Sujin Han (KAIST) Diana A. Vasile (Nokia Bell Labs), Fahim Kawsar (Nokia Bell Labs, University of Glasgow), Chulhong Min (Nokia Bell Labs)
Wearable devices, often used in healthcare and wellness, collect personal health data via sensors and share it with nearby devices for processing. Considering that healthcare decisions may be based on the collected data, ensuring the privacy and security of data sharing is critical. As the hardware and abilities of these wearable devices evolve, we observe a shift in perspectives: they will no longer be mere data collectors, rather they become empowered to collaborate and provide users with enhanced insights directly from their bodies with ondevice processing. However, today’s data sharing protocols do not support secure data sharing directly between wearables. To this end, we develop a comprehensive threat model for such scenarios and propose a protocol, SecuWear, for secure real-time data sharing between wearable devices. It enables secure data sharing between any set of devices owned by a user by authenticating devices with the help of an orchestrator device. This orchestrator, one of the user’s devices, enforces access control policies and verifies the authenticity of public keys. Once authenticated, the data encryption key is directly shared between the data provider and data consumer devices. Furthermore, SecuWear enables multiple data consumers to subscribe to one data provider, enabling efficient and scalable data sharing. In evaluation, we conduct an informal security analysis to demonstrate the robustness of SecuWear and the resource overhead. It imposes latency overhead of approximately 1.7s for setting up a data sharing session, which is less than 0.2% for a session lasting 15 minutes.