Secu Wear: An Open Source, Multi-component Hardware/Software Platform for Exploring Wearable Security

摘要

Wearables are the next big development in the mobile internet of things. Operating in a body area network around a smartphone user they serve a variety of commercial, medical, and personal uses. Whether used for fitness tracking, mobile health monitoring, or as remote controllers, wearable devices can include sensors that collect a variety of data and actuators that provide hap tic feedback and unique user interfaces for controlling software and hardware. Wearables are typically wireless and use Bluetooth LE (low energy) to transmit data to a waiting smartphone app. Frequently, apps forward this data onward to online web servers for tracking. Security and privacy concerns abound when wearables capture sensitive data or provide critical functionality. This paper develops a platform, called SecuWear, for conducting wearable security research, collecting data, and identifying vulnerabilities in hardware and software. SecuWear combines open source technologies to enable researchers to rapidly prototype security vulnerability test cases, evaluate them on actual hardware, and analyze the results to understand how best to mitigate problems. The paper includes two types of evaluation in the form of a comparative analysis and empirical study. The results reveal how several passive observation attacks present themselves in wearable applications and how the SecuWear platform can capture the necessary information needed to identify and combat such attacks.