Award Abstract # 1523960
CSR: Small: Surviving Cybersecurity and Privacy Threats in Wearable Mobile Cyber-Physical Systems

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: WICHITA STATE UNIVERSITY
Initial Amendment Date: August 18, 2015
Latest Amendment Date: March 24, 2016
Award Number: 1523960
Award Instrument: Standard Grant
Program Manager: Marilyn McClure
mmcclure@nsf.gov  (703)292-5197
CNS  Division Of Computer and Network Systems
CSE  Directorate for Computer and Information Science and Engineering
Start Date: October 1, 2015
End Date: April 30, 2018 (Estimated)
Total Intended Award Amount: $380,000.00
Total Awarded Amount to Date: $403,044.00
Funds Obligated to Date: FY 2015 = $176,474.00
FY 2016 = $0.00
History of Investigator:
  • Murtuza Jadliwala (Principal Investigator)
     murtuza.jadliwala@utsa.edu
  • Jibo He (Co-Principal Investigator)
Recipient Sponsored Research Office: Wichita State University
 1845 FAIRMOUNT ST # 38
 WICHITA
 KS  US  67260-9700
(316)978-3285
Sponsor Congressional District: 04
Primary Place of Performance: Wichita State University
 Wichita
 KS  US  67260-0007
Primary Place of Performance
Congressional District:		 04
Unique Entity Identifier (UEI): JKKNZLNYLJ19
Parent UEI: JKKNZLNYLJ19
NSF Program(s): Special Projects - CNS,
CSR-Computer Systems Research
Primary Program Source: 01001516DB NSF RESEARCH & RELATED ACTIVIT
01001617DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 7923, 9150, 9251
Program Element Code(s): 171400, 735400
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

Smart wearable devices, such as smart watches, are very popular and fast replacing their traditional non-smart counterparts. By means of various high-precision on-board sensors, these devices capture rich contextual information about the wearer and his environment to enable several new and useful applications. However, this diverse set of on-board sensors also provides an additional attack surface. Access to these sensors, if not controlled appropriately, can be used as a side-channel by an adversary keen on obtaining private and sensitive information belonging to the wearer. Moreover, active misuse detection and resistance of these wearable device sensors is not straightforward. There is currently a lack of understanding of the various side-channel security vulnerabilities that are possible due to wearable devices and there is an urgent need to study the means for continuously protecting against them. The research in this project addresses this very timely topic.

The goal of this research is twofold: first, to demonstrate that wearable devices enable novel side-channel security and privacy threats, and second, to design continuous authentication techniques and adaptive access control mechanisms to survive these threats. Specifically, this research will evaluate private data inference and wearer tracking threats in wearable devices that utilize unprotected sensors as side-channels. This will be accomplished by designing appropriate learning-based classification and prediction mechanisms that can be used by an adversary for inferring sensitive data. On the protection front, this project will develop a multi-sensor activity and identity classification framework. This framework will leverage rich contextual sensor data (e.g., fine-grained movements, application usage and critical body parameters) to enable continuous identification and authentication of legitimate wearers and their activities.

By studying security and privacy preferences of a diverse population of users, this research will develop usable activity-based access control tools for this new wearable device paradigm. A significant research thrust of this project is to develop adaptive data-sharing mechanisms for dynamically regulating access to sensor data based on the wearers' security preferences, current context and perceived threats. Such mechanisms will serve as a good middle-ground between giving full access (no security) and making manual decisions for each access (poor usability). This project involves industry collaborators to facilitate adoption of research outcomes into the future design and development of wearable devices. Research results, including proof-of-concept applications, will be publicly available to allow dissemination, early industry adoption and integration with curricula.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

Anindya Maiti, Kirsten Crager "RandomPad: Usability of Randomized Mobile Keypads for Defeating Inference Attacks" Proceedings of the IEEE Euro S&P Workshop on Innovations in Mobile Privacy & Security (IMPS) , 2017 Citation Details
Anindya Maiti, Kirsten Crager, Murtuza Jadliwala, Jibo He, Kevin Kwiat, and Charles Kamhoua "RandomPad: Usability of Randomized Mobile Keypads for Defeating Inference Attacks" IEEE EuroS&P Workshop on Innovations in Mobile Privacy & Security (IMPS) , 2017
Anindya Maiti, Murtuza Jadliwala, and Chase Weber "Preventing Shoulder Surfing using Randomized Augmented Reality Keyboards" 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops) , 2017 , p.630 10.1109/PERCOMW.2017.7917636
Anindya Maiti, Murtuza Jadliwala, Jibo He, and Igor Bilogrevic "(Smart)Watch Your Taps: Side-Channel Keystroke Inference Attacks using Smartwatches" ACM International Symposium on Wearable Computers (ISWC) , 2015 10.1145/2802083.2808397
Anindya Maiti, Oscar Armbruster, Murtuza Jadliwala, and Jibo He "Smartwatch-Based Keystroke Inference Attacks and Context-Aware Protection Mechanisms" 11th ACM Asia Conference on Computer and Communications Security (ASIACCS) , 2016 10.1145/2897845.2897905
Kirsten Crager, Anindya Maiti "Information Leakage through Mobile Motion Sensors: User Awareness and Concerns" Proceedings of the European Workshop on Usable Security (EuroUSEC) , 2017 Citation Details
Kirsten Crager, Anindya Maiti, Murtuza Jadliwala, and Jibo He "Information Leakage through Mobile Motion Sensors: User Awareness and Concerns" Proceedings of the European Workshop on Usable Security (EuroUSEC) , 2017 https://www.internetsociety.org/sites/default/files/eurousec2017_13_Crager_paper.pdf
Maiti, Anindya and Armbruster, Oscar and Jadliwala, Murtuza and He, Jibo "Smartwatch-Based Keystroke Inference Attacks and Context-Aware Protection Mechanisms" Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security , 2016 10.1145/2897845.2897905 Citation Details
Maiti, Anindya and Jadliwala, Murtuza and He, Jibo and Bilogrevic, Igor "(Smart)watch your taps: side-channel keystroke inference attacks using smartwatches" Proceedings of the 2015 ACM International Symposium on Wearable Computers , 2015 10.1145/2802083.2808397 Citation Details
Maiti, Anindya and Jadliwala, Murtuza and Weber, Chase "Preventing shoulder surfing using randomized augmented reality keyboards" 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops) , 2017 10.1109/PERCOMW.2017.7917636 Citation Details

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page

Top