人体活动识别系统中的安全和隐私漏洞

计算机工程与设计 Pub Date : 2022-09-23 DOI:10.1109/SEEDA-CECNSM57760.2022.9932957

V. Liagkou, S. Sakka, C. Stylios

{"title":"人体活动识别系统中的安全和隐私漏洞","authors":"V. Liagkou, S. Sakka, C. Stylios","doi":"10.1109/SEEDA-CECNSM57760.2022.9932957","DOIUrl":null,"url":null,"abstract":"Human activity recognition systems (HARS) should allow the secure and trustworthy exchange of sensitive data between several kinds of participating parties with different aims and claims, regarding security, data protection, and trust issues. Initially in this work, a security flaw has been identified in a complete medical IoT application using wearable devices and smart sensors. Then, we list the security vulnerabilities and attempt to make suggestions on the prevention of security flaws that may appear during the implementation of HARS and we analyze a specific attack, the Man in the Middle attack, where a third malicious entity interferes with communication between two entities and is associated with key exchange protocols. Moreover, we discuss various design considerations for protecting the data that is transmitted and stored from different sources like smart wearables, mobile phones, and cloud applications by using cryptographic and privacy-preserving techniques. Finally, we show how the use of the OAuth2.0 protocol can ensure that only authenticated users interact with the HARS.","PeriodicalId":68279,"journal":{"name":"计算机工程与设计","volume":"13 1","pages":"1-6"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Security and Privacy Vulnerabilities in Human Activity Recognition systems\",\"authors\":\"V. Liagkou, S. Sakka, C. Stylios\",\"doi\":\"10.1109/SEEDA-CECNSM57760.2022.9932957\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Human activity recognition systems (HARS) should allow the secure and trustworthy exchange of sensitive data between several kinds of participating parties with different aims and claims, regarding security, data protection, and trust issues. Initially in this work, a security flaw has been identified in a complete medical IoT application using wearable devices and smart sensors. Then, we list the security vulnerabilities and attempt to make suggestions on the prevention of security flaws that may appear during the implementation of HARS and we analyze a specific attack, the Man in the Middle attack, where a third malicious entity interferes with communication between two entities and is associated with key exchange protocols. Moreover, we discuss various design considerations for protecting the data that is transmitted and stored from different sources like smart wearables, mobile phones, and cloud applications by using cryptographic and privacy-preserving techniques. Finally, we show how the use of the OAuth2.0 protocol can ensure that only authenticated users interact with the HARS.\",\"PeriodicalId\":68279,\"journal\":{\"name\":\"计算机工程与设计\",\"volume\":\"13 1\",\"pages\":\"1-6\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-09-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"计算机工程与设计\",\"FirstCategoryId\":\"1093\",\"ListUrlMain\":\"https://doi.org/10.1109/SEEDA-CECNSM57760.2022.9932957\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"计算机工程与设计","FirstCategoryId":"1093","ListUrlMain":"https://doi.org/10.1109/SEEDA-CECNSM57760.2022.9932957","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

人类活动识别系统(HARS)应该允许在具有不同目标和要求的几种参与方之间安全可靠地交换敏感数据，涉及安全性、数据保护和信任问题。在这项工作的最初阶段，在使用可穿戴设备和智能传感器的完整医疗物联网应用中发现了一个安全漏洞。然后，我们列出了安全漏洞，并试图对HARS实施过程中可能出现的安全漏洞的预防提出建议，我们分析了一个具体的攻击，中间人攻击，其中第三个恶意实体干扰两个实体之间的通信，并与密钥交换协议相关联。此外，我们还讨论了通过使用加密和隐私保护技术来保护从不同来源(如智能可穿戴设备、移动电话和云应用程序)传输和存储的数据的各种设计考虑。最后，我们将展示使用OAuth2.0协议如何确保只有经过身份验证的用户才能与HARS交互。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Security and Privacy Vulnerabilities in Human Activity Recognition systems

Human activity recognition systems (HARS) should allow the secure and trustworthy exchange of sensitive data between several kinds of participating parties with different aims and claims, regarding security, data protection, and trust issues. Initially in this work, a security flaw has been identified in a complete medical IoT application using wearable devices and smart sensors. Then, we list the security vulnerabilities and attempt to make suggestions on the prevention of security flaws that may appear during the implementation of HARS and we analyze a specific attack, the Man in the Middle attack, where a third malicious entity interferes with communication between two entities and is associated with key exchange protocols. Moreover, we discuss various design considerations for protecting the data that is transmitted and stored from different sources like smart wearables, mobile phones, and cloud applications by using cryptographic and privacy-preserving techniques. Finally, we show how the use of the OAuth2.0 protocol can ensure that only authenticated users interact with the HARS.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

计算机工程与设计

自引率

0.00%

发文量

20353

期刊介绍： Computer Engineering and Design is supervised by China Aerospace Science and Industry Corporation and sponsored by the 706th Institute of the Second Academy of China Aerospace Science and Industry Corporation. It was founded in 1980. The purpose of the journal is to disseminate new technologies and promote academic exchanges. Since its inception, it has adhered to the principle of combining depth and breadth, theory and application, and focused on reporting cutting-edge and hot computer technologies. The journal accepts academic papers with innovative and independent academic insights, including papers on fund projects, award-winning research papers, outstanding papers at academic conferences, doctoral and master's theses, etc.