TY - JOUR
T1 - Developing a platform to evaluate and assess the security of wearable devices
AU - Hale, Matthew L.
AU - Lotfy, Kerolos
AU - Gamble, Rose F.
AU - Walter, Charles
AU - Lin, Jessica
N1 - Publisher Copyright:
© 2018 Chongqing University of Posts and Telecommunications
PY - 2019/8
Y1 - 2019/8
N2 - Operating in a body area network around a smartphone user, wearables serve a variety of commercial, medical and personal uses. Depending on a certain smartphone application, a wearable can capture sensitive data about the user and provide critical, possibly life-or-death, functionality. When using wearables, security problems might occur on hardware/software of wearables, connected phone apps or web services devices, or Bluetooth channels used for communication. This paper develops an open source platform called SecuWear for identifying vulnerabilities in these areas and facilitating wearable security research to mitigate them. SecuWear supports the creation, evaluation, and analysis of security vulnerability tests on actual hardwares. Extending earlier results, this paper includes an empirical evaluation that demonstrates proof of concept attacks on commercial wearable devices and shows how SecuWear captures the information necessary for identifying such attacks. Also included is a process for releasing attack and mitigation information to the security community.
AB - Operating in a body area network around a smartphone user, wearables serve a variety of commercial, medical and personal uses. Depending on a certain smartphone application, a wearable can capture sensitive data about the user and provide critical, possibly life-or-death, functionality. When using wearables, security problems might occur on hardware/software of wearables, connected phone apps or web services devices, or Bluetooth channels used for communication. This paper develops an open source platform called SecuWear for identifying vulnerabilities in these areas and facilitating wearable security research to mitigate them. SecuWear supports the creation, evaluation, and analysis of security vulnerability tests on actual hardwares. Extending earlier results, this paper includes an empirical evaluation that demonstrates proof of concept attacks on commercial wearable devices and shows how SecuWear captures the information necessary for identifying such attacks. Also included is a process for releasing attack and mitigation information to the security community.
KW - Bluetooth LE
KW - Internet of things
KW - Man-in-the-middle attacks
KW - Security
KW - Vulnerability discovery
KW - Wearables
UR - http://www.scopus.com/inward/record.url?scp=85061238456&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85061238456&partnerID=8YFLogxK
U2 - 10.1016/j.dcan.2018.10.009
DO - 10.1016/j.dcan.2018.10.009
M3 - Article
AN - SCOPUS:85061238456
SN - 2468-5925
VL - 5
SP - 147
EP - 159
JO - Digital Communications and Networks
JF - Digital Communications and Networks
IS - 3
ER -