Security Review: Quiet Care

By joyleung at 11:51 pm on February 10, 2008 | 5 Comments

Home monitoring systems like Quiet Care exist to allow independent living for elderly people. The system works by monitoring the person’s daily movements with wireless activity sensors in each room. The information collected from these sensors is gathered at a communicator and then is sent to the Quiet Care server and is analyzed for patterns. If the server detects unusual behavior, it contacts the caregivers of the individual.

Assets

  • The privacy of the individual monitored
  • The ability of the system to respond when an emergency occurs

Potential Adversaries

  • A stalker interested in information about the individual’s daily behavior.
  • A thief wanting to break in undetected by the person or the system.
  • A disgruntled worker at Quiet Care
  • A rival company that wishes to give Quiet Care a bad name

Potential Weaknesses

  • The wireless activity sensors are wireless so signals from these devices can probably be easily picked up from outside the home, compromising the individual’s privacy
  • The analysis of the patterns in behavior and contacting of caregivers is done on the server. If that server is taken down and an emergency occurs, the monitored individuals can be in life danger.
  • If there is no encryption of data, a person could intercept and interfere with information going to the server. This could be used to create many false emergency alerts which would frustrate the caregivers and give the company a bad name.

Potential Defenses

  • Using wired instead of wireless activity sensors
  • An effective encryption
  • Backup servers

Risk

The wireless part of this system makes very open to attacks. This risk can possibly be life threatening.

Conclusion

It is difficult to draw a balance between monitoring an individual closely enough to detect an emergency yet not invade a person’s privacy. This is a problem inherent in all home monitoring systems. For Quiet Care’s system, wiring up the detectors and using a good encryption should help with the privacy leaks that a wireless system has. As electronic home monitoring systems develop, it will be interesting to see what will be used to achieve this balance.

Filed under: Availability,Privacy,Security Reviews5 Comments »

5 Comments

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by George Boyajian

    March 20, 2008 @ 5:06 am

    Your comments are dead on and ones which we have taken into account in system design and execution. A more complete understanding of how QC works would answer more of your questions/issues.

    In order –

    An addition on assets – QC was primarily designed to alert to changes in normal behavior that happen before emergencies occur, thus permitting the caregiver to interdict and avoid the emergency. So we do both.

    There are a host of other assets that you can see at quietcare.com

    On potential weaknesses:
    The output from the wireless sensors is encoded as is their identity, so without access to our separate database, you would not know which sensor was firing nor would you know what data each message contained.

    If electricity is out or phone lines down caregiver is notified if system does not contact our server. It is unlikely that our server is down, though we monitor 24/7 and have redundant systems in multiple secure locations makes this unlikely.

    As the data are encrypted and the algorithms are designed to alert in cases of non normal behavior, fouling the datastream to avoid emergency alerts would require one to know the emergency were about to occur and then interdict at exactly that moment with exactly the correct encoded datastream (highly unlikely).

    Design of QC was started with consultation with eldercare ethicists, professional caregivers, and engineers given the task of keeping the system secure. Thanks for your input and please feel free to contact us at anytime.

    George Boyajian (cofounder and director)

  • 2
    Get your own gravatar for comments by visiting gravatar.com

    Comment by James Youngman

    March 25, 2008 @ 4:31 pm

    Mr. Boyajian writes:

    <>

    This statement is much lacking in detail, but what is doesn’t say is that the data stream is encrypted, or how. So it appears to me that simply knowing the opaqued origin-code and time of transmission of a message would allow one to figure out something about its content. For example, it’s likely that an activity message ocurring at 3am is likely to be from a bathroom or a bedroom. In any case, the lack of activity messages can be a useful signal, too. Knowing that the occupant is not in is useful for some types of malicious interest.

    Having multiple servers doesn’t seem by itself to be an adequate defence against the besmearing attack. Specifically, if there are say 15 redundant servers in 5 locations, I probably only have to convince a small number (1 or 2) of them that the caregiver needs to be contacted in order to successfully attack the system’s reputation. The redundancy of the service probably increases the vulnerability to malicious triggering rather than decreasing it.

    I notice that the comments about the system design mention a number of positive things about how the design was created, but fail to mention a security review. This is what this student seems to be offering. The company seems to be responding as if defending its reputation (understandablly) but without in any way welcoming this kind of feedback.

    That makes me think that the company might have benefitted more from being left unnamed in the original article; that way, they might have accepted the review as an opportunity to improve their product.

    On the other hand, maybe I am being unrealistic. If you have a limited palette of products and aren’t planning to improve them post-launch, then any kind of feedback is a potential threat to your business.

  • 3
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Wedding Ablum Designer

    May 4, 2008 @ 6:40 pm

    I’m concerned about the privacy.

  • 4
    Get your own gravatar for comments by visiting gravatar.com

    Comment by George Boyajian

    May 10, 2008 @ 8:14 am

    Mr Youngman –

    Please do not take my lack of detail and an encyclopedic response as anything but my wanting to be immediately responsive to a university undertaking. All I can say, and in wanting to keep our system secure, is that your assumptions about message content and timing are well thought out, but the reality of our messages and the underlying code, prevents such conclusions to be made. Getting into more detail might be a security risk. That being said, we understand any group with enough motivation and resources could corrupt any system.

    As a former Professor I would like to support the students and the faculty in their enterprise. But as I have found out in the 12 years I have been in industry after academia, at least in my endeavors, industry knowledge and experience is orders of magnitude deeper than that of nearly all graduate seminar participants. Our tech team has built some very successful and secure platforms used in the world today including (just to name two) the Instinet trading platform and much of the original Medscape system).

    We deal with thousands of lives and emergency interdictions on a daily basis. Now, while no one can ever anticipate every potential attack or security threat, we have taken every measure we can think of, not all of which I would or could prudently discuss on a forum like this. And we are constantly on the lookout for new threats and counter measures. Our systems has undergone at least three independent reviews and will continue to undergo such reviews.

    I cannot go into, nor should I go into the details of our security, the security vetting by security companies that our system has undergone, nor can I go into the detail of each and every communication, its timing, content, and level of privacy protection in this forum (nor should I for security reasons).

    All of the issues that you have pointed to and a host of others that you have not listed have been addressed by the QuietCare technical team.

    Student exercises are just that, good thought experiment that exercise their minds, we have to deal with the well being of our clients, the communication with their family members and a host of professional caregivers and our business depends on it. We know that we do not know everything, therefore we always welcome constructive feedback and criticism and thank you and the students for their ideas.

    Please feel free to contact me directly.

    George Boyajian george@quietcaresystems.com

  • 5
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Darvas System

    September 25, 2008 @ 11:45 am

    Privacy is something that should not be taken lightly in light of the most recent events in the media.

RSS feed for comments on this post