Proc. SPIE. 9804, Nondestructive Characterization and Monitoring of Advanced Materials, Aerospace, and Civil Infrastructure 2016
KEYWORDS: Defense and security, Mobile devices, Data modeling, Sensors, Remote sensing, Earthquakes, Tablets, Structural health monitoring, Bridges, Data communications, Computer security, Structural sensing, Network security
Pervasive smartphones have demonstrated great potential in structural health monitoring (SHM) of civil infrastructures. Their sensing, processing, and communication capabilities along with crowdsourcing facility ease technical difficulties and reduce financial burdens of instrumentation and monitoring for SHM in civil infrastructures. However, smartphones are vulnerable to unintentional misuses and malicious attacks. This paper analyzes the vulnerabilities of smartphones in performing SHM and reveals the exploitation of those vulnerabilities. The work probes the attack surface of both devices and data. Device attack scenarios include hacking individual smartphones to modify the data stored on them and orchestrating smartphones to launch a distributed denial-of-service attack. Specifically, experiments are conducted to remotely access an Android smartphone and modify the sensing data of structural health stored on it. The work also presents a case study that reveals the sensitivity of a popular perturbation analysis method to faulty data delivered by a smartphone. The paper provides the direction of meeting the security challenge to using smartphones for SHM. As the first line of defense, device authentication is implemented in the smartphone to stop spoofing. Subsequently, message authentication is devised to maintain data integrity. There is a need to apply data science for the SHM immunity system against the sensitivity to data inaccuracy. The work also evaluates the cost-effectiveness of the proposed security measures, recommending varying levels of security to mitigate the adversaries to smartphones used in SHM systems. It calls for security solutions at the design stage of SHM systems rather than patching up after their implementations.