Securing Mobile Devices with Biotelemetry

As the value of information placed on mobile devices increases, so does the risk that the information will be lost or stolen. In dire scenarios, such as soldiers on the battlefield, there is a tension between accessing critical information quickly and protecting that information from unauthorized viewers. Lightweight body sensors that detect and process physiological information can provide an unconventional means for simultaneously securing data on a mobile device and making pertinent health information available to authorized remote viewers. In this paper we present the design, implementation, and evaluation of our three-tier Secure Mobile Computing (SMC) system. Tier one consists of a physiological sensor (initially an electrocardiograph), microcontroller, and radio (initially Bluetooth) with the form factor of a bandage, collectively termed the "patch." The patch prototype collects and processes electrocardiograph (ECG) data and transmits the processed information over the wireless channel either continuously or periodically. The primary processing functionality, the heartbeat detection algorithm, has an average accuracy of over 99.5%. Tier two is the mobile device (e.g., cell phone, PDA, or laptop). SMC makes the utility of the mobile device dependent upon receipt of the patch\´s telemetry signal. SMC supports a number of programmable security policies that can either lock (e.g., encrypt) or erase data if the user is incapacitated or the mobile device loses proximity to the patch. Tier three is a web service that allows authorized viewers to view the sensor information remotely. We explore how SMC manages the interfaces between the tiers to implement security policies on the mobile device.