWD_ID=1523960&HistoricalAwards=false