A research paper recently became available by Paul D. Martin and Michael Rushanan of Harbor Labs, Thomas Tantillo of Johns Hopkins University, Christoph U. Lehmann of Vanderbilt University and Aviel D. Rubin of Johns Hopkins University. The paper, Applications of Secure Location Sensing in Healthcare is part of the Proceedings of the 7th ACM International Conference on Bioinformatics. There are also some associated slides by Michael Rushanan.
The paper considers the use of beacons to track hospital assets and provide for location-based access to patient records. The tracking of hospital assets is an important usecase because staff spend:
“1 hour per shift searching for equipment and the average hospital owns 35,000 inventory SKUs and utilization hovers around 32-48%, with nearly $4,000 of equipment per bed, lost or stolen each year”
The second use, the reading of patient records based on location, is particularly security sensitive. The paper describes an implementation of what they call Beacon+ that builds on iBeacon advertising to make location sensing more secure.
The Beacon+ system uses “monotonically increasing sequence number and message authentication code (MAC)”. This is similar to the (optional) changing id provided by our Sensoro beacons. The concept is also similar to Eddystone-EID that was announced at about the same time this research was ongoing.
The paper discusses using the Translated Midpoint Method rather than trilateration as a method of determining location based on readings of RSSI of multiple beacons. The accuracy turned out to be 1-2 meters in the best case and 9-10 meters in the worst case that produced a better result than trilateration in their specific experimental situation.
As with this and other security sensitive scenarios, the use of changing UUIDs needs Internet access to reconcile ids. Hospital is a suitable case as it can be arranged to have reliable (WiFi) Internet access available. However, in many other scenarios, such as visitor spaces, particularly indoors or when the user is roaming internationally, Internet access isn’t always available. Also, depending on the quality of the Internet connection, a round trip to the server can slow detection response considerably and affect perceived reliability. Hence, secure rolling UUID schemes should only be used as and when security dictates and not as a matter of course.
The paper also mentions:
“There exists an implicit assumption that devices that can verify Beacon+ advertisements are also trusted”
Not all devices can be trusted. Android and iOS devices can easily be rooted/jailbroken and/or be compromised via malware. Hence, secure rolling beacons are only a part of defining a secure solution. As with other secure scenarios such as banking, apps have to make an self-assessment whether they are running on a compromised device.