SlideShare a Scribd company logo

Securing Wireless IMD

Download as PPTX, PDF
University of California Riverside
University of California Riverside

Ideas and Challenges for Securing Wireless Implantable Medical Devices: A Review

Technology
1 of 27
Presented by Harish Gonnabattula Ideas and Challenges for Securing Wireless Implantable Medical Devices: A Review 1
Table of Contents What are IMD's? IMD Architecture Security Requirements SECURITY SOLUTIONS FOR SUPPORTING EMERGENCY ACCESS SECURITY SCHEMES FOR SUPPORTING REGULAR CHECK-ups SECURITY SCHEMES FOR ADDRESSING IMD RESOURCE CONSTRAINTS FUTURE WORK & CONCLUSION 2
What are IMD’s? • Implantable Medical Devices (IMD) are miniaturized computer systems used for monitoring and treating various medical conditions. • Modern IMD’s are wireless. • They are configured using external radio wave programmers e.g., parameter configuration and data extraction. • This exposes it to security attacks because the wireless communication channels between the IMD and the programmer are in cleartext and hence are not protected cryptographically. 3 Programmer IMD
IMD Applications 4
IMD Architecture • Adding a wireless module to the IMD has facilitated a convenient way to configure its relevant parameters, resulting in efficient remote monitoring of the patient. • a device programmer to communicate with the IMD through the wireless channel • Recent studies, however, have shown that an attacker can use the insecure wireless link to manipulate the operations performed on an IMD by sending unauthorized commands thereby compromising the patient’s security and privacy. 5
Security Requirements Potential threats that need to be dealt with and trade-offs that need to be considered in the IMD security design. • Threat Modelling • Passive Eavesdroppers : Listens to an IMD’s wireless transmissions, can capture and decode transmitted data with off-the-shelf or custom-built radio equipment. Compromises privacy and confidentiality of patient. • Active Adversaries : Replay recorded control commands, or generate new radio commands, to an IMD, aiming at modifying the IMD’s settings or triggering data transmissions actively. More harmful. Eg: stopping the required insulin injection or injecting more than the required dose to the patients. 6
Power Denial of Service (DoS) • An Active Adversary attack which severely impacts the IMDs more than any other types of sensor nodes due to the IMD’s limited battery power. • An IMD has limited battery life of 5-10 years. • Each communication consumes some power and memory. • Continuous authentication requests from the attacker would lead to battery being compromised or even be depleted. Attacker IMD dummy auth req 7
Security Requirements • Trade-offs in Security Design • Security vs. Accessibility: The design of IMD security safeguards should balance requirements between security and device accessibility in an emergency situation. • Emergency Situation vs. Normal Circumstance: The need of emergency treatment for chronic patients bearing IMDs will not happen frequently. Security solutions proposed for supporting the emergency access usually require extra resources. • Strong Security vs. Limited Resources: The IMD security design should achieve a trade-off between robust security and its resource constraints. A strong security mechanism, which has capabilities of authentication, encryption, non-repudiation, authorization, etc., will consume plenty of resources which are limited in the IMD. 8
Introduction What are IMD's? IMD Architecture Security Requirements SECURITY SOLUTIONS FOR SUPPORTING EMERGENCY ACCESS SECURITY SCHEMES FOR SUPPORTING REGULAR CHECK-ups SECURITY SCHEMES FOR ADDRESSING IMD RESOURCE CONSTRAINTS FUTURE WORK & CONCLUSION 9
SECURITY SOLUTIONS FOR SUPPORTING EMERGENCY ACCESS As discussed above, the doctors must be able to access the IMD to perform emergency treatment of patients in a hospital setting where security tokens or keys may not be present. External Proxy-Based Solutions • Provides a fail-open access in order to achieve the trade- off between security and accessibility. • The use of an external security proxy requires a little or no modifications to the IMD. • This design can mitigate battery draining attacks on the IMD, since the majority of security operations are delegated to the external proxy device. 10
Examples 11
12
Biometric-Based Access Control Biometric features of people are used for access control. Two Level-AC : • This proposed access has two levels. In the first level, the patient’s fingerprints, iris color and height are used. • In the second level, a iris verification tool is used to unlock access to IMD. • In the emergency situation, a sample iris image is captured and converted into a sample iris code. • However, a security flaw in biometrics based approaches is that the selected biometric is normally unchangeable and an attacker may gain access to the biometric template. Heart-to-Heart (H2H) : • ECG signals are used as authentication for the IMD. • IMD can be only accessed by a programmer which is in physical contact. • ECG signal is measured by the programmer and is compared with the ECG signal from IMD for a match. • These two signals have similarity only when they are measured from same body. Hence, an attacker cant have access to the IMD using patient’s records or from other person. • Processing real-time ECG signals every attempt is both energy and time consuming. 13
14
