More Web Proxy on the site http://driver.im/

research-article

Advanced Security Testbed Framework for Wearable IoT Devices

Authors:

Shachar Siboni,

Nils O. Tippenhauer,

Yuval EloviciAuthors Info & Claims

ACM Transactions on Internet Technology (TOIT), Volume 16, Issue 4

Article No.: 26, Pages 1 - 25

https://doi.org/10.1145/2981546

Published: 07 December 2016 Publication History

Abstract

Analyzing the security of Wearable Internet-of-Things (WIoT) devices is considered a complex task due to their heterogeneous nature. In addition, there is currently no mechanism that performs security testing for WIoT devices in different contexts. In this article, we propose an innovative security testbed framework targeted at wearable devices, where a set of security tests are conducted, and a dynamic analysis is performed by realistically simulating environmental conditions in which WIoT devices operate. The architectural design of the proposed testbed and a proof-of-concept, demonstrating a preliminary analysis and the detection of context-based attacks executed by smartwatch devices, are presented.

References

[1]

John Almasy. 2015. How do wearables fit in your enterprise? Retrieved November 28, 2015 from http://blogs.unisys.com/mobility/how-do-wearables-fit-in-your-enterprise/.

[2]

Jalal Al-Muhtadi, Dennis Mickunas, and Roy Campbell. 2001. Wearable security services. In 2001 International Conference on Distributed Computing Systems Workshop. 266--271. IEEE.

Digital Library

[3]

Luigi Atzori, Antonio Iera, and Giacomo Morabito. 2010. The internet of things: A survey. Computer Networks 54, 15 (2010), 2787--2805.

Digital Library

[4]

Yared Berhanu, Habtamu Abie, and Mohamed Hamdi. 2013. A testbed for adaptive security for IoT in eHealth. In International Workshop on Adaptive Security 5. (2013), ACM.

Digital Library

[5]

Bitdefender. 2014. Bitdefender research exposes plain-text android wearable devices communication. Video. Retrieved November 28, 2015 from https://www.youtube.com/watch?t=1498V=utVnrq5uCuM.

[6]

Brent Blum. 2015a. Are your wearables safe from cyber-security threats? Retrieved November 28, 2015 from https://www.accenture.com/us-en/blogs/blogs-are-your-wearables-safe-from-cyber-security-threats.

[7]

Brent Blum. 2015b. How to protect your wearables implementation from cyber-security threats. Retrieved November 28, 2015 from https://www.accenture.com/us-en/blogs/blogs-how-to-protect-your-wearables-implementation-from-cyber-security-threats.

[8]

John Brandon. 2014. Wearable devices pose threats to privacy and security. Retrieved November 28, 2015 http://www.foxnews.com/tech/2014/06/18/wearable-devices-pose-threats-to-privacy-and-security.html.

[9]

Ken Briodagh. 2015. Wearable security is a matter of establishing standards. Retrieved November 28, 2015 from http://www.iotevolutionworld.com/m2m/articles/401623-wearable-security-a-matter-establishing-standards.htm.

[10]

Gerald Combs. 2007. Wireshark--A network protocol analyzer. https://www.wireshark.org/.

[11]

Charles Cooper. 2015. Latest security challenges: Wearables. Retrieved November 28, 2015 from http://theartofthehack.com/latest-security-challenge-wearables/.

[12]

Britt Cyr, Webb Horn, Daniela Miao, and Michael Specter. 2014. Security analysis of wearable fitness devices (fitbit). Massachusetts Institute of Technology (MIT). Retrieved November 29, 2015 from https://courses.csail.mit.edu/6.857/2014/files/17-cyrbritt-webbhorn-specter-dmiao-hacking-fitbit.pdf.

[13]

Brian Donohue. 2014. Same security threats, different devices: Wearables and watchables. Retrieved November 28, 2015 from https://blog.kaspersky.com/same_security_threats_new_devices/6015/.

[14]

Charalampos Doukas, Ilias Maglogiannis, Vassiliki Koufi, Flora Malamateniou, and George Vassilacopoulos. 2012. Enabling data protection through PKI encryption in IoT M-Health devices. In 2012 IEEE 12th International Conference on Bioinformatics 8 Bioengineering (BIBE). 25--29. IEEE.

