research-article

Advanced Security Testbed Framework for Wearable IoT Devices

Authors:
Shachar Siboni

Ben-Gurion University of the Negev, Israel

Ben-Gurion University of the Negev, Israel
View Profile

,
Asaf Shabtai

Ben-Gurion University of the Negev, Israel

Ben-Gurion University of the Negev, Israel
View Profile

,
Nils O. Tippenhauer

Singapore University of Technology and Design, Singapore

Singapore University of Technology and Design, Singapore
View Profile

,
Jemin Lee

Daegu Gyeongbuk Institute of Science and Technology, Daegu, South Korea

Daegu Gyeongbuk Institute of Science and Technology, Daegu, South Korea
View Profile

,
Yuval Elovici

Ben-Gurion University of the Negev, Israel; Singapore University of Technology and Design, Singapore

Ben-Gurion University of the Negev, Israel; Singapore University of Technology and Design, Singapore
View Profile

Authors Info & Claims

ACM Transactions on Internet Technology Volume 16 Issue 4Article No.: 26pp 1–25https://doi.org/10.1145/2981546

Published:07 December 2016Publication History

ACM Transactions on Internet Technology

Abstract

Analyzing the security of Wearable Internet-of-Things (WIoT) devices is considered a complex task due to their heterogeneous nature. In addition, there is currently no mechanism that performs security testing for WIoT devices in different contexts. In this article, we propose an innovative security testbed framework targeted at wearable devices, where a set of security tests are conducted, and a dynamic analysis is performed by realistically simulating environmental conditions in which WIoT devices operate. The architectural design of the proposed testbed and a proof-of-concept, demonstrating a preliminary analysis and the detection of context-based attacks executed by smartwatch devices, are presented.

