Tutorial on Wirless Security of medical devices By Dr G V Rangaraj

1. ICRTIT-2011 Half-day Tutorial on Wireless Security in Medical Devices Dr G V Rangaraj, IEEE Senior Member Senior Technical Manager HCL Technologies, Chennai, INDIA

2. Motivation & Objective Scope Generally in telecommunications, the security design is complex and requires a deep study of the cryptography theory. However due the time constraint in the production cycle it is necessary to come with an elegant design that also meets the standard constraints in a relatively short duration. This tutorial would help to overcome this issue by providing brief and precise security algorithm concepts necessary for the design of such pragmatic WPAN/WBAN sensor based medical device receiver.

3. Abstract Wireless communication is playing a key role in connecting medical devices to the outside world and has various advantages over the wired-connections. However it still has only a slow acceptance in the medical equipment market due to its vulnerable nature of security attacks in such environments compared to its wired counterpart. In this tutorial we would be providing a comprehensive overview of the security attacks possible in the various layers of the wireless embedded medical devices network and the corresponding counter-measures. We would then provide an overview of the wireless security issues in a Zigbee healthcare network, which, is being projected as the most common wireless technology for next generation embedded medical devices. The main challenge in the embedded medical device community is the wireless body area network (WBAN) which typically deals with implantable medical devices like implantable cardioverter-defibrillator (ICD). In this tutorial, we would also discuss some of the wireless security solutions proposed in the currently evolving IEEE 802.15 TG 6 WBAN initiatives in an implant environment.

5. INTRODUCTION

8. TYPICAL WIRELESS MEDICAL DEVICES NETWORK

9. Medical Devices Network

11. SECURITY THREATS IN A WIRELESS MEDICAL DEVICES NETWORK

17. Security threats - Summary Layers DoS Attacks Defenses Physical Jamming Spread-Spectrum, priority messages, lower duty cycle, region mapping, mode changes Link Tampering Tamper proof, hiding Collision Error Correction Code Unfairness Small frames Network Exhaustion Rate limitation Neglect and greed Redundancy, probing Homing Encryption Misdirection Egress filtering, authorization monitoring Black holes Authorization monitoring, redundancy Transport Flooding Client Puzzles Desynchronisation Authentication

18. SECURITY SOLUTIONS

19. Security Requirements & Solutions Security Requirements Possible Security Solutions Data Confidentiality and Privacy Symmetric Key Encryption/Decryption Data Integrity and Authenticity Secure Symmetric Key Hashing Digital signature Freshness and Availability Encrypted counter Redundancy Secure Management Random Key Distribution, Public Key Cryptography, Secure Group Communication, Intrusion detection

25. Security Solutions - Summary Security Threats Security Requirements Possible security solutions Unauthenticated or unauthorized access Key establishment and trust setup Random key distribution Public key cryptography Message disclosure Confidentiality and privacy Link/network layer encryption Access control Message modification Integrity and authenticity Keyed secure hash function Digital signature Denial of Service (DoS) Availability Intrusion detection Redundancy Node capture & compromised node Resilience to node compromise Inconsistency detection of node and revocation Tamper-proofing Routing attacks Secure routing Secure routing protocols Intrusion and high level security attacks Secure group management, intrusion detection, secure data aggregation Secure group communication Intrusion detection

26. CASE STUDY – I WPAN - Zigbee

34. CASE STUDY – II WBAN – IEEE 802.15 WG 6

40. WBAN Frequency Bands Scenario Description Frequency Band Channel Model S1 Implant to Implant 402-405 MHz CM1 S2 Implant to Body Surface 402-405 MHz CM2 S3 Implant to External 402-405 MHz CM2 S4 Body Surface to Body Surface (LOS) 13.5,50,400,600, 900 MHz 2.4,3.1-10.6 GHz CM3 S5 Body Surface to Body Surface (NLOS) 13.5,50,400,600, 900 MHz 2.4,3.1-10.6 GHz CM3 S6 Body Surface to External (LOS) 900 MHz 2.4,3.1-10.6 GHz CM4 S7 Body Surface to External (NLOS) 900 MHz 2.4,3.1-10.6 GHz CM4

46. CONCLUSIONS

47. Thank you! QUESTIONS & ANSWERS

48. Biography Rangaraj received his B.Tech in Electrical Engineering from Indian Institute of Technology (IIT) Madras, India in 1998, M.S in Electrical and Computer Engineering from Georgia Tech, U.S.A. in 2000 and PhD in Electrical Engineering from IIT Madras, India in 2005 with specialization in communication systems. His current areas of interest include design and development of wireless solutions/ PHY/MAC layer chipsets for future wireless systems involving wireless personal/body area networks and signal processing algorithms for 4G wireless communication systems. During his doctoral studies, he also worked as Project Officer for the DECT Wireless in Local Loop project with the Tenet Group. After graduation, he worked as Technical Lead Engineer at HCL Technologies, Chennai, where he was developing physical layer of MBOA UWB wireless system on FPGA platforms and at NXP Semiconductors, Bangalore developing physical layer for Wireless LAN on embedded vector processors. He then worked as Wireless Specialist at Tata Elxsi, Chennai in design of Physical layer for LTE wireless systems and other 4G wireless systems on DSP platforms. Currently he is working as Senior Technical Manager at HCL Technologies, Chennai in design of wireless solutions in medical, automotive and industrial verticals. He has published more than ten papers in various national and international conferences and journals and also an active reviewer. He is the recipient of the Philips award and Seimens award for being the student with best academic record in Electrical Engineering Department at IIT Madras during 1994–1998. He is also the recipient of the Colonel Oscar Cleaver award for being the outstanding graduate student in the School of Electrical and Computer Engineering, Georgia Institute of Technology during 1998–1999.

49. Thank You