The Healthsense project is a cooperative project among the Northeastern University (USA), Federal University of Paraná (Brazil) and Federal University of Pará (Brazil). It was selected in the Brazil-USA joint public call organized by the RNP (Rede Nacional de Ensino e Pesquisa) and NSF (National Science Foundation). The project has two main goals: i) Analyze and explore characteristics of wearable devices, Apps and network stacks and ii) Proposes a resiliency technique, using the body’s own conducting medium, to protect the transmission of the secret information.
Define the problem and solve it
Increasing threats of privacy intrusion and malicious eavesdropping raises concerns in confidential data reporting by body-worn sensors.
The prevalent method of authentication used by these sensors are to actively type in the shared password on a hand-held device or transmit secure keys through wireless channels.
We were all quite shocked when we analyze how these devices are highly susceptible to intentional eavesdropping and privacy-manipulation through the common radio frequency technologies. A malicious person may endanger the sensor user’s health and maybe even their life through this privacy-manipulation.
From the need of a safer authentication method, arose the Healthsense Framework.
We proposed an authentication system where your ECG will be the key for other devices. Instead of using an over-the-air channel, we propose to transmit these data over the human tissue. Through a technique called galvanic coupling, the data are converted at weak electrical signal and then injected into the human tissue. The data will be transmitted wirelessly through the arm, wrist and palm of the subject to the receiver in a total privacy way.
It is impossible to overstate the contributions of this project in the body-worn sensors in those next years, but we hope that we could offer a new and safer authentication method for them.
The Healthsense project comprises two connected and inter-dependent objectives, as follows:
Objective 1: Assessing privacy intrusion and attack vectors: We assume that wearable sensors are computationally and energy constrained, and cannot use complex encryption techniques. Also, each radio has some unique hardware-dependent features, such as carrier frequency offsets, power ramp-up/down and leakage profiles, which can be used to fingerprint that radio, and then track its occurrence at different places/points in time. We intend to use cross-layer information, such as the type of protocol in operation, and then the achievable link layer rates and operational bandwidth can be calculated. Furthermore, using the upper layer TCP header un-encrypted information, including flow size, RTT, throughput, we can identify that kind of application in use, such as web-streaming, web-html access, interactive audio, one-time alarm and others. Areas of investigation are: What kind of cross-hardware/protocol stack variables can be used? How can privacy intrusions be demonstrated for medical data using off the shelf equipment? With what accuracy can the mapping of specific medical applications and users be mapped to the traffic generated?
Objective 2: Privacy protection: We will investigate different non-RF radiating techniques to 1 provide a private side-channel. Among those techniques, we will explore a side channel composed by galvanic coupling that uses weak electrical currents passing through the body tissues but otherwise undetected to the user or attacker. The wearable transmits a modulated signal through an exposed portion of the body tissue (avoiding over the air medium) using a pair of electrodes. This ensures that no external RF sniffer has access to the secret exchanged prior to the actual data communication. This side-channel is necessarily low bandwidth. As part of this activity, we plan to systematically explore the use of biometrics and galvanic channels for securing wearable systems but also for leveraging them as a multi-factor authentication enabler.