Digital Communications and Networks (Aug 2019)

Developing a platform to evaluate and assess the security of wearable devices

  • Matthew L. Hale,
  • Kerolos Lotfy,
  • Rose F. Gamble,
  • Charles Walter,
  • Jessica Lin

Journal volume & issue
Vol. 5, no. 3
pp. 147 – 159

Abstract

Read online

Operating in a body area network around a smartphone user, wearables serve a variety of commercial, medical and personal uses. Depending on a certain smartphone application, a wearable can capture sensitive data about the user and provide critical, possibly life-or-death, functionality. When using wearables, security problems might occur on hardware/software of wearables, connected phone apps or web services devices, or Bluetooth channels used for communication. This paper develops an open source platform called SecuWear for identifying vulnerabilities in these areas and facilitating wearable security research to mitigate them. SecuWear supports the creation, evaluation, and analysis of security vulnerability tests on actual hardwares. Extending earlier results, this paper includes an empirical evaluation that demonstrates proof of concept attacks on commercial wearable devices and shows how SecuWear captures the information necessary for identifying such attacks. Also included is a process for releasing attack and mitigation information to the security community. Keywords: Bluetooth LE, Internet of things, Man-in-the-middle attacks, Security, Vulnerability discovery, Wearables