Magic Wand Waves Away Security Concerns

The trend towards home-based recuperation and health care has prompted the need for closer examination of the efficacy and utility of medical devices used at home. Concerns about the implications of the safe and effective use of devices typically used in a clinical setting, but now also used in a home setting, include provision of adequate training, environmental factors such as the cleanliness of the location, and security concerns regarding the transmission of confidential data from the device to the health care practitioner.

Security of medical data has been a hot topic recently. According to the Identity Theft Resource Center’s Data Breach Report, the healthcare/medical industry saw over 112,800,000 records breached in 2015 – by far the most of any industry. Safeguarding sensitive medical information is often a problem when devices are taken outside a clinical setting with appropriate firewalls in place to a less secure home environment, but Dartmouth Computer Science doctoral candidate Tim Pierson thinks he may have found a solution.

“A number of reports have suggested that medical data trades for more money than credit card numbers on Internet hacker sites,’ says Pierson, a 4th year PhD candidate in David Kotz’ research group. “In addition to the potential privacy invasion if medical devices leak aspects of a patient’s health, what is also problematic is protecting the credentials (e.g. name and password) a devices uses to get online and send data to your Electronic Health Record (EHR) at your doctor’s office,” Pierson explains. If these credentials are compromised, an attacker might be able to gain access to the home network and access private data, or might gain access the doctor’s EHR system.

Pierson’s project, known as “Wanda”, introduces a small “magic wand-like” device that uses a novel radio signal strength technique to impart data onto devices. For example, it can be used to link a Wi-Fi router to a device in a secure manner. In that case, the wand first securely learns the network name and password of the Wi-Fi router over a wired USB connection. Next the user disconnects the wired connection and moves the wand in close proximity to the device to be configured. Then the wand transmits the network name and password to the device using binary code via strong and weak radio signals. This difference in signal strength is what makes it possible for the nearby device to decode the information sent by the wand, but makes it next to impossible for more distant hackers to access the information being sent. This reduces the possibility of the user’s network being compromised.

Lack of usability is cited as a common barrier to patients’ making effective use of home devices. Wanda facilitates frustration-free connection for new devices to the network, by simply pointing the wand at the device it also eliminates the need to remember passwords.

“With Wanda the user doesn’t have to type in the password, or even know the password,” Pierson says. “Wanda allows them to create complex passwords (e.g. random combinations of letters, number, and punctuation) for things such as their Wi-Fi router and they don’t have to worry about it, remember it, or reveal it to a guest – just point the wand.”

Wanda is part of a National Science Foundation-funded project led by Dartmouth called “Trustworthy Health and Wellness”, or THaW. The program aims to protect patients and their confidentiality as medical records move from paper to electronic form and as care increasingly moves into the home

THaW is supported by a $10 million, five-year grant from the NSF’s Secure and Trustworthy Cyberspace program. It includes experts in computer science, business, behavioral health, health policy and healthcare information technology at Dartmouth College, Johns Hopkins University, the University of Illinois Urbana-Champaign, the University of Michigan and Vanderbilt University.