Mobile sensing technologies present exciting opportunities for healthcare. Wireless sensors can automatically provide sensor data to care providers, dramatically improving their ability to diagnose, monitor, and manage a wide range of medical conditions. Using mobile phones to provide connectivity between sensors and providers is essential to keeping costs low and deployments simple. Unfortunately, software-based attacks against phones, which can have significant consequences for patients, are also on the rise.

This poster describes a simple, flexible, and novel approach to protecting both the confidentiality and integrity medical sensing and data processing on vulnerable mobile phones, using plug-in smart cards---even a phone compromised by malware. We describe our design, implementation, and initial experimental results using real smart cards and Android smartphones.