References

John Almasy. 2015. How do wearables fit in your enterprise? Retrieved November 28, 2015 from http://blogs.unisys.com/mobility/how-do-wearables-fit-in-your-enterprise/.Google Scholar
Jalal Al-Muhtadi, Dennis Mickunas, and Roy Campbell. 2001. Wearable security services. In 2001 International Conference on Distributed Computing Systems Workshop. 266--271. IEEE. Google ScholarDigital Library
Luigi Atzori, Antonio Iera, and Giacomo Morabito. 2010. The internet of things: A survey. Computer Networks 54, 15 (2010), 2787--2805. Google ScholarDigital Library
Yared Berhanu, Habtamu Abie, and Mohamed Hamdi. 2013. A testbed for adaptive security for IoT in eHealth. In International Workshop on Adaptive Security 5. (2013), ACM. Google ScholarDigital Library
Bitdefender. 2014. Bitdefender research exposes plain-text android wearable devices communication. Video. Retrieved November 28, 2015 from https://www.youtube.com/watch?t=1498V=utVnrq5uCuM.Google Scholar
Brent Blum. 2015a. Are your wearables safe from cyber-security threats? Retrieved November 28, 2015 from https://www.accenture.com/us-en/blogs/blogs-are-your-wearables-safe-from-cyber-security-threats.Google Scholar
Brent Blum. 2015b. How to protect your wearables implementation from cyber-security threats. Retrieved November 28, 2015 from https://www.accenture.com/us-en/blogs/blogs-how-to-protect-your-wearables-implementation-from-cyber-security-threats.Google Scholar
John Brandon. 2014. Wearable devices pose threats to privacy and security. Retrieved November 28, 2015 http://www.foxnews.com/tech/2014/06/18/wearable-devices-pose-threats-to-privacy-and-security.html.Google Scholar
Ken Briodagh. 2015. Wearable security is a matter of establishing standards. Retrieved November 28, 2015 from http://www.iotevolutionworld.com/m2m/articles/401623-wearable-security-a-matter-establishing-standards.htm.Google Scholar
Gerald Combs. 2007. Wireshark--A network protocol analyzer. https://www.wireshark.org/.Google Scholar
Charles Cooper. 2015. Latest security challenges: Wearables. Retrieved November 28, 2015 from http://theartofthehack.com/latest-security-challenge-wearables/.Google Scholar
Britt Cyr, Webb Horn, Daniela Miao, and Michael Specter. 2014. Security analysis of wearable fitness devices (fitbit). Massachusetts Institute of Technology (MIT). Retrieved November 29, 2015 from https://courses.csail.mit.edu/6.857/2014/files/17-cyrbritt-webbhorn-specter-dmiao-hacking-fitbit.pdf.Google Scholar
Brian Donohue. 2014. Same security threats, different devices: Wearables and watchables. Retrieved November 28, 2015 from https://blog.kaspersky.com/same_security_threats_new_devices/6015/.Google Scholar
Charalampos Doukas, Ilias Maglogiannis, Vassiliki Koufi, Flora Malamateniou, and George Vassilacopoulos. 2012. Enabling data protection through PKI encryption in IoT M-Health devices. In 2012 IEEE 12th International Conference on Bioinformatics 8 Bioengineering (BIBE). 25--29. IEEE. Google ScholarDigital Library
Dan Goodin. 2015. Police body cams found pre-installed with notorious conficker worm. Retrieved November 28, 2015 from http://arstechnica.com/security/2015/11/police-body-cams-found-pre-installed-with-notorious-conficker-worm/.Google Scholar
Jayavardhana Gubbi, Rajkumar Buyya, Slaven Marusic, and Marimuthu Palaniswami. 2013. Internet of things (IoT): A vision, architectural elements, and future directions. Fut. Gen. Comput. Syst. 29, 7 (2013), 1645--1660. Google ScholarDigital Library
Matthew L. Hale, Dalton Ellis, Rose Gamble, Charles Waler, and Jessica Lin. 2015. SecuWear: An open source, multi-component hardware/software platform for exploring wearable security. In 2015 IEEE International Conference on Mobile Services (MS). 97--104. IEEE. Google ScholarDigital Library
Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, and William H. Maisel. 2008. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In IEEE Symposium on Security and Privacy, 2008 (SP 2008). 129--142. IEEE, 2008. Google ScholarDigital Library
Teena Hammond. 2014. The scary truth about data security with wearables. Retrieved November 28, 2015 from http://www.techrepublic.com/article/the-scary-truth-about-data-security-with-wearables/.Google Scholar
Shivayogi Hiremath, Geng Yang, and Kunal Mankodiya. 2014. Wearable internet of things: Concept, architectural components and promises for person-centered healthcare. In 2014 EAI 4th International Conference on Wireless Mobile Communication and Healthcare (Mobihealth). IEEE, 2014.Google ScholarCross Ref
William John Holden. 2015. PIPS -- The Pamn IP Scanner: A wrapper for nmap, cross-compiled for ARM android. https://github.com/wjholden/PIPS/tree/master/app/src/main/java/com/wjholden/nmap.Google Scholar
iTrust. 2015. Cyber security patrol (CSP). Retrieved November 29, 2015 from http://itrust.sutd.edu. sg/research/projects/cyber-security-patrol/.Google Scholar
Khyati Jain. 2015. Ransomware attacks threaten wearable devices and internet of things. Retrieved November 28, 2015 from http://thehackernews.com/2015/08/ransomware-android-smartwatch.html.Google Scholar
Kaspersky Labs. 2014. Wear the danger: Kaspersky lab experts warn of security risks facing wearable connected devices. Retrieved November 28, 2015 from http://www.kaspersky.com/au/about/news/virus/2014/wear-the-danger.Google Scholar
Linda Lee, Serge Egelman, Joong Hwa Lee, and David Wagner. 2015. Risk perceptions for wearable devices. arXiv preprint arXiv:1504.05694 (2015).Google Scholar
Mike Lennon. 2015. All smartwatches vulnerable to attack: HP study. Retrieved November 28, 2015 from http://www.securityweek.com/all-smartwatches-vulnerable-attack-hp-study.Google Scholar
Shinyoung Lim, Tae Hwan Oh, Young B. Choi, and Tamil Lakshman. 2010. Security issues on wireless body area network for remote healthcare monitoring. In 2010 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC). 327--332. IEEE. Google ScholarDigital Library
John Lindström. 2007. Security challenges for wearable computing-a case study. In 2007 4th International Forum on Applied Wearable Computing (IFAWC). 1--8. VDE, 2007.Google Scholar
Clayton Locke. 2014. Top 3 security tips for wearable devices. Retrieved November 28, 2015 from http://www.intelligentenvironments.com/info-centre/blog/top-3-security-tips-for-wearable-devices.Google Scholar
Gordon Lyon. 2009. Nmap-Free security scanner for network exploration and security audits. https://nmap.org/.Google Scholar
Alex Migicovsky, Zakir Durumeric, Jeff Ringenberg, and J. Alex Halderman. 2014. Outsmarting proctors with smartwatches: A case study on wearable computing security. In Financial Cryptography and Data Security, 8437, 89--96. Springer Berlin. 2014.Google Scholar
Peter Nguyen. 2014. Wearable tech and personal security breaches: 6 things to know. Retrieved November 28, 2015 from http://blog.hotspotshield.com/2014/12/16/wearable-tech-and-personal-security-breaches/.Google Scholar
Offensive Security. 2016. Kali linux--an advanced penetration testing linux distribution used for penetration testing, ethical hacking and network security assessments. https://www.kali.org/.Google Scholar
Charith Perera, Chi Harold Liu, and Srimal Jayawardena. 2015. The emerging internet of things marketplace from an industrial perspective: A survey. IEEE Trans. EmergTopics Comput. Google ScholarDigital Library
Jenna Puckett. 2014. How to prevent wearable devices from ruining your information security. Retrieved November 28, 2015 from http://www.fiercecio.com/story/how-prevent-wearable-devices-ruining-your-information-security/2014-11-25.Google Scholar
Marc Rogers. 2013. Hacking the internet of things for good. Retrieved November 28, 2015 from https://blog.lookout.com/blog/2013/07/17/hacking-the-internet-of-things-for-good/.Google Scholar
Da-Zhi Sun, Jin-Peng Huai, Ji-Zhou Sun, Jia-Wan Zhang, and Zhi-Yong Feng. 2008. A new design of wearable token system for mobile device security. IEEE Trans. Consum. Electron. 54, 4, 1784--1789. Google ScholarDigital Library
Melanie Swan. 2012. Sensor mania&excl; the internet of things, wearable computing, objective metrics, and the quantified self 2.0. J. Sens. Actuat. Netw. 1, 3, 217--253.Google ScholarCross Ref
Nils Ole Tippenhauer, Christina Pöpper, Kasper Bonne Rasmussen, and Srdjan Capkun. 2011. On the requirements for successful GPS spoofing attacks. In 18th ACM Conference on Computer and Communications Security. ACM, 2011. Google ScholarDigital Library
Mellisa Tolentino. 2013. 4 Security Challenges for Fitbit, Google Glass + Other Wearable Devices. Retrieved November 28, 2015 from http://siliconangle.com/blog/2013/05/30/4-security-challenges-for-fitbit-google-glass-other-wearable-devices/.Google Scholar
Farhana Tufail and M. Hassan Islam. 2009. Wearable wireless body area networks. In International Conference on Information Management and Engineering, 2009 (ICIME’09). IEEE, 656--660. Google ScholarDigital Library
David Upton. 2014. 5 essential wearable tech security tips. Retrieved November 28, 2015 from http://betanews.com/2014/12/09/5-essential-wearable-tech-security-tips/.Google Scholar
He Wang, Ted Tsung-Te Lai, and Romit Roy Choudhury. 2015. MoLe: Motion leaks through smartwatch sensors. In 21st Annual International Conference on Mobile Computing and Networking. ACM, New York, 155--166. Google ScholarDigital Library

