Abstract—Internet of Things (IoT) has become a pervasive and diverse concept in recent years. IoT applications and services have given rise to a number of sub-fields in the IoT space. Wearable technology, with its particular set of characteristics and application domains, has formed a rapidly growing subfield of IoT, viz., Wearable Internet of Things (WIoT). While numerous wearable devices are available in the market today, security and privacy are key factors for wide adoption of WIoT. Wearable devices are resource constrained by nature with limited storage, power, and computation. A Cloud-Enabled IoT (CEIoT) architecture, a dominant paradigm currently shaping the industry and suggested by many researchers, needs to be adopted for WIoT. In this paper, we develop an access control framework for cloud-enabled WIoT (CEWIoT) based on the Access Control Oriented (ACO) architecture recently developed for CEIoT in general. We first enhance the ACO architecture from the perspective of WIoT by adding an Object Abstraction Layer, and then develop our framework based on interactions between different layers of this enhanced ACO architecture. We present a general classification and taxonomy of IoT devices, along with brief introduction to various application domains of IoT and WIoT. We then present a remote healthmore »
Minimum On-the-node Data Security for the Next-generation Miniaturized Wireless Biomedical Devices
As continuous health monitoring and treatment outside of the traditional clinical environment has become of interest to healthcare providers and governments, the manufacturers of miniaturized wireless biomedical devices have sought to facilitate this idea. Much research has been devoted to smart-and-connected health technologies of various form factors including injectables, implantables, ingestibles, and wearables. Such devices are constrained in physical size, power-consumption budget, storage capacity, and computing power. Yet, they handle sensitive, private information and require trust as they directly affect the health of the patient by means of stimulation and/or drug delivery. In this work, we discuss the role of security as a fundamental component of these devices. We propose a generic layered model to support lightweight and cost-effective implementation of data security and protection mechanisms against possible attacks.
- Award ID(s):
- 1704176
- Publication Date:
- NSF-PAR ID:
- 10203437
- Journal Name:
- 2020 IEEE 63rd International Midwest Symposium on Circuits and Systems (MWSCAS)
- Page Range or eLocation-ID:
- 1068 to 1071
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Applications such as secure authentication, remote health monitoring require secure, low power communication between devices around the body. Radio wave communication protocols, such as Bluetooth, suffer from the problem of signal leakage and high power requirement. Electro Quasistatic Human Body Communication (EQS-UBC) is the ideal alternative as it confines the signal within the body and also operates at order of magnitude lower power. In this paper, we design a secure HBC SoC node, which uses EQS-UBC for physical security and an AES-256 core for mathematical security. The SoC consumes 415nW power with an active power of 108nW for a data rate of 1kbps, sufficient for authentication and remote monitoring applications. This translates to 100x improvement in power consumption compared to state-of-the-art HBC implementations while providing physical security for the first time.
-
Modern medical devices aim at providing invasive e-health care services to patients with long-term conditions. Typically, these services are implemented as embedded software applications that remotely and automatically control the opera- tions of the devices according to the patient’s condition as mon- itored by the underlying sensors. Such applications are neither safe nor secure mainly because of unreliable sensors, which may provide incorrect input data either due to its malfunctioning or due to some accidental (by privileged user) or intentional (by adversary) interference. Hence, the incorrect sensor data may lead to identification of inaccurate patient condition, which may threaten the patient’s life. To ensure safety and security of e- health applications, current approaches employ data analysis techniques to monitor sensor data and alarm when some unusual value is detected and employ access control strategies to ensure that controller decisions are consistent with sensor input data. However, such approaches fail to detect stealthy attacks, e.g. bad data (false data injection) and bad computations because they do not understand what the application or device is trying to do. To this end, we evaluate our existing approach (i.e., ARMET) to assure safety and security of an emerging and critically real-time application domain ofmore »
-
Recent advancements in energy-harvesting techniques provide an alternative to batteries for resource constrained IoT devices and lead to a new computing paradigm, the intermittent computing model. In this model, a software module continues its execution from where it left off when an energy shortage occurred. Enforcing security of an intermittent software module is challenging because its power-off state has to be protected from a malicious adversary in addition to its power-on state, while the security mechanisms put in place must have a low overhead on the performance, resource consumption, and cost of a device. In this paper, we propose SIA (Secure Intermittent Architecture), a security architecture for resource-constrained IoT devices. SIA leverages low-cost security features available in commercial off-the-shelf microcontrollers to protect both the power-on and power-off state of an intermittent software module. Therefore, SIA enables a host of secure intermittent computing applications such as self-attestation, remote attestation, and secure communication. Moreover, our architecture provides confidentiality and integrity guarantees to an intermittent computing module at no cost compared to previous approaches in the literature that impose significant overheads. The salient characteristic of SIA is that it does not require any hardware modifications, and hence, it can be directly applied tomore »
-
Recent advancements in energy-harvesting techniques provide an alternative to batteries for resource-constrained IoT devices and lead to a new computing paradigm, the intermittent computing model. In this model, a software module continues its execution from where it left off when an energy shortage occurred. Enforcing security of an intermittent software module is challenging because its power-off state has to be protected from a malicious adversary in addition to its power-on state, while the security mechanisms put in place must have a low overhead on the performance, resource consumption, and cost of a device. In this paper, we propose SIA (Secure Intermittent Architecture), a security architecture for resource-constrained IoT devices. SIA leverages low-cost security features available in commercial off-the-shelf microcontrollers to protect both the power-on and power-off state of an intermittent software module. Therefore, SIA enables a host of secure intermittent computing applications such as self-attestation, remote attestation, and secure communication. Moreover, our architecture provides confidentiality and integrity guarantees to an intermittent computing module at no cost compared to previous approaches in the literature that impose significant overheads. The salient characteristic of SIA is that it does not require any hardware modifications, and hence, it can be directly applied to existingmore »
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Publisher's Version of Record
- https://doi.org/10.1109/MWSCAS48704.2020.9184564