Digital Library

[15]

Dan Goodin. 2015. Police body cams found pre-installed with notorious conficker worm. Retrieved November 28, 2015 from http://arstechnica.com/security/2015/11/police-body-cams-found-pre-installed-with-notorious-conficker-worm/.

[16]

Jayavardhana Gubbi, Rajkumar Buyya, Slaven Marusic, and Marimuthu Palaniswami. 2013. Internet of things (IoT): A vision, architectural elements, and future directions. Fut. Gen. Comput. Syst. 29, 7 (2013), 1645--1660.

Digital Library

[17]

Matthew L. Hale, Dalton Ellis, Rose Gamble, Charles Waler, and Jessica Lin. 2015. SecuWear: An open source, multi-component hardware/software platform for exploring wearable security. In 2015 IEEE International Conference on Mobile Services (MS). 97--104. IEEE.

Digital Library

[18]

Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, and William H. Maisel. 2008. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In IEEE Symposium on Security and Privacy, 2008 (SP 2008). 129--142. IEEE, 2008.

Digital Library

[19]

Teena Hammond. 2014. The scary truth about data security with wearables. Retrieved November 28, 2015 from http://www.techrepublic.com/article/the-scary-truth-about-data-security-with-wearables/.

[20]

Shivayogi Hiremath, Geng Yang, and Kunal Mankodiya. 2014. Wearable internet of things: Concept, architectural components and promises for person-centered healthcare. In 2014 EAI 4th International Conference on Wireless Mobile Communication and Healthcare (Mobihealth). IEEE, 2014.

[21]

William John Holden. 2015. PIPS -- The Pamn IP Scanner: A wrapper for nmap, cross-compiled for ARM android. https://github.com/wjholden/PIPS/tree/master/app/src/main/java/com/wjholden/nmap.

[22]

iTrust. 2015. Cyber security patrol (CSP). Retrieved November 29, 2015 from http://itrust.sutd.edu. sg/research/projects/cyber-security-patrol/.

[23]

Khyati Jain. 2015. Ransomware attacks threaten wearable devices and internet of things. Retrieved November 28, 2015 from http://thehackernews.com/2015/08/ransomware-android-smartwatch.html.

[24]

Kaspersky Labs. 2014. Wear the danger: Kaspersky lab experts warn of security risks facing wearable connected devices. Retrieved November 28, 2015 from http://www.kaspersky.com/au/about/news/virus/2014/wear-the-danger.

[25]

Linda Lee, Serge Egelman, Joong Hwa Lee, and David Wagner. 2015. Risk perceptions for wearable devices. arXiv preprint arXiv:1504.05694 (2015).

[26]

Mike Lennon. 2015. All smartwatches vulnerable to attack: HP study. Retrieved November 28, 2015 from http://www.securityweek.com/all-smartwatches-vulnerable-attack-hp-study.

[27]

Shinyoung Lim, Tae Hwan Oh, Young B. Choi, and Tamil Lakshman. 2010. Security issues on wireless body area network for remote healthcare monitoring. In 2010 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC). 327--332. IEEE.

Digital Library

[28]

John Lindström. 2007. Security challenges for wearable computing-a case study. In 2007 4th International Forum on Applied Wearable Computing (IFAWC). 1--8. VDE, 2007.

[29]

Clayton Locke. 2014. Top 3 security tips for wearable devices. Retrieved November 28, 2015 from http://www.intelligentenvironments.com/info-centre/blog/top-3-security-tips-for-wearable-devices.

[30]

Gordon Lyon. 2009. Nmap-Free security scanner for network exploration and security audits. https://nmap.org/.

[31]

Alex Migicovsky, Zakir Durumeric, Jeff Ringenberg, and J. Alex Halderman. 2014. Outsmarting proctors with smartwatches: A case study on wearable computing security. In Financial Cryptography and Data Security, 8437, 89--96. Springer Berlin. 2014.

[32]

Peter Nguyen. 2014. Wearable tech and personal security breaches: 6 things to know. Retrieved November 28, 2015 from http://blog.hotspotshield.com/2014/12/16/wearable-tech-and-personal-security-breaches/.