Proximity-Based Security Schemes Distance between the programmer and IMD is used as an access control mechanism. Critical operations, e.g., fine-tuning the IMD should use a security range much smaller than those used in remote monitoring. Ultrasonic-AC: • The protocol uses ultrasonic distance bounding technique to measure the range between the IMD and the programmer. • The patient carries a security token that shares a secret key with the IMD. • In the normal operation mode, the doctor places the programmer within a prescribed security range and uses the token from the patient to gain access to the IMD. 15
• In the emergency mode when the token is not available, the IMD will generate a temporary secret key and share it with a programmer which is within its security range. • However, this proximity-based security scheme could be breached if the adversary can get close to the patient, e.g., in the public transportation or other public area. 16
Key Distribution Supporting Emergency Access • Direct-KD: A direct Key Distribution (Direct-KD) method can be used to provide the key instantaneously during the emergency situation by printing the key on a bracelet or the patient’s skin. • Public Key Cryptography: With a public key infrastructure, a certificate with a trusted party’s public key can be deployed in the IMD initially. In emergencies, a programmer contacts the party and obtains a valid certificate which is later used to establish a symmetric key between the IMD and the programmer. The public key cryptography is too expensive in terms of computation and energy consumption, so it is inappropriate for implantable medical sensor devices. 17
• ECG-KD: The technique of ECG signal based Key Distribution (ECG-KD) has been studied for use in wireless body area networks (WBANs) and IMDs. PSKA scheme is used to convey the key securely from one sensor to another. The polynomial computation and construction is computationally expensive for the IMD which has limited resources. A symmetric key is encrypted by a random BS generated from ECG signals, and decrypted in another WBAN sensor by a synchronously generated BS BS- Binary Sequences from ECG 18
19
SECURITY SCHEMES FOR SUPPORTING REGULAR CHECK-ups 20
SECURITY SCHEMES FOR ADDRESSING IMD RESOURCE CONSTRAINTS This section examines security approaches which can address the resource constraint requirement of the IMD and counter power DoS attacks by using lightweight algorithms, harvesting energy and using a separate security unit. • A. Lightweight Security Algorithms • Security functions should use as less energy as possible. • Hosseini-Khayat proposed a lightweight security protocol to provide data confidentiality and authentication between the IMD and its base station. • Strydis studied a number of symmetric (block) ciphers in terms of various metrics, such as power consumption, total energy budget, encryption rate and efficiency, program-code size and security level 21
SECURITY SCHEMES FOR ADDRESSING IMD RESOURCE CONSTRAINTS • A performance and power simulator, XTREM, is used to evaluate the ciphers and found MISTY-1 , IDEA and RC6 to be the best performing ciphers. B. Energy Harvesting • Potential way to counter attack power DoS attacks. • Use the Radio Frequency (RF) based energy harvesting technique to power security circuitry. • A Wireless Identification and Sensing Platform (WISP), with an attached piezo- element, harvests energy from the wireless channel when it senses signals from a programmer. 22
SECURITY SCHEMES FOR ADDRESSING IMD RESOURCE CONSTRAINTS C. Separate Security Unit • Used to mitigate security overhead on IMD. • For external proxy based security solutions, shift the security related computations to an external device. • An experiment was performed using a cell phone device to run the IMD authentication. The IMD device will not run the computations and instead will sleep thereby saving energy 23
FUTURE WORK • A. Proper Assumptions • Patients, doctors and hospitals, emergency medical personnel, and IMD manufacturers are trustworthy. • The IMD may record all accesses and active commands in the past few months into its log for the purpose of analysis and detection. • Licensed doctors are trustworthy and hospitals are a safe working environment. • B. Decoupled Design • Divide the IMD into multiple submodules. • Each component of a system works independently and any changes to one component will have a minimal effect on the others. • Reduces complexity and risks of device recalls. • Speedy approvals. 24
FUTURE WORK C. Safety Overrides Security • Safety and utility of an IMD has a higher priority than its privacy and security requirements. • Ex: Guaranteed access to unauthorized doctors during emergency situation. • Major part of IMD resources should be allocated for supporting IMD medical functionality. So, the designers must carefully weigh costs arising from security algorithms against the safety and utility capabilities of the IMD. • They can use light weight security algorithms and power them up using the energy harvesting method. 25
CONCLUSION • By incorporating a tiny wireless module into the IMD, a doctor can configure parameters in and transmit medical data to/from the IMD by using external programmers. • However, an undesirable, yet inevitable, side effect is that these IMDs are increasingly vulnerable to security attacks. • This paper has analyzed threats faced by the IMDs and trade-offs that we need to consider in their security design. • Since the IMDs normally perform critical functions for chronic patients, the security issues in the IMDs have to be addressed in a proactive manner or else a patient may be exposed to severe life threatening health hazards. 26
Thank You 27

