Security with the wave of a wand

Increasingly, health care is moving out of the doctor's office and into the home, allowing greater patient freedom and monitoring, but also giving rise to new security risks.

One of the main challenges facing home health technology design is the public's inability to set up a secure network in their home and keep it operational. This can lead to compromised or stolen data, or even potentially hacked devices, such as heart rate monitors or dialysis machines.

To address this problem, researchers from Dartmouth College have developed a digital "magic wand" to improve home health care and to prevent hackers from stealing one's personal data.

The system, called Wanda, makes it easy for people to add a new device to their Wi-Fi network at home (or in a clinic), even if they don't have professional IT support staff to configure, track and update the medical devices.

The researchers will present a paper on the wand-based cybersecurity configurations at the Institute of Electrical and Electronics Engineers (IEEE) International Conference on Computer Communications (INFOCOM) in San Francisco in April.

The research is part of a project funded by the National Science Foundation (NSF), titled "Trustworthy Health and Wellness" (THaW.org) and led by Dartmouth computer science professor David Kotz. The project aims to protect patients and preserve the confidentiality of medical data.

The THaW team conducts research related to mobile and cloud technology for health and wellness applications, including efforts to secure small-scale clinical networks and to reduce malicious activity in hospitals.

Supported by a $10 million, five-year grant from NSF, the project includes experts in computer science, business, behavioral health, health policy and health care information technology from Dartmouth, Johns Hopkins University, the University of Illinois at Urbana-Champaign (UIUC), the University of Michigan and Vanderbilt University.

As part of ThaW, graduate student Tim Pierson developed a system where an individual can simply pull a small wand from a USB port on a Wi-Fi access point and point it at a new device at close range. Within a few seconds, the wand securely beams the secret Wi-Fi network information to the device, making it secure and operational.

One can use the same method to transfer any information from the wand to the new device without anyone nearby capturing private data or tampering with the information.

"People love this new approach to connecting devices to Wi-Fi," says Pierson. "So many of our volunteer testers remark on the frustration they've encountered in configuring wireless devices at home and ask when they can take our 'wand' home."

There are three basic operations involved. First, Wanda configures a device to join the wireless local-area network. Second, it partners that device with others nearby, so they can work together. And third, it configures the device so it can connect to the relevant individual or organizational account in the cloud.

Wanda—a small piece of hardware with two antennas that uses radio strength as a communication channel—accomplishes all of these tasks without the need for outside assistance.

"We anticipate our Wanda technology being useful in a wide variety of applications, not just health care, and for a wide range of device management tasks, not just Wi-Fi network configuration," Kotz says.

Kotz notes that mobile health technologies have incredible potential, but that insufficient attention to their security could hinder their adoption and lead to the theft of personal data or worse.

Fortunately, THaW researchers are identifying gaps in security and providing practical security solutions, says Kotz.

"We are developing novel methods for security and privacy so we can help usher in an era of effective and secure mobile health solutions," he says.