The Personal Fog: An Architecture for Limiting Wearable Security Vulnerabilitie

Wearable computing devices have become ubiquitous in daily life, with fitness and health trackers embedded in watches that also serve as payment devices to smart headphones or hearables that can also be used for language translation. Wearables constantly and consistently collect data from their users and their surroundings, transmitting that data back to a base station or mobile device for aggregation. The data is often sent by the base station to a cloud service for storage and analysis. The cloud service provides feedback to the base station, which is used by multiple applications for insight into the user's health and habits. Wearables rely on Bluetooth for their communication protocol, allowing them to send data quickly and with minimal power needed for the transmission. Unfortunately, with ubiquity comes security concerns of which the average user may be unaware. These concerns must be addressed to ensure wearables are not subject to traditional attack vectors, such as eavesdropping, Man-in-the-Middle, Denial of Service, and phishing, all of which are possible with Bluetooth devices. Because wearables are designed to be worn at all times, a user can unwittingly move from a secure to insecure environment where an attack is imminent. Though there has been research in general Bluetooth security, traditional attack vectors have not been examined in depth or in relation to each other within the wearable context. There are two main reasons for this lack of research. First, it is difficult to analyze current consumer wearables because of their proprietary designs. Beyond eavesdropping on the communication, there are minimal techniques that can be deployed to determine the response to an attack or a mitigation strategy, which must be performed through the base station. Second, wearables are only now emerging with more computational power. Thus, the wearables cannot make decisions regarding their security status independently, limiting the protection mechanisms that can be implemented.;This dissertation defines the design, implementation, and evaluation of a personal fog architecture and testbed, which allows for examining these attack vectors from local device, environmental, and social situational awareness perspectives. The testbed simulates near-future wearables with the additional processing power that is needed for fog computing. It demonstrates the ability of the personal fog to adapt to insecure environments and protect user data from being intercepted. An application is created to run on the simulated base stations and wearables that exploits the multi-layered architecture of the personal fog to increase security awareness for all connected devices. In addition, the application increases situational and social awareness of security vulnerabilities through a technique called fostering, which allows personal fogs to communicate with each other to inform those in their vicinity of potential insecurities. The testbed is used to demonstrate the extent to which this architecture and application combine to protect a user from security attacks using self-adaptation and social situational awareness. As a side effect of this research, the constructed testbed constructed can analyze Bluetooth wearable security threats and be extended to develop additional responses to security vulnerabilities as they arise.