Recommended

HARDWARE ATTACK MITIGATION TECHNIQUES ANALYSIS
HARDWARE ATTACK MITIGATION TECHNIQUES ANALYSISHARDWARE ATTACK MITIGATION TECHNIQUES ANALYSIS
HARDWARE ATTACK MITIGATION TECHNIQUES ANALYSIS
ijcisjournal
 
1678 1683
1678 16831678 1683
1678 1683
Editor IJARCET
 
Control and indicating equipment communicating via the peripheral component i...
Control and indicating equipment communicating via the peripheral component i...Control and indicating equipment communicating via the peripheral component i...
Control and indicating equipment communicating via the peripheral component i...
journalBEEI
 
Security in embedded systems
Security in embedded systemsSecurity in embedded systems
Security in embedded systems
Raghav S
 
Hardware, and Trust Security: Explain it like I’m 5!
Hardware, and Trust Security: Explain it like I’m 5!Hardware, and Trust Security: Explain it like I’m 5!
Hardware, and Trust Security: Explain it like I’m 5!
Teddy Reed
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
ClubHack
 
Security in an embedded system
Security in an embedded system Security in an embedded system
Security in an embedded system
UrmilasSrinivasan
 
Ids vs ips
Ids vs ipsIds vs ips
Ids vs ips
Tapan Khilar
 

Recommended

HARDWARE ATTACK MITIGATION TECHNIQUES ANALYSIS
HARDWARE ATTACK MITIGATION TECHNIQUES ANALYSISHARDWARE ATTACK MITIGATION TECHNIQUES ANALYSIS
HARDWARE ATTACK MITIGATION TECHNIQUES ANALYSIS
ijcisjournal
 
1678 1683
1678 16831678 1683
1678 1683
Editor IJARCET
 
Control and indicating equipment communicating via the peripheral component i...
Control and indicating equipment communicating via the peripheral component i...Control and indicating equipment communicating via the peripheral component i...
Control and indicating equipment communicating via the peripheral component i...
journalBEEI
 
Security in embedded systems
Security in embedded systemsSecurity in embedded systems
Security in embedded systems
Raghav S
 
Hardware, and Trust Security: Explain it like I’m 5!
Hardware, and Trust Security: Explain it like I’m 5!Hardware, and Trust Security: Explain it like I’m 5!
Hardware, and Trust Security: Explain it like I’m 5!
Teddy Reed
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
ClubHack
 
Security in an embedded system
Security in an embedded system Security in an embedded system
Security in an embedded system
UrmilasSrinivasan
 
Ids vs ips
Ids vs ipsIds vs ips
Ids vs ips
Tapan Khilar
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
Nirmal Thaliyil
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
Ivan Carmona
 
Cyber-security of smart grids
Cyber-security of smart gridsCyber-security of smart grids
Cyber-security of smart grids
Hamza AlBzoor
 