Index Terms

Advanced Security Testbed Framework for Wearable IoT Devices
1. Security and privacy
  1. Systems security
    1. Vulnerability management

Recommendations

Let the Cat Out of the Bag: A Holistic Approach Towards Security Analysis of the Internet of Things
IoTPTS '17: Proceedings of the 3rd ACM International Workshop on IoT Privacy, Trust, and Security

The exponential increase of Internet of Things (IoT) devices have resulted in a range of new and unanticipated vulnerabilities associated with their use. IoT devices from smart homes to smart enterprises can easily be compromised. One of the major ...
Read More
Systematically Evaluating Security and Privacy for Consumer IoT Devices
IoTS&P '17: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy

Internet-of-Things (IoT) devices such as smart bulbs, cameras, and health monitors are being enthusiastically adopted by consumers, with numbers projected to rise to the billions. However, such devices are also easily attacked, or used for launching ...
Read More
Internet of Things (IoT): From awareness to continued use
Abstract
This paper proposes a research model with five constructs, i.e., IoT awareness, users’ IoT privacy knowledge, users’ IoT security knowledge, users’ IoT Trust, and continued intention to use IoT to bring clarity to the growing yet ...
Highlights
- Clarifying how variables linked from IoT awareness to IoT continued use.
- IoT ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Internet Technology Volume 16, Issue 4
Special Issue on Internet of Things (IoT): Smart and Secure Service Delivery
December 2016
168 pages
ISSN:1533-5399
EISSN:1557-6051
DOI:10.1145/3023158
Editor:
Munindar P. Singh
Department of Computer Science, North Carolina State University
Issue’s Table of Contents
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 7 December 2016
- Accepted: 1 July 2016
- Revised: 1 June 2016
- Received: 1 December 2015
Published in toit Volume 16, Issue 4

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Internet of things (IoT)
privacy
security
testbed framework
wearable devices
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 48
  Total Citations
  View Citations
- 2,017
  Total Downloads
- Downloads (Last 12 months)111
- Downloads (Last 6 weeks)13
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Advanced Security Testbed Framework for Wearable IoT Devices

ACM Transactions on Internet Technology

Abstract

References

Cited By

Index Terms

Recommendations

Let the Cat Out of the Bag: A Holistic Approach Towards Security Analysis of the Internet of Things

Systematically Evaluating Security and Privacy for Consumer IoT Devices

Internet of Things (IoT): From awareness to continued use