Abstract
Analyzing the security of Wearable Internet-of-Things (WIoT) devices is considered a complex task due to their heterogeneous nature. In addition, there is currently no mechanism that performs security testing for WIoT devices in different contexts. In this article, we propose an innovative security testbed framework targeted at wearable devices, where a set of security tests are conducted, and a dynamic analysis is performed by realistically simulating environmental conditions in which WIoT devices operate. The architectural design of the proposed testbed and a proof-of-concept, demonstrating a preliminary analysis and the detection of context-based attacks executed by smartwatch devices, are presented.
- John Almasy. 2015. How do wearables fit in your enterprise? Retrieved November 28, 2015 from http://blogs.unisys.com/mobility/how-do-wearables-fit-in-your-enterprise/.Google Scholar
- Jalal Al-Muhtadi, Dennis Mickunas, and Roy Campbell. 2001. Wearable security services. In 2001 International Conference on Distributed Computing Systems Workshop. 266--271. IEEE. Google ScholarDigital Library
- Luigi Atzori, Antonio Iera, and Giacomo Morabito. 2010. The internet of things: A survey. Computer Networks 54, 15 (2010), 2787--2805. Google ScholarDigital Library
- Yared Berhanu, Habtamu Abie, and Mohamed Hamdi. 2013. A testbed for adaptive security for IoT in eHealth. In International Workshop on Adaptive Security 5. (2013), ACM. Google ScholarDigital Library
- Bitdefender. 2014. Bitdefender research exposes plain-text android wearable devices communication. Video. Retrieved November 28, 2015 from https://www.youtube.com/watch?t=1498V=utVnrq5uCuM.Google Scholar
- Brent Blum. 2015a. Are your wearables safe from cyber-security threats? Retrieved November 28, 2015 from https://www.accenture.com/us-en/blogs/blogs-are-your-wearables-safe-from-cyber-security-threats.Google Scholar
- Brent Blum. 2015b. How to protect your wearables implementation from cyber-security threats. Retrieved November 28, 2015 from https://www.accenture.com/us-en/blogs/blogs-how-to-protect-your-wearables-implementation-from-cyber-security-threats.Google Scholar
- John Brandon. 2014. Wearable devices pose threats to privacy and security. Retrieved November 28, 2015 http://www.foxnews.com/tech/2014/06/18/wearable-devices-pose-threats-to-privacy-and-security.html.Google Scholar
- Ken Briodagh. 2015. Wearable security is a matter of establishing standards. Retrieved November 28, 2015 from http://www.iotevolutionworld.com/m2m/articles/401623-wearable-security-a-matter-establishing-standards.htm.Google Scholar
- Gerald Combs. 2007. Wireshark--A network protocol analyzer. https://www.wireshark.org/.Google Scholar
- Charles Cooper. 2015. Latest security challenges: Wearables. Retrieved November 28, 2015 from http://theartofthehack.com/latest-security-challenge-wearables/.Google Scholar
- Britt Cyr, Webb Horn, Daniela Miao, and Michael Specter. 2014. Security analysis of wearable fitness devices (fitbit). Massachusetts Institute of Technology (MIT). Retrieved November 29, 2015 from https://courses.csail.mit.edu/6.857/2014/files/17-cyrbritt-webbhorn-specter-dmiao-hacking-fitbit.pdf.Google Scholar
- Brian Donohue. 2014. Same security threats, different devices: Wearables and watchables. Retrieved November 28, 2015 from https://blog.kaspersky.com/same_security_threats_new_devices/6015/.Google Scholar
- Charalampos Doukas, Ilias Maglogiannis, Vassiliki Koufi, Flora Malamateniou, and George Vassilacopoulos. 2012. Enabling data protection through PKI encryption in IoT M-Health devices. In 2012 IEEE 12th International Conference on Bioinformatics 8 Bioengineering (BIBE). 25--29. IEEE. Google ScholarDigital Library
