08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative...
Transcript of 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative...
![Page 1: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/1.jpg)
1
08. The Internet of Things
and Qualitative Studies
Blase Ur and Mainack Mondal
April 18th, 2018
CMSC 23210 / 33210
![Page 2: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/2.jpg)
2
Transitioning to New
Computing Paradigms
![Page 3: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/3.jpg)
3
Mobile Authentication
![Page 4: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/4.jpg)
4
Mobile Devices
• What are some other key security and
privacy challenges for mobile devices?
– Tracking for advertising
– Tracking using MAC address
– Tracking using accelerometer
– Lack of desktop-based tools
– Stealing telephone numbers by showing up at
retail stores
![Page 5: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/5.jpg)
5
Mobile Devices
• Stingrays (cell site simulator)
![Page 6: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/6.jpg)
6
The Legal System
• Riley v. California (SCOTUS 2014)
– Unanimous ruling that warrantless search of
a phone during an arrest is unconstitutional
• U.S. v. Jones (SCOTUS 2012)
– 4th Amendment requires a warrant for GPS
tracking of a subject’s car
• Can passwords be compelled? (5th
Amendment)
– This is being debated!
![Page 7: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/7.jpg)
7
Self-Driving Cars
![Page 8: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/8.jpg)
8
Self-Driving Cars
![Page 9: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/9.jpg)
9
Internet of Things
![Page 10: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/10.jpg)
10
What is the IoT?
![Page 11: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/11.jpg)
11
What is the IoT?
![Page 12: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/12.jpg)
12
What is the IoT?
![Page 13: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/13.jpg)
13
Security Issues in Homes
• Sharing data
– Many users
– Many devices
– Sensitive data
• Access to networks (e.g., wifi)
• Device pairing
![Page 14: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/14.jpg)
14
Considerations in the Home
• Home as “castle”
• Occupants with social relationships
• Visitors; guests
• Surveillance
• Patching devices
• Side channels
![Page 15: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/15.jpg)
15
Intruders vs.
Intrusiveness
https://www.blaseur.com/papers/ubicomp14_talk_widescreen.pdf
![Page 16: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/16.jpg)
16
Qualitative Coding
• Many different approaches
• Key goal: capture themes in data
• Often, but not always, develop codebook
containing themes observed
• For robustness, another person follows the
codebook and independently codes data
– Agreement metrics include Cohen’s Kappa
![Page 17: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/17.jpg)
17
Safety-critical devices
![Page 18: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/18.jpg)
18
Cars
https://www.youtube.com/watch?v=oqe6S6m73Zw
https://www.youtube.com/watch?v=3jstaBeXgAs
![Page 19: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/19.jpg)
19
Meta-issues with car privacy/security
• Why are our cars run by computers?
• Why are we connecting our cars to the
Internet?
– Rich media content
– Real-time traffic and safety info
– OTA updates
– Self-driving cars
– (Surveillance)
• Are privacy/security issues the same?
![Page 20: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/20.jpg)
20
Meta-issues with privacy/security
• Let’s answer the same questions for
medical devices
![Page 21: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/21.jpg)
21
Implantable Medical Devices (IMD)
Usable Privacy and Security
healthcareitsystems.com
• Embedded computers
• 350K Pacemakers & 173K Cardiac Defibrillators in 2006
![Page 22: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/22.jpg)
22
Operational Requirements
• Possible goals
– Collect information (diagnostics)
– Provide information (medical history)
– Perform medical function
• Disable IMD before conducting surgeries
• Access in emergency situations
• Constraints
• Limited capacity of battery (replacement = surgery)
![Page 23: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/23.jpg)
23
Risks in Medical Devices
• Vulnerabilities
– Authentication
• Attack Vectors
– Passive
– Active
• Risks / threats
– DoS
– Changes in configuration
– Replace medical records -- someone having a different operation
– Injuries, death
![Page 24: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/24.jpg)
24
Hacking Tests (1)
• 2008: wireless access to a combination
heart defibrillator and pacemaker (within
two inches of the test gear)
• Disclose personal patient data
• Reprogram IMD to shut down and to
deliver jolts of electricity that would
potentially be fatal
![Page 25: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/25.jpg)
25
Hacking Tests (2)2011-2012-2013
• Hacking Insulin Pumps
2013 -- Black Hat /Defcon:
• “Implantable medical devices: hacking humans”
– At 30 feet by compromising their pacemaker
– Transmitter to scan for and interrogate individual medical implants
– Security techniques for manufacturers
-- ioactive.com
-- insulinpump.com
![Page 26: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/26.jpg)
26
Defense Approaches
• How do we achieve resistance to attacks?
– What are the classes of attacks?
• What can go wrong?
• How do we balance utility and
security/privacy?
![Page 27: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/27.jpg)
27
Authentication Methods
• Passwords: how to make them available?
– Tattooed passwords (visible, UV visible)
– Bracelet
• Biometrics (face recognition)
• Smart Cards
• Touch-to-access policy
• Key-based systems
• Shields
– Necklace
– Computational wristband
-- Figures from Denning et al.
![Page 28: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/28.jpg)
28
IMD Shield
- IMDShield -mit.edu
• Proxy (messages exchanges)
• Authentication + encryption (channel)
![Page 29: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/29.jpg)
29
IMD Shield - Implementation
• Jammer design (full
duplex radio)
- S. Gollakota et al. MIT
![Page 30: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/30.jpg)
30
Wristbands / Alert Bracelets
• Safety in emergencies
• Security & Privacy under adversarial
conditions
• Battery life
![Page 31: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/31.jpg)
31
Wristbands / Alert Bracelets
• Protection is granted while wearing the bracelet.
• Remove to gain access to the IMD
• Inform patients about malicious actions – But not preventive
• Authentication + symmetric encryption
• Disadvantages
– Relies on the patient wearing the bracelet
– Reactive
– Cognitive effects on patients
--Denning et al.
![Page 32: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/32.jpg)
32
Usability Considerations
• Hospitals not having correct equipment
• Visual indicator of patients condition (something is wrong). Personal dignity.
• Carrying one more device
• Aesthetics
– Wristbands (especially). “Mockups are unaesthetic”
– Tattoos
• Mental and physical inconvenience
• Cultural and historical associations
![Page 33: 08. The Internet of Things and Qualitative Studies fileThe Internet of Things and Qualitative Studies Blase Ur and Mainack Mondal April 18th, 2018 CMSC 23210 / 33210 . 2 Transitioning](https://reader030.fdocuments.us/reader030/viewer/2022041218/5e075717eea06f721919d133/html5/thumbnails/33.jpg)
33
Electronic Medical Records
• Why do we want electronic medical
records?
• What are privacy/security concerns about
electronic medical records?
• How do we mitigate those concerns?