Securing the Timestamping of Sensor Data from Wearable Healthcare Devices

An ageing population, coupled with increasing prevalence of chronic diseases, is placing unsustainable demands on current healthcare systems. Home-based medical monitoring, supported by wearable sensors for heart-rate, ECG, blood pressure, blood glucose, blood-oxygen saturation, etc., has the potential to alleviate the growing burden on hospitals. Timestamping data from such sensors accurately is important for correlating and reconstructing events of medical significance, and to increase trust in the context associated with the data. Unfortunately, reliable timestamping is non-trivial, and cannot be left entirely to the sensor device (too resource constrained), the gateway (can be tampered by user), or the datalog server (too far from the medical device). We tackle this problem to make three important contributions: (a) we demonstrate that the threat is real by showing how easy it is to tamper the timestamp on data from medically-approved devices on the market today; (b) we develop a novel solution to assure the reliability of the timestamp via a challenge mechanism whose cost-benefit trade-off can be customized; (c) we evaluate our solution via simulation to quantify the benefit as a function of the cost incurred. Our work presents a step towards increasing trust in the provenance, namely the meta-data, associated with the medical data.