Date of Award

5-1-2017

Document Type

Thesis (Undergraduate)

Department or Program

Department of Computer Science

First Advisor

David Kotz

Abstract

The authenticity, confidentiality, and integrity of data streams from wearable healthcare devices are critical to patients, researchers, physicians, and others who depend on this data to measure the effectiveness of treatment plans and clinical trials. Many forms of mHealth data are highly sensitive; in the hands of unintended parties such data may reveal indicators of a patient's disorder, disability, or identity. Furthermore, if a malicious party tampers with the data, it can affect the diagnosis or treatment of patients, or the results of a research study. Although existing network protocols leverage encryption for confidentiality and integrity, network-level encryption does not provide end-to-end security from the device, through the smartphone and database, to downstream data consumers. In this thesis we provide a new open protocol that provides end-to-end authentication, confidentiality, and integrity for healthcare data in such a pipeline. We present and evaluate a prototype implementation to demonstrate this protocol's feasibility on low-power wearable devices, and present a case for the system's ability to meet critical security properties under a specific adversary model and trust assumptions.

Comments

Originally posted in the Dartmouth College Computer Science Technical Report Series, number TR2017-826.

Download
COinS