- Dan Goodin. 2015. Police body cams found pre-installed with notorious conficker worm. Retrieved November 28, 2015 from http://arstechnica.com/security/2015/11/police-body-cams-found-pre-installed-with-notorious-conficker-worm/.Google Scholar
- Jayavardhana Gubbi, Rajkumar Buyya, Slaven Marusic, and Marimuthu Palaniswami. 2013. Internet of things (IoT): A vision, architectural elements, and future directions. Fut. Gen. Comput. Syst. 29, 7 (2013), 1645--1660. Google ScholarDigital Library
- Matthew L. Hale, Dalton Ellis, Rose Gamble, Charles Waler, and Jessica Lin. 2015. SecuWear: An open source, multi-component hardware/software platform for exploring wearable security. In 2015 IEEE International Conference on Mobile Services (MS). 97--104. IEEE. Google ScholarDigital Library
- Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, and William H. Maisel. 2008. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In IEEE Symposium on Security and Privacy, 2008 (SP 2008). 129--142. IEEE, 2008. Google ScholarDigital Library
- Teena Hammond. 2014. The scary truth about data security with wearables. Retrieved November 28, 2015 from http://www.techrepublic.com/article/the-scary-truth-about-data-security-with-wearables/.Google Scholar
- Shivayogi Hiremath, Geng Yang, and Kunal Mankodiya. 2014. Wearable internet of things: Concept, architectural components and promises for person-centered healthcare. In 2014 EAI 4th International Conference on Wireless Mobile Communication and Healthcare (Mobihealth). IEEE, 2014.Google ScholarCross Ref
- William John Holden. 2015. PIPS -- The Pamn IP Scanner: A wrapper for nmap, cross-compiled for ARM android. https://github.com/wjholden/PIPS/tree/master/app/src/main/java/com/wjholden/nmap.Google Scholar
- iTrust. 2015. Cyber security patrol (CSP). Retrieved November 29, 2015 from http://itrust.sutd.edu. sg/research/projects/cyber-security-patrol/.Google Scholar
- Khyati Jain. 2015. Ransomware attacks threaten wearable devices and internet of things. Retrieved November 28, 2015 from http://thehackernews.com/2015/08/ransomware-android-smartwatch.html.Google Scholar
- Kaspersky Labs. 2014. Wear the danger: Kaspersky lab experts warn of security risks facing wearable connected devices. Retrieved November 28, 2015 from http://www.kaspersky.com/au/about/news/virus/2014/wear-the-danger.Google Scholar
- Linda Lee, Serge Egelman, Joong Hwa Lee, and David Wagner. 2015. Risk perceptions for wearable devices. arXiv preprint arXiv:1504.05694 (2015).Google Scholar
- Mike Lennon. 2015. All smartwatches vulnerable to attack: HP study. Retrieved November 28, 2015 from http://www.securityweek.com/all-smartwatches-vulnerable-attack-hp-study.Google Scholar
- Shinyoung Lim, Tae Hwan Oh, Young B. Choi, and Tamil Lakshman. 2010. Security issues on wireless body area network for remote healthcare monitoring. In 2010 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC). 327--332. IEEE. Google ScholarDigital Library
- John Lindström. 2007. Security challenges for wearable computing-a case study. In 2007 4th International Forum on Applied Wearable Computing (IFAWC). 1--8. VDE, 2007.Google Scholar
- Clayton Locke. 2014. Top 3 security tips for wearable devices. Retrieved November 28, 2015 from http://www.intelligentenvironments.com/info-centre/blog/top-3-security-tips-for-wearable-devices.Google Scholar
- Gordon Lyon. 2009. Nmap-Free security scanner for network exploration and security audits. https://nmap.org/.Google Scholar
- Alex Migicovsky, Zakir Durumeric, Jeff Ringenberg, and J. Alex Halderman. 2014. Outsmarting proctors with smartwatches: A case study on wearable computing security. In Financial Cryptography and Data Security, 8437, 89--96. Springer Berlin. 2014.Google Scholar
- Peter Nguyen. 2014. Wearable tech and personal security breaches: 6 things to know. Retrieved November 28, 2015 from http://blog.hotspotshield.com/2014/12/16/wearable-tech-and-personal-security-breaches/.Google Scholar