[33]

Offensive Security. 2016. Kali linux--an advanced penetration testing linux distribution used for penetration testing, ethical hacking and network security assessments. https://www.kali.org/.

[34]

Charith Perera, Chi Harold Liu, and Srimal Jayawardena. 2015. The emerging internet of things marketplace from an industrial perspective: A survey. IEEE Trans. EmergTopics Comput.

Digital Library

[35]

Jenna Puckett. 2014. How to prevent wearable devices from ruining your information security. Retrieved November 28, 2015 from http://www.fiercecio.com/story/how-prevent-wearable-devices-ruining-your-information-security/2014-11-25.

[36]

Marc Rogers. 2013. Hacking the internet of things for good. Retrieved November 28, 2015 from https://blog.lookout.com/blog/2013/07/17/hacking-the-internet-of-things-for-good/.

[37]

Da-Zhi Sun, Jin-Peng Huai, Ji-Zhou Sun, Jia-Wan Zhang, and Zhi-Yong Feng. 2008. A new design of wearable token system for mobile device security. IEEE Trans. Consum. Electron. 54, 4, 1784--1789.

Digital Library

[38]

Melanie Swan. 2012. Sensor mania&excl; the internet of things, wearable computing, objective metrics, and the quantified self 2.0. J. Sens. Actuat. Netw. 1, 3, 217--253.

[39]

Nils Ole Tippenhauer, Christina Pöpper, Kasper Bonne Rasmussen, and Srdjan Capkun. 2011. On the requirements for successful GPS spoofing attacks. In 18th ACM Conference on Computer and Communications Security. ACM, 2011.

Digital Library

[40]

Mellisa Tolentino. 2013. 4 Security Challenges for Fitbit, Google Glass + Other Wearable Devices. Retrieved November 28, 2015 from http://siliconangle.com/blog/2013/05/30/4-security-challenges-for-fitbit-google-glass-other-wearable-devices/.

[41]

Farhana Tufail and M. Hassan Islam. 2009. Wearable wireless body area networks. In International Conference on Information Management and Engineering, 2009 (ICIME’09). IEEE, 656--660.

Digital Library

[42]

David Upton. 2014. 5 essential wearable tech security tips. Retrieved November 28, 2015 from http://betanews.com/2014/12/09/5-essential-wearable-tech-security-tips/.

[43]

He Wang, Ted Tsung-Te Lai, and Romit Roy Choudhury. 2015. MoLe: Motion leaks through smartwatch sensors. In 21st Annual International Conference on Mobile Computing and Networking. ACM, New York, 155--166.

Digital Library

Cited By

Okonkwo CAwolusi INnaji CAkanfe O(2025)Privacy and security of wearable internet of things: A scoping review and conceptual framework development for safety and health management in constructionComputers & Security10.1016/j.cose.2024.104275150(104275)Online publication date: Mar-2025
https://doi.org/10.1016/j.cose.2024.104275
Tsoukas VGkogkidis ABoumpa EKakarountas A(2024)A Review on the emerging technology of TinyMLACM Computing Surveys10.1145/366182056:10(1-37)Online publication date: 22-Jun-2024
https://dl.acm.org/doi/10.1145/3661820
Tan RTan QWang HXie YZhang P(2024)P-I2Prange: An Automatic Construction Architecture for Scenarios in I2P Ranges2024 International Joint Conference on Neural Networks (IJCNN)10.1109/IJCNN60899.2024.10651444(1-10)Online publication date: 30-Jun-2024
https://doi.org/10.1109/IJCNN60899.2024.10651444
Show More Cited By

Index Terms

Advanced Security Testbed Framework for Wearable IoT Devices
1. Security and privacy
  1. Systems security
    1. Vulnerability management

Recommendations

Let the Cat Out of the Bag: A Holistic Approach Towards Security Analysis of the Internet of Things
IoTPTS '17: Proceedings of the 3rd ACM International Workshop on IoT Privacy, Trust, and Security

The exponential increase of Internet of Things (IoT) devices have resulted in a range of new and unanticipated vulnerabilities associated with their use. IoT devices from smart homes to smart enterprises can easily be compromised. One of the major ...
Systematically Evaluating Security and Privacy for Consumer IoT Devices
IoTS&P '17: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy

Internet-of-Things (IoT) devices such as smart bulbs, cameras, and health monitors are being enthusiastically adopted by consumers, with numbers projected to rise to the billions. However, such devices are also easily attacked, or used for launching ...
Internet of Things (IoT): From awareness to continued use
Abstract
This paper proposes a research model with five constructs, i.e., IoT awareness, users’ IoT privacy knowledge, users’ IoT security knowledge, users’ IoT Trust, and continued intention to use IoT to bring clarity to the growing yet ...
Highlights
- Clarifying how variables linked from IoT awareness to IoT continued use.
- IoT ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Internet Technology

ACM Transactions on Internet Technology Volume 16, Issue 4

Special Issue on Internet of Things (IoT): Smart and Secure Service Delivery

December 2016

168 pages

ISSN:1533-5399

EISSN:1557-6051

DOI:10.1145/3023158

Editor:
Munindar P. Singh
Department of Computer Science, North Carolina State University

Issue’s Table of Contents

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 December 2016

Accepted: 01 July 2016

Revised: 01 June 2016

Received: 01 December 2015

Published in TOIT Volume 16, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

52
Total Citations
View Citations
2,060
Total Downloads

Downloads (Last 12 months)76
Downloads (Last 6 weeks)5

Reflects downloads up to 16 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Okonkwo CAwolusi INnaji CAkanfe O(2025)Privacy and security of wearable internet of things: A scoping review and conceptual framework development for safety and health management in constructionComputers & Security10.1016/j.cose.2024.104275150(104275)Online publication date: Mar-2025
https://doi.org/10.1016/j.cose.2024.104275
Tsoukas VGkogkidis ABoumpa EKakarountas A(2024)A Review on the emerging technology of TinyMLACM Computing Surveys10.1145/366182056:10(1-37)Online publication date: 22-Jun-2024
https://dl.acm.org/doi/10.1145/3661820
Tan RTan QWang HXie YZhang P(2024)P-I2Prange: An Automatic Construction Architecture for Scenarios in I2P Ranges2024 International Joint Conference on Neural Networks (IJCNN)10.1109/IJCNN60899.2024.10651444(1-10)Online publication date: 30-Jun-2024
https://doi.org/10.1109/IJCNN60899.2024.10651444
Roy UGhosh N(2024) : A blockchain-based secure access control management for the Internet of Things Journal of Information Security and Applications10.1016/j.jisa.2024.10389787(103897)Online publication date: Dec-2024
https://doi.org/10.1016/j.jisa.2024.103897
Balto KYamin MShalaginov AKatt B(2023)Hybrid IoT Cyber RangeSensors10.3390/s2306307123:6(3071)Online publication date: 13-Mar-2023
https://doi.org/10.3390/s23063071
Tsoukas VGkogkidis AKakarountas A(2023)Internet of Things Challenges and the Emerging Technology of TinyML2023 19th International Conference on Distributed Computing in Smart Systems and the Internet of Things (DCOSS-IoT)10.1109/DCOSS-IoT58021.2023.00082(491-495)Online publication date: Jun-2023
https://doi.org/10.1109/DCOSS-IoT58021.2023.00082
Heiding FKatsikeas SLagerström R(2023)Research communities in cyber security vulnerability assessmentsComputer Science Review10.1016/j.cosrev.2023.10055148:COnline publication date: 1-May-2023
https://dl.acm.org/doi/10.1016/j.cosrev.2023.100551
Akhilesh RBills OChilamkurti NChowdhury M(2022)Automated Penetration Testing Framework for Smart-Home-Based IoT DevicesFuture Internet10.3390/fi1410027614:10(276)Online publication date: 27-Sep-2022
https://doi.org/10.3390/fi14100276
Sun YWang BLiu HWei YWu DWang J(2022)Detecting IKEv1 Man-in-the-Middle Attack with Message-RTT AnalysisWireless Communications & Mobile Computing10.1155/2022/26056842022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/2605684
Guo YZhang ZGuo Y(2022)Anonymous Authenticated Key Agreement and Group Proof Protocol for Wearable ComputingIEEE Transactions on Mobile Computing10.1109/TMC.2020.304870321:8(2718-2731)Online publication date: 1-Aug-2022
https://doi.org/10.1109/TMC.2020.3048703
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents