Projects:2018s1-169 A Better Security Framework for Wearable Devices

From Projects
Revision as of 13:45, 5 September 2018 by A1668821 (talk | contribs)
Jump to: navigation, search

Group 169 produced two research topics that are interconnected through wearable technology.

Research Topic 1: Topic 1: Improving the Technical Functionality of Children’s Tracking Watches

Research Topic 2: Biometric Profiling of Wearable Devices for Medical Monitoring and Authentication

Authors

Topic 1

Inderbir Singh (Focusing on the Indian Market perspective)

Luke Jennings (Focusing on the Australian Market perspective)

Topic 2

Munirah DeVries

Supervisors

Matthew Sorell

Richard Matthews

Topic 1: Improving the Technical Functionality of Children’s Tracking Watches

Technical Abstract

The objective is to improve the functionality of the children’s safety watch SpaceTalk [1] such that it provides increased safety measures in commonplace Australian social scenarios. Several safety watches have been found in Europe to be more detrimental to safety than intended, and as a result, have come under heavy investigation [2]. Since the technology is rather new and can still have the potential to provide for children’s safety, understanding the issues around them and improving them is vital as the technology moves forward. The challenges involved are that some of the improvements that can be suggested may work for the Australian market, however, if the watch is then taken internationally those improvements may violate international privacy and surveillance laws and become detrimental to child safety. Hence this project is being investigated from two different perspectives. One from the Australian perspective, which is the focus of this paper, and the other from the Indian perspective. Since the two countries have two vastly different social structures, the improvements discovered in each can be combined into a single flexible set of functionality improvements that can be applied internationally.


Contextual Abstract

Under the umbrella of Children’s wearable’s, one team is responsible for identifying the devices that are currently on the market, and are vulnerable due to lack of security. A second team is looking at another specific device, provided by a sponsor organization, which is very good at its technical security but lacks the understanding of its market specialization. Kristine Hovhannisyan (Estonian Student) will be focusing on the legal framework within Estonia and in European market regarding SpaceTalk device. Finally, Luke Jennings and Inderbir Singh (the author) are focusing on a fresh space for a worldwide market with a focus on the following questions: “If we are to develop this device for world market by taking into account of privacy, security and safety, what does that mean in different social and cultural context? What are the implications for these devices and technical implementation requirements with the system?” In other words, the purpose of this research study is to identify cybersecurity vulnerabilities from a humanitarian perspective and redesign the technical functionalities of the watch to be able to satisfactorily deal with social situations in two different cultures, India and Australia, as well as provide data safely, securely, and quickly to law enforcement in the most extreme of cases.


Introduction

There has been a rapid enhancement in technology advancing in the previous decade. This poses a dilemma within and between technological innovation, cyber-crime and legal regulations. From one perspective, technology has such a great influence on serving its purpose and keeping an individual up to date and secure. On the other side, the law is wrestling with either liberating or restraining on such security [2]. In today’s society, children’s smart-watches are available in the market and gaining popularity worldwide. Parents prefer these over smartphones because of a one-size-fits-all approach, technical functionality and sturdiness. This is a fantastic safety device for parents, however, there is the possibility that these devices could be used for malicious purposes. These children’s smartwatches have features that not only allow the parents to control who the child can communicate with through the device, but they can also activate GPS tracking to determine the child’s location at any time [3]. These technical implementations are challenged by different social and cultural contexts, whilst also abiding by the national laws. The laws around surveillance and consent are crucial, and some of the smartwatches available in the market favour functionalities over legal constraints. As such the technical functionalities of these devices must be reformulated to provide a solution to possible security flaws in different environmental scenarios, notably in Australia and India. At the same time, it is pertinent to ensure maximum data and storage security for the device, as well as making the information available to the law enforcement in some extreme cases when required. If any security breaches are identified, the company or manufacturers will be informed so that remediation and counter-measures and be put in place. At the same time, creating a public awareness about possible threats associated with the device so that user’s privacy isn’t compromised is also important.

Background

In Australia one smartwatch acts as a 3G phone has GPS tracking and SMS messaging. Its security features consist of SOS Alerts, where a button can be pressed to call a sequence of guardians or local authorities, as well as contains Safe Places, which alert the parent or guardian if the smartwatch leaves or arrives at a predetermined location. These functions are controlled by an accompanying app, where parents can control the communications the smartwatch has with other phones. The app can be used by multiple family members under a single login, which is one of its largest security issues. Currently, there is nothing to stop or control the access, or other family members who have gained access to the account. Should family relations become strained, the child’s smartwatch now effectively acts as a surveillance device potentially operated with ill-intent. This particular device will be used as a starting point to propose technical solutions. Conversely, in India, there isn't a leading brand of children's smartwatch, and they don’t suffer as much from these situations. Instead, crimes such as abduction and abuse of children are more common and call for a security device that parents can use to ensure the safety of their children. The task at hand is to formulate a flexible technical solution that incorporates the different sets of technical requirements for both environments.

1.1 Research Question

1) Can the technical framework of children’s smartwatches be reformulated to better ensure the safety of the child, or prevent it from being used as an illegal surveillance device in domestic circumstances in Australia? (Being researched by Luke Jennings) 2) Can the technical framework of children’s smartwatches be reformulated to better ensure the safety of the child in extreme scenarios such as kidnapping and abuse, in developing countries like India? 3) Can the data stored by children’s smartwatches be made more readily available to law enforcement such that they can act quickly in extreme circumstances? 4) Provided a solution can be found to questions 1 and 2, can they be combined into a single flexible technical framework that satisfies the requirements for different environmental contexts?

1.2 Motivation

Children’s tracking watches come with many different functionalities, but the main feature that distinguishes them from other devices as a safety device is their ability to allow parents to track their children through GPS on an accompanying smartphone app. This now raises the issues of children’s consent and private data and now involves surveillance tracking laws. This is important to consider because in Europe, many children’s tracking watches have been banned and have called for any of these devices to be destroyed, due to the possibility of their security being broken and being utilised as an illegal surveillance device. Additionally, the features and customer rights when using such devices have also become under investigation [2].

This project is being investigated from two different contexts. The first is the Australian perspective, where it is possible that children’s tracking devices can be misused and utilised as an illegal surveillance device. The second is the Indian perspective, where there is a genuine safety concern because crimes such as kidnapping are much more common as opposed to in Australia. Australia and India both have a different definition of child consent, and different laws regarding surveillance devices. Because of these differences, each country presents different technical requirements to ensure these children's tracking watches comply with their nation's laws and still deliver the primary objective of children's safety.

India is one of the largest developing economy in the world and has a very wide market for technology. It has the largest youth population in the world, every 1 out 5 children in the world is Indian [4]. The individuals in India come from 29 different states, 9 recognized major religions and a range of backgrounds. It has been established that the rate of crimes committed against children in the present time in India is far higher than that against adults, and has only increased over time. It is a given fact that plight of children is not likely to change. A total of 84,423 cases of crime against children were reported in India during 2014 (with an increase of 53.6% from 2013 figure of 58,224). Also, there has also been increasing number of incidents regarding cybersecurity and surveillance (especially unauthorized surveillance) reported in India [5]. The main approach to this project is to identify the severity of threat level in India against children coming from average middle class to upper class where parents can afford a tracking device such as the SpaceTalk smartwatch, and how such device can provide an extra level of security for their children against the safety or security threats that they are likely to face in their daily lives. Any sort of violation or crime against children can be devastating to their mental state, and can imbalance their cognitive, social, physical, and emotional development. It is vital to have a thorough understanding of the types of crimes commonly committed against children in India in order to appropriately asses and reformulate the technical functionality of children’s smartwatches, such as the SpaceTalk smartwatch, with an aim to better ensure the safety of the child in such scenarios.

Previous Studies

Cybersecurity is becoming one of the world’s most prominent areas of study and innovation. It is important to understand the differences between the vulnerabilities, risks and threats associated with cybersecurity. Without a complete understanding of these factors and related issues, an individual is at higher risk of exposure to these threats. There has been a rapid increase in cybercrime, where all businesses are now strongly encouraged to constantly monitor and manage their devices. A recent study from 2014 found that companies in Australia have experienced an increase in the data breach by 18% within the 24 month period (1 in 5 Australian companies are expected to be attacked in years to come) [6]. Having an anti-virus and other forms of technical protection on devices are just not enough. Therefore, by law and due to ethical obligations, it is a common practice for organizations to undertake reasonable steps to ensure that the private information collected from their clients, business partners is protected and secured in a firewall encrypted database with restricted access. They are also expected to shield their IT/Data systems and the privacy of their clients. Lastly, the human factor is essential to take into account when considering technical measures with IoT devices [7]. Most of the data breaches are associated because of the defects identified within the software’s architecture and system design. Rest are stemmed from the bugs present in the software implementation. There has been an initiative established by IEEE as “IEEE Centre of Secure Design (CSD)” document emphasizing on identifying and preventing software design flaws. The CSD summarizes the top 10 most commonly and repeatedly occurring software security design flaws, as well as a recommendation for mitigating/avoiding them [8].

In October 2017, there was an investigation into children’s smartwatches by the Norwegian Consumer Council (NCC) called #Watchout [2]. Their investigation looked at the features of the apps and devices and the accompanying user terms and consumer rights for four different devices local to the area. Since the devices dealt with the tracking and communication with children, the investigation was greatly concerned with the framework of the devices, to ensure data protection laws and privacy rights of children are upheld. By testing the device's functions and reading any relevant legal documentation provided by the developers of each device, it was found that the safety features of the watches, the geofencing and SOS functions, were unreliable. The data of the children and their parents were also found to be stored in servers overseas, prominently in the US or Asia. The devices had inadequate and unclear user terms, denying users of their basic rights. Three out of four devices failed to ask for permission to collect this sensitive data and none of the devices alerts the user to changing terms of service or allow for the deletion of private data records. Some of the devices utilised the same smartphone app. One of the devices even allowed for remote activation of the microphone, allowing it to act as an illegal surveillance device. It was recommended that user terms and agreements should always be provided upon registration of the account. When prompting for consent, never use pre-checked boxes and must contain “I have read and accept these terms”. Private data must be used only for the operation of the device and not for other purposes and they must allow for the deletion of location history and other data. Security of processing and storage of private data must also be mentioned in the user terms. In addition to this, many security flaws were discovered which may lead to attackers taking advantage of the device, however for the purpose of this research we only consider the technical implementation of the device functions themselves.

Conversely, in India, the issue about regarding informed consent for minors is more complex, due to child marriages. According to Guardians and Wards Act (GWA), 1890, it clearly states that any person who is not over the age of 18 is a minor. Therefore, the court or appointed authority has the power to choose a guardian for the child by nominating one or removing another. Since then, there haven't been many revisions, with the latest major revision being the Juvenile and Justice (Care and Protection of Children) Act (JJC) in 2000. In 2016, this act was revised to deal with minors aged between 16-18 in the court of law by treating them as adults. The laws and policies around consent in India are outdated, with no evidence of a future reformation to be in-line with current technology. Since Australia and India are two different markets, considering the two different security needs of the children or family while understanding the laws in such environments is crucial in formulating a flexible solution.

Background'

Children’s tracking watches come with many different functionalities, but the main feature that distinguishes them from other devices as a safety device is their ability to allow parents to track their children through GPS on an accompanying smartphone app. This raises the issues of children’s consent and involves surveillance tracking laws.

SpaceTalk is known to be one of the best children tracking device/smartwatch manufactured by MGM wireless in Australia. It acts as a 3G phone consists of GPS tracking capability and SMS messaging feature. The security features of this watch consist of SOS Alerts, where a button can be pressed to call a sequence of guardians or local authorities [13]. It also consists of safe place markup tracked by the GPS which alerts the parent or guardian if the device leaves or arrives at a predetermined location. These features and functions are managed through an accompanying app, where parents or guardian can control the communications that the smartwatch has with other phones. This app can be utilized by multiple family members under a single login, this is definitely considered to be one of the largest security flaws found within this watch. The single login provides no control and full admin access to every individual who has gained access to the account. Bearing this security flaw in mind, should family relations become strained, there is a potential now that children’s smartwatch is now used as a surveillance device with ill-intent. This is important to consider because, in Europe, many children’s tracking watches have been banned and have called for any of these devices to be destroyed, due to the possibility of their security being broken and being utilized as an illegal surveillance device. Conversely, in India, there isn’t a leading brand of children’s smartwatch, and they do not suffer as much from these situations. Instead, crimes such as abduction, rape and abuse towards children are far more common and call for a security device that parents can use to ensure the safety of their children. This particular device will be used as a starting point to propose technical solutions.

In India, as per Criminal Law (Amendment) Act, 2013 has introduced cyberstalking as a criminal offence [5]. The use of tracking devices become illegal once they are utilized without an appropriate consent of the person being tracked. Even including the case where a minor is involved. The issue about regarding informed consent for minors is more complex, due to child marriages. According to Guardians and Wards Act (GWA), 1890, it clearly states that any person who is not over the age of 18 is a minor. Therefore, the court or appointed authority has the power to choose a guardian for the child by nominating one or removing another. Since then, there haven’t been many revisions, with the latest major revision being the Juvenile and Justice (Care and Protection of Children) Act (JJC) in 2015 [14]. The laws and policies around consent in India are outdated, with no evidence of a future reformation to be in-line with current technology.

Case Scenario Analysis

In this section, several different scenarios that modern families within Australia and critical scenarios from India may see are described, and the importance of improving the features of the SpaceTalk watch is emphasised by considering these scenarios where the child now has this safety watch. In India, Childline organization is a non-government organization (NGO) that is operated over the phone to help children in need or distress from the age of 0-18 years. They often come across calls that entails legal intervention while addressing the emergency needs of children and protecting their rights. This mainly stems from the following facts observed commonly in the general public: lack of knowledge about procedures, fear of the judicial system or lack of support systems available. On average, Childline receives about 2 million calls a year from children in need [15].

Scenario #1

In Australia, where blended families after remarriage are common and accepted, it may be desirable for the separated families to each be able to track a child when they have custody, while respecting the privacy of their former partner. Temporary guardianship by grandparents raises a similar example. As the list of extended family members increases, the amount of people who can track the child location and by proxy, the other extended family members of that child increase as well.

Scenario #2

A car drew up outside the seven-year-old's private school as he was leaving. Yash must have assumed that the man inside had been sent by his father to collect him. He got in, the door closed, and he was gone. Anil (Yash’s father) raced to the school, then to the nearby Balli police station, where his distress was met with a shrug. "[The officer] was lazy, a typical cop. He was reluctant to lodge a complaint. He said the boy must have wandered off somewhere." By the next morning, the police had a suspect, a well-known local criminal. They circulated his picture, but it was a mistake. The kidnappers panicked. Neighbours found Yash's body lying in bushes near the shore. He was in his school uniform, with a mark on his neck where he had been strangled, and dried blood around his nose [17]. 14 Another case, Asifa Bano was an eight-year-old child who was raped and murdered due to religion and caste differences. She was from a nomadic Muslim tribe in the restive. Asifa was abducted by a group of local Hindus when she went looking for the family’s horses. She was gang raped over days, drugged, beaten and her head finally smashed with a stone according to police reports. The justice system in India has been eviscerated over the past years. As commonly seen and known Police officers who are not loyal to politicians often find their career progress in difficulty and investigations and courts are open to manipulation. It was found that two of the eight suspects were police officers, accused of washing the Asifa’s clothes to destroy forensic evidence. The protest took place and the entire community of Muslims, Hindus and Sikhs came out on streets and demanded justice. The law-enforcement was forced to respond due to the actions were taken by the general public. The reluctant judge was also asked to take up the case after some superior judges made a call. The public also wrote letters to Prime Minister of India, who took actions against this incident and was justice was made [18]. With the presence of the watch, it would have at least provided the law enforcement with the resource to help locate the child’s last location before and if the watch was forcibly removed from the wrist and destroyed. This could have potentially saved abundant of time and provided resources for police to use it as a motivation to find Yash or Asifa.

Although, SpaceTalk watch currently does not support covert listening but in some cases in India, there is a potential that covert listening feature may save lives. Under extreme conditions, the watch should also have the ability to enable the microphone in the watch for covert listening option VIA the SOS button, where this data is perhaps not immediately available to the parents. However, they are notified with a new activity detected and the recording has been stored in a “black box” somewhere in the secured server. The recordings can then be accessed by the admin via contacting the support team who will then grant this on a condition and under a declaration signed at the time of purchase. The data then can also be accessed by the Law-enforcement and Childline organization with the parents or admins approval which may be authorized at the time of the purchase or when the situation falls upon.

  • This solutions given above will be further investigated and type of sensors are appropriate

will be summarized*

IOT Functionality Discussion

This includes securing the device itself, as we know that this device and or pieces of its equipment operate continuously unattended, therefore not subject to the security implied 16 by frequent, direct observation. It will be essential to make sure this device is tamper-proof or tamper-evident since that will prevent potential intruders from reaching into the device data. At the same time, it will defend against a hacker or other cybercriminal buying and then weaponizing the device. This can be mainly achieved by utilizing a layered security tactic which enforces attackers to overcome numerous difficulties. Another recommendation in terms of IoT devices is ensuring a trusted certificate when these devices are connected with network or GSM services. This means, that only one sim at a time can be configured with this device. Any attempt to add an alternative sim will be blocked automatically by also sending the admin an alert regarding unauthorized attempt and as well the location of that activity. This will ensure a protection against theft and unauthorized access is maintained. This can be achieved by public key infrastructure and digital certificates infrastructure implemented to the device technical framework. Also, as previously identified in section 2 there is currently no limit to the number of people that can be logged into the watch account at any given time. This exposes the fact that, there can numerous people tracking child’s geolocation that may be the external/temporary guardians that child may interact with on frequent basis. The proposed solution to this is to have secondary or guest’s accounts set up and linked to the main parent account who can delete when deemed unnecessary. This can enforce the restriction as to who can track the device’s location at a particular time while keeping their account details private.

Discussion

There are several implications for flexible architecture requirements such as single-login, lack of an option to withdraw consent and sim card swapping. From scenario #1 there are several issues already present regarding the use of the SpaceTalk watch. Firstly, is the matter of consent. When the watch account is created, the person creating that account is prompted to consent to the collection of their child’s private data. However, the other users that use the app to track the child have not been provided the option to provide nor withdraw consent, which needs to be a feature. There is no limit to the amount of people that can be logged into the watch account at any given time. Hence it is entirely possible that several people will be viewing the child’s geographical location, and by extension the temporary guardian that child is with. The solution to this is to have guest accounts or secondary accounts linked to the parent account and limiting the number of guests that can track the device at any given time. Since the guardians are only temporary, they do not need to have access to the child’s location data any longer than necessary. By having a guest account that expires after a certain period of time, the possibility of other members of the blended family using the child’s location to determine the guardian’s location becomes much smaller. Additionally, this also provides better security for the parent as they would not have to share their account details. Regarding scenario #2, continuing on from the guest account solution proposed above, there must be a way to remove a guest accounts tracking privileges when required. Under the single-login that the watch currently has, this is not possible. Additionally, should one of the parent’s switch out the sim card for another, they would now have exclusive access to the geographical location of their child, regardless of custody arrangements. Hence, the accompanying app should be notified if the sim card is removed. One feature that the watch requires is that it should display who is tracking the device at that time. Since children have the right to provide or withdraw consent provided they show the capacity to make informed decisions, this kind of information should be available to them. By extension on the app, the parent should be able to see what guest accounts are linked to the device and when they are active or not.

Conclusion

At this current stage, various ideas have been proposed and detailed above regarding the SpaceTalk smartwatch that complies with numerous standard protocols. They also provide a better security structure for the parents and their children using this watch. These ideas will be further analyzed and discussed in the upcoming cyber-security summer school in collaboration with Luke Jennings and Kristine Hovhannisyan.

The importance of this research is becoming greater as the popularity of children’s safety watches increases and the need to understand the security implications of similar IoT devices increases along with it. At this preliminary stage, multiple feature alterations for the SpaceTalk have been suggested that follow the various privacy act and surveillance laws whilst providing better security for the parent and child using the watch, thus proving the purpose of this thesis.

References

[1] Ian Muscat, Cyber Threats VS Vulnerabilities VS Risks, https://www.acunetix.com/blog/articles/cyber-threats-vulnerabilities-risks/, accessed May 2018. [2] Margaret Rouse, IoT devices March 2018, https://internetofthingsagenda.techtarget.com/definition/IoT-device, accessed May 2018. [3] Forbrukerrådet, Analysis on Smartwatches for Children 2017, https://fil.forbrukerradet.no/wp-content/uploads/2017/10/watchout-rapportoctober2017. pdf, accessed May 2018. [4] PTI, India has the world’s largest youth population: UN Report, http://www.thehindu.com/todays-paper/tp-in-school/india-has-worlds-largest-youthpopulation- un-report/article6612615.ece, accessed May 2018. [5] Kanchi, Criminal Law (Amendment) Act, 2013: Sexual Offences, https://www.lawctopus.com/academike/criminal-law-amendment/, accessed May 2018. [6] Techsert, Why is Cyber Security Important?, https://techsert.com/why-is-cybersecurity- important/, accessed May 2018. [7] Kathy Pretz, How to protect wearable device Against Cyberattacks, http://theinstitute.ieee.org/ieee-roundup/members/achievements/how-to-protectwearable- devices-against-cyberattacks, accessed May 2018. [8] IEEE Computer Society, Avoiding the top 10 software security design flaws, https://www.computer.org/cms/CYBSI/docs/Top-10-Flaws.pdf, accessed May 2018 [9] MGM Wireless, MGM Wireless Privacy Policy 2017, https://mgmwireless.com/downloads/MGM_Wireless_Customer_Privacy_Policy.pdf, accessed May 2018. [10] Northern Territory Government, Surveillance Devices Act 2007, accessed May 2018. [11] Australian Government, Privacy Act 1988, https://www.legislation.gov.au/Details/C2018C00034, accessed May 2018. [12] MGM Wireless, MGM Wireless Privacy Policy 2017, https://mgmwireless.com/downloads/MGM_Wireless_Customer_Privacy_Policy.pdf, accessed May 2018.


Topic 2: Introduction

Biometric data from wearable devices provides a range of advantages from dynamic authentication to improved hospital grade patient monitoring. Bio- metric data is data that has been collected and processed for the identifica- tion of biological organisms through confirmation of unique characteristics.[1] Due to the unique physiologies of every individual it is proposed that a unique biometric fingerprint can be developed that can replace current au- thentication methods, from passports to passwords. In addition, the long- term monitoring and recording of biometric data would further improve the health care industry by providing physicians with a biological history to tailor better-informed medical advice and diagnosis. It is further proposed that there is a requirement for improved health monitoring devices that are marketed for at-home use. The digitation of Australian health care records is a small step towards at-home management of health care, which can be improved through online doctor-patient con- sultations that are facilitated by uploading biometric data from at-home medical equipment. It is suggested that prevention techniques will be im- plemented more successfully due to patients being better informed through the access of their medical and biometric data.[2]

The Aims

The current study focuses on the extraction of biometric information from non-intrusive wearables. Recreational and popular wearable devices, such as Fitbit and Apple watch, are under investigation due to the consistency in which they are worn, and their commercial in uence on consumers. The aim of the study is to determine the quality of biometric information obtained from the recreational wearables, to understand the devices' limitations, and the future improvements required to target user authentication and clinical- quality biometrics. The following study will initially focus on the children's wearable device, Spacetalk, and its limitations and security features regarding biometric data. Detailed engineering level access to the architecture and ecosystem of the the Spacetalk provides a solid platform for the study. The discoveries and conclusions will develop a foundation to understand the requirements for higher functioning wearables. The paper will continue by exploring current research and technology within the electronic health care system. Other technological applications for the biometric data will be discussed, mainly the idea of a wearable authentication device. This will lead into the analysis of a collection of biometric data obtained from the Fitbit and Apple watch. The analysis will include the processing stages and personalised conclusions which relate to the biological functions and activities of the user. The con- clusions along with unique biometric patterns will provide the basis of the unique user profile. The paper will continue by analysing the limitations of these devices, and thus future improvements that can be implemented for hospital-grade wearables. Suggestions for future research will be provided to conclude the study.

What is Spacetalk

The South-Australian company, MGM wireless, are known for successfully commercialising the use of the SMS automated communication system in 2002. The system facilitated communication between schools and parents, in particular school attendance, monitoring child safety and general parent communications. The company has successfully incorporated the technology across more than 1,350 schools in Australia, New Zealand and America. The company places emphasis on its strict privacy and data security standards which are upheld through complying with the Federal Australian Privacy Act 1998, and ensuring all employees and consultants undergo regular police checks.[3] Their success in child monitoring and security has evolved into a children's wearable device, called Spacetalk, which encompasses both a smartwatch and phone. The Spacetalk device allows parents to monitor and track their children through an app called \AllMyTribe". While the Spacetalk has been well received by parents, exhibited in sales \exceeding expectations"[4], does the watch truly protect the biometric information of the child?

Quasi-biometric Features

The Spacetalk watch incorporates two basic quasi-biometric features, the GPS and pedometer. Due to the simplicity of these features a standard accelerometer and MT6580 processor were implemented into the Spacetalk. The in-app processing of the quasi-biometric data incorporates limitations in the tracking of the user. The logging of GPS locations to the app's history has a minimum setting of every 5 minutes. However, this results in a battery life of approximately seven hours and therefore is not a desirable setting. The GPS history, starting from the moment of pairing the device is currently stored within AllMyTribe's systems, and accessible to parents through the app. Furthermore, the GPS included limited accuracy of a few meters, and the pedometer was observed to be insensitive to steps and resulted in lower than expected values. The limitations of the Spacetalk are beneficial to the security of the child, as the data limits the ability to construct a quasi-biometric profile.

Future Research

From the results of the Spacetalk device, two significant questions propel the future research of wearable devices for patient monitoring and authen- tication. 1. What combinations of biometric data are required to characterise a user through a unique profile? 2. What limitations are placed on the processing of data from the wear- able sensors and how can these be improved to produce clinical-quality biometric data? These questions will be explored by analysing the type and quality of data obtained from the Fitbit and Apple watch, and the types of sensors and data processing features implemented by the devices.

Green-light technology - Apple watch and Fitbit

Unlike the Spacetalk, Apple watch and Fitbit, among other wearables, in- corporate multiple sensors for obtaining a wide range of biometric informa- tion. One of the most common is a photoplethysmography (PPM) which is a green-light-based optical sensor that measures heart rate. The colour of light plays a critical role in the functionality of sensors. Green light is almost completely absorbed by oxy-haemoglobin, resulting in reduced sig- nal distortion of the heart rate measurement.[5] To achieve an engineering level understanding of green light technology as a sensor, a PPM will be constructed and processing techniques will be explored to understand the link between biometric accuracy and PPM data modulation.

Red-light technology - Hospital grade devices

Red-light-based optoelectronic sensors are utilised by hospitals to measure biometrics, such as measuring the amount of oxygen in the blood, and res- piratory rates. Red light is able to penetrate the body, due to its low ab- sorbability, and therefore is able to achieve more insightful data from a larger volume of tissue.[6] Unfortunately, a deeper penetration results in a higher noise distortion of the data, resulting in more complex processing techniques. For this reason, it is not desirable for companies to implement this technology in their wearable devices. This technology is being imle- mented by wearables such as the Biostrap, which utilises red LEDS and infrared PPM to claim clinical{quality heart analysis. Alternative and hy- brid sensor architectures such as red-light sensors, and red and blue light sensors will be explored to understand the device architecture required to obtain a wider range of biometrics for the development of a user profile.

Authentication

Physiological differences in individual's cardio-vascular and respiratory sys- tems are mirrored in the biometric data. Heart rate variability (HRV) is an inherent property of the heart and therefore attempts have been made to utilise it for biometric authentication. Unfortunately, there is a lack of HRV literature targeted towards biometrics.[7] The aim is to collate research among interdisciplinary studies to suggest how physiological properties such as HRV can be used to create an individual profile which can be embedded into a wearable device. The device would other an alternative to two-face authentication as it would essentially be something that knows something about something you are.

Conclusion

Common limitations of wearable devices include, transmission abilities, en- ergy reserve and device memory storage. Previous research has explored algorithms for data management, in particular the transmission of data through wireless interfaces to replace memory storage within the device. The techniques utilised include lossy data compression techniques and the analysis of the techniques complexity and compression performance. These techniques along with previous research and results will be explored to sug- gest suitable methods of data processing for both hospital grade and au- thentication purposes.

References

[1] techopedia. What is biometric data? - definition from techopedia, 2018.

[2] Australian Digital Health Agency. The future of digital health, Feb 2017.

[3] MGM. About us the most trusted name in school sms solutions, 2018.

[4] Alex Zaharov-Reutt. Spacetalk kids' smartwatch phone sales 'exceed expectations', Feb 2018.

[5] Michael Sawh. Red light, green light: Why fitbit's sensor shake-up is a huge deal, Aug 2017.

[6] Optoelectronic sensors in medical applications, Sep 2003.

[7] Nazneen Akhter, Sumegh Tharewal, Vijay Kale, Ashish Bhalerao, and KV Kale. Heart-based biometrics and possible use of heart rate vari- ability in biometric recognition systems. In Advanced Computing and Systems for Security, pages 15{29. Springer, 2016.

--A1687299 (talk) 17:43, 8 April 2018 (ACST)