- Offensive Security. 2016. Kali linux--an advanced penetration testing linux distribution used for penetration testing, ethical hacking and network security assessments. https://www.kali.org/.Google Scholar
- Charith Perera, Chi Harold Liu, and Srimal Jayawardena. 2015. The emerging internet of things marketplace from an industrial perspective: A survey. IEEE Trans. EmergTopics Comput. Google ScholarDigital Library
- Jenna Puckett. 2014. How to prevent wearable devices from ruining your information security. Retrieved November 28, 2015 from http://www.fiercecio.com/story/how-prevent-wearable-devices-ruining-your-information-security/2014-11-25.Google Scholar
- Marc Rogers. 2013. Hacking the internet of things for good. Retrieved November 28, 2015 from https://blog.lookout.com/blog/2013/07/17/hacking-the-internet-of-things-for-good/.Google Scholar
- Da-Zhi Sun, Jin-Peng Huai, Ji-Zhou Sun, Jia-Wan Zhang, and Zhi-Yong Feng. 2008. A new design of wearable token system for mobile device security. IEEE Trans. Consum. Electron. 54, 4, 1784--1789. Google ScholarDigital Library
- Melanie Swan. 2012. Sensor mania! the internet of things, wearable computing, objective metrics, and the quantified self 2.0. J. Sens. Actuat. Netw. 1, 3, 217--253.Google ScholarCross Ref
- Nils Ole Tippenhauer, Christina Pöpper, Kasper Bonne Rasmussen, and Srdjan Capkun. 2011. On the requirements for successful GPS spoofing attacks. In 18th ACM Conference on Computer and Communications Security. ACM, 2011. Google ScholarDigital Library
- Mellisa Tolentino. 2013. 4 Security Challenges for Fitbit, Google Glass + Other Wearable Devices. Retrieved November 28, 2015 from http://siliconangle.com/blog/2013/05/30/4-security-challenges-for-fitbit-google-glass-other-wearable-devices/.Google Scholar
- Farhana Tufail and M. Hassan Islam. 2009. Wearable wireless body area networks. In International Conference on Information Management and Engineering, 2009 (ICIME’09). IEEE, 656--660. Google ScholarDigital Library
- David Upton. 2014. 5 essential wearable tech security tips. Retrieved November 28, 2015 from http://betanews.com/2014/12/09/5-essential-wearable-tech-security-tips/.Google Scholar
- He Wang, Ted Tsung-Te Lai, and Romit Roy Choudhury. 2015. MoLe: Motion leaks through smartwatch sensors. In 21st Annual International Conference on Mobile Computing and Networking. ACM, New York, 155--166. Google ScholarDigital Library
Index Terms
- Advanced Security Testbed Framework for Wearable IoT Devices
Recommendations
Let the Cat Out of the Bag: A Holistic Approach Towards Security Analysis of the Internet of Things
IoTPTS '17: Proceedings of the 3rd ACM International Workshop on IoT Privacy, Trust, and SecurityThe exponential increase of Internet of Things (IoT) devices have resulted in a range of new and unanticipated vulnerabilities associated with their use. IoT devices from smart homes to smart enterprises can easily be compromised. One of the major ...
Systematically Evaluating Security and Privacy for Consumer IoT Devices
IoTS&P '17: Proceedings of the 2017 Workshop on Internet of Things Security and PrivacyInternet-of-Things (IoT) devices such as smart bulbs, cameras, and health monitors are being enthusiastically adopted by consumers, with numbers projected to rise to the billions. However, such devices are also easily attacked, or used for launching ...
Internet of Things (IoT): From awareness to continued use
AbstractThis paper proposes a research model with five constructs, i.e., IoT awareness, users’ IoT privacy knowledge, users’ IoT security knowledge, users’ IoT Trust, and continued intention to use IoT to bring clarity to the growing yet ...
Highlights- Clarifying how variables linked from IoT awareness to IoT continued use.
- IoT ...
Comments