Secure Mobile Computing using
Biotelemetrics
-
- Faculty: Ben Calhoun (ECE), Travis Blalock (ECE), Alf Weaver (CS)
- Graduate students: Andrew Jurik
(CS), Jonathan Bolus (ECE), Joe Ryan (ECE), Steve Jocke (ECE)
-
Undergraduate students: Mahlon Graham (CpE), Caroline
Andrews (EE), Yonathan Habtemichael (EE), Jay Hoffman (EE)
-
- School of Engineering and Applied Science
-
- University of Virginia
Funded through the National Science Foundation and WiCAT
The widespread use of mobile computing devices is an enabler for ubiquitous
computing, but can be a threat to data security when sensitive information is
stored on devices that can be lost or stolen. Our project seeks to secure
sensitive data on mobile devices by introducing a biotelemetric link between
the user and the device.
With ordinary mobile devices, a user authenticates in some standard fashion
(e.g., password, fingerprint) and gains access to the devices programs and
data. If the data is sensitive (e.g., medical data, intelligence data), there
is a risk to data privacy and security if the user is incapacitated, or if the
user loses the device, or if the device is stolen. Our project improves
security by monitoring a biometric signal (initially a heart beat).
Usage continues normally as long as the biometric signal is reliably received.
Data protection policies (set by system administrators) dictate what happens
in abnormal situations. The device can be forced into a locked state
in which user data is encrypted and the data cannot be decrypted until the
user has completed a successful re-authentication. Alternatively, the
device can be forced into a safe state in which all sensitive data is
erased.
On the hardware side, we are designing an integrated circuit with three
components: a biometric sensor (initially heart rate), a microcontroller, and
a radio (initially Bluetooth). This system, which we call the "patch," would
have a form factor similar to a bandaid. In year one the IC is powered by a
battery, but the research goal is to reduce power consumption such that the
chip can eventually operate by harvesting energy from the body (e.g.,
temperature differential, motion). In subsequent years we will also
replace the Bluetooth channel with a less power-hungry technology. On
the software side, we are using a PDA as our initial mobile device and have
programmed it to detect and act upon biometric signal anomalies in accordance
with its preprogrammed policies.
In the nine screenshots below we show the following sequence of events:
1. user login
2. connect the PDA to the Bluetooth link
3. enable policies on the PDA; for example, if the PDA does not receive data
for 99 seconds (timeout), the PDA is put into the locked state; if a low heart
rate is detected (less than 30 beats per minute for more than 5 seconds) the
PDA is put into the "safe" state where all user data is erased
4. normal operation
5. a low heart rate event is detected
6. the PDA is forced into a locked state and the user must re-authenticate to
regain access to data
7. re-authentication examples include a secret question/answer,
8. recognition of a previously chosen visual object, and
9. another login.
This picture shows the prototype hardware that detects the heartbeat and
transmits its digital representation over the Bluetooth channel to the PDA.
In this picture the PDA displays the waveform received.
Our major research questions include:
- using sub-threshold logic design to lower energy requirements for the
patch
- integrating additional sensors (e.g., body temperature, respiration,
accelerometers)
- determining how much signal processing can be done in the microcontroller
(vs. in the mobile device)
- solving the tradeoff between more frequent biotelemetric communication,
which nets better device security, but at a substantial cost in energy
- identifying and handling additional events such as change of battery or
reduction of signal strength
- defining appropriate policies for new events
- improving the human/computer interface
- investigating "distress signaling"--a non-obvious way (e.g., respiration
control) to force the device into a safe state
- expanding the type and number of mobile devices, such as laptops, cell
phones, and special-purpose equipment
- signal processing on the mobile device
- exporting the signal (raw or processed) onto the Internet for remote
monitoring
- determining whether there is enough information in a heart rate signal
that it can be used for biometric authentication itself
- determining what combination of biometric signals would permit effective
biometric authentication.