Author(s):
Rahman, Mahmudur
Carbunar, Bogdan
Topkara, Umut
Abstract:
The increasing popular interest in personal telemetry, also called the Quantified Self or “lifelogging”, has induced a popularity surge for wearable personal fitness trackers. Fitness trackers automatically collect sensor data about the user throughout the day, and integrate it into social network accounts. Solution providers have to strike a balance between many constraints, leading to a design process that often puts security in the back seat. Case in point, we reverse engineered and identified security vulnerabilities in Fitbit Ultra and Gammon Forerunner 610, two popular and representative fitness tracker products. We introduce FitBite and GarMax, tools to launch efficient attacks against Fitbit and Garmin. We devise SensCrypt, a protocol for secure data storage and communication, for use by makers of affordable and lightweight personal trackers. SensCrypt thwarts not only the attacks we introduced, but also defends against powerful JTAG Read attacks. We have built Sens.io, an Arduino Uno based tracker platform, of similar capabilities but at a fraction of the cost of current solutions. On Sens.io, SensCrypt imposes a negligible write overhead and significantly reduces the end-to-end sync overhead of Fitbit and Garmin.
Document:
https://doi.org/10.1109/TMC.2015.2418774
References:
[1] Holter Monitor. https://en.wikipedia.org/wiki/Holter monitor.
[2] Nike+. http://nikeplus.nike.com/plus/.
[3] Fitbit. http://fitbit.com/.
[4] Garmin Forerunner. http://sites.garmin.com/forerunner610/.
[5] Jawbone UP24. https://jawbone.com/up.
[6] Body Media. http://www.bodymedia.com/.
[7] Jawbone takes a big bite out of health tech: acquires BodyMedia, launches Up app platform. http://venturebeat.com/2013/04/30/jawbone- takes-a-big-bite-out-of-health-tech-acquires-bodymedia-launches-up- app-platform.
[8] Please Rob Me. http://www.http://pleaserobme.com/.
[9] Kota Tsubouchi, Ryoma Kawajiri, and Masamichi Shimosaka. Working- relationship detection from fitbit sensor data. In Proceedings of the 2013 ACM conference on Pervasive and ubiquitous computing adjunct publication, UbiComp ’13 Adjunct, pages 115–118, 2013.
[10] D. Halperin, T. Heydt-Benjamin, B. Ransford, S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W. Maisel. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In Proceedings of IEEE Symposium on Security and Privacy, pages 129–142, 2008.
[11] Chunxiao Li, A. Raghunathan, and N.K. Jha. Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system. In Proceedings of the IEEE International Conference on e-Health Networking Applications and Services (Healthcom), 2011.
[12] K. B. Rasmussen, C. Castelluccia, T. S. Heydt-Benjamin, and S. Capkun. Proximity-based access control for implantable medical devices. In ACM Conference on Computer and Communications Security, 2009.
[13] Muhammad Naveed, Xiaoyong Zhou, Soteris Demetriou, XiaoFeng Wang, and Carl A Gunter. Inside job: Understanding and mitigating the threat of external device mis-bonding on android. In Proceedings of ISOC Network and Distributed Computing Security (NDSS), 2014.
[14] Mototola MotoActv. http://www.motorola.com/us/ MOTOACTV-16GB-Golf-Edition/121481.html.
[15] Basis B1. http://www.mybasis.com/.
[16] Nest Thermostat. https://nest.com/thermostat/life-with-nest-thermostat/.
[17] WeMo Switch. http://www.belkin.com/us/p/P-F7C027/.
[18] Sense: The meaning of life. https://sen.se/store/mother/.
[19] Nike+ Fuelband SE. https://secure-nikeplus.nike.com/plus/.
[20] A. J. Hulbert and P. L. Else. Basal Metabolic Rate: History, Composition, Regulation, and Usefulness. Physiological and Biochemical Zoology, 77(6):869–876, 2004.
[21] Vo2 estimation method based on heart rate measurement. Technical report, Firstbeat Technologies Ltd, 2005.
[22] Ing Breeuwsma. Forensic imaging of embedded systems using JTAG (boundary-scan). Digital Investigation, 3, 2006.
[23] 17 U.S. Code 1201 – Circumvention of copyright protection systems. https://www.law.cornell.edu/uscode/text/17/1201.
[24] Libfitbit: Library for accessing and transfering data from the fitbit health device. https://github.com/qdot/libfitbit.
[25] ANT-FS and FIT. http://www.thisisant.com/developer/ant/ant-fs-and-fit.
[26] Fitbit Specs. http://www.fitbit.com/one/specs, Last retrieved on October 1st, 2013.
[27] Mihir Bellare, Ran Canetti, and Hugo Krawczyk. Keying hash functions for message authentication. In Proceedings of the 16th Annual Inter- national Cryptology Conference on Advances in Cryptology, CRYPTO ’96, pages 1–15, 1996.
[28] Earndit: We reward you for exercising. http://earndit.com/.
[29] Training Center XML (TCX). http://developer.garmin.com/schemas/tcx/ v2/.
[30] Kiran K. Rachuri, Cecilia Mascolo, Mirco Musolesi, and Peter J. Rentfrow. Sociablesense: Exploring the trade-offs of adaptive sampling and computation offloading for social sensing. In Proceedings ofthe 17th Annual International Conference on Mobile Computing and Networking, MobiCom ’11, pages 73–84, New York, NY, USA, 2011. ACM.
[31] Arduino Uno. http://arduino.cc/en/Main/arduinoBoardUno.
[32] Arduino Guide. http://arduino.cc/en/Guide/Introduction.
[33] Bluetooth SIG. Specification of the bluetooth system, 2001.
[34] Nils Gura, Arun Patel, Arvinderpal Wander, Hans Eberle, and Sheuel- ing Chang Shantz. Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs. In Proceedings ofCryptographic Hardware and Embedded Systems (CHES), pages 119–132, 2004.
[35] Duracell Product Data Sheets. ww2.duracell.com/media/en-US/pdf/gtcl/ Product Data Sheet/NA DATASHEETS/PC1604 US PC.pdf.
[36] S. Lim, T.H. Oh, Y. Choi, and T. Lakshman. Security issues on wireless body area network for remote healthcare monitoring. In Proceedings of the IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC), pages 327–332, 2010.
[37] Rajani Muraleedharan and Lisa Ann Osadciw. Secure health monitoring network against denial-of-service attacks using cognitive intelligence. In Proceedings of the Communication Networks and Services Research Conference, pages 165–170, 2008.
[38] J. Newsome, E. Shi, D. Song, and A.Perrig. The sybil attack in sensor networks: Analysis and defenses. In Third International Symposium on Information Processing in Sensor Networks(IPSN), 2004.
[39] C. Karlof and D.Wagner, editors. Secure Routing in Sensor Networks: Attacks and Countermeasures, 2003.
[40] Johannes Barnickel, Hakan Karahan, and Ulrike Meyer. Security and privacy for mobile electronic health monitoring and recording systems. In Proceedings of the IEEE International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM), pages 1–6, 2010.
[41] Ramon Marti and Jaime Delgado. Security in a wireless mobile health care system, 2007