Aeroscout Wwt Wireless Mobilityin Hc Webcast
Aeroscout Wwt Wireless Mobilityin Hc WebcastAeroscout Wwt Wireless Mobilityin Hc Webcast
Aeroscout Wwt Wireless Mobilityin Hc Webcast
Marc
 
Cps security bitsworkshopdec15.2012 (1)
Cps security bitsworkshopdec15.2012 (1)Cps security bitsworkshopdec15.2012 (1)
Cps security bitsworkshopdec15.2012 (1)
shanshicn
 
A Study of Intrusion Detection and Prevention System for Network Security
A Study of Intrusion Detection and Prevention System for Network SecurityA Study of Intrusion Detection and Prevention System for Network Security
A Study of Intrusion Detection and Prevention System for Network Security
IRJET Journal
 
Smart Grid Security - Attack & Defense
Smart Grid Security - Attack & Defense Smart Grid Security - Attack & Defense
Smart Grid Security - Attack & Defense
NESslides
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection system
Avinash Kumar
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithm
ijtsrd
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System Security
Adel Barkam
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
ClubHack
 
Tool track for aviation rfid
Tool track for aviation rfidTool track for aviation rfid
Tool track for aviation rfid
Dynamic Systems
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
Ivan Carmona
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?
Rio Valdes
 
RF_NEC
RF_NECRF_NEC
RF_NEC
Ayal Vogel
 
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
IJNSA Journal
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
Malachi Jones
 
Cyber Security in Substation Automation (IEC 61850)
Cyber Security in Substation Automation (IEC 61850)Cyber Security in Substation Automation (IEC 61850)
Cyber Security in Substation Automation (IEC 61850)
Nikandrov Maxim
 
Wireless applications in various areas
Wireless applications in various areasWireless applications in various areas
Wireless applications in various areas
Amulya Anu
 
Cyber security in Smart grid system
Cyber security in Smart grid systemCyber security in Smart grid system
Cyber security in Smart grid system
amaljose949563
 
Shibu
ShibuShibu
Shibu
Subodh Gupta
 
Cse727
Cse727Cse727
Cse727
Meenakshi Muthuraman
 

More Related Content

What's hot

Aeroscout Wwt Wireless Mobilityin Hc Webcast
Aeroscout Wwt Wireless Mobilityin Hc WebcastAeroscout Wwt Wireless Mobilityin Hc Webcast
Aeroscout Wwt Wireless Mobilityin Hc Webcast
Marc
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithm
ijtsrd
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
ClubHack
 
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
IJNSA Journal
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
Malachi Jones
 

What's hot (17)

Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
Cyber-security of smart grids
Cyber-security of smart gridsCyber-security of smart grids
Cyber-security of smart grids
 
Aeroscout Wwt Wireless Mobilityin Hc Webcast
Aeroscout Wwt Wireless Mobilityin Hc WebcastAeroscout Wwt Wireless Mobilityin Hc Webcast
Aeroscout Wwt Wireless Mobilityin Hc Webcast
 
Cps security bitsworkshopdec15.2012 (1)
Cps security bitsworkshopdec15.2012 (1)Cps security bitsworkshopdec15.2012 (1)
Cps security bitsworkshopdec15.2012 (1)
 
A Study of Intrusion Detection and Prevention System for Network Security
A Study of Intrusion Detection and Prevention System for Network SecurityA Study of Intrusion Detection and Prevention System for Network Security
A Study of Intrusion Detection and Prevention System for Network Security
 
Smart Grid Security - Attack & Defense
Smart Grid Security - Attack & Defense Smart Grid Security - Attack & Defense
Smart Grid Security - Attack & Defense
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection system
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithm
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System Security
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Tool track for aviation rfid
Tool track for aviation rfidTool track for aviation rfid
Tool track for aviation rfid
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?
 
RF_NEC
RF_NECRF_NEC
RF_NEC
 
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
 

Similar to Securing Wireless IMD

Cyber Security in Substation Automation (IEC 61850)
Cyber Security in Substation Automation (IEC 61850)Cyber Security in Substation Automation (IEC 61850)
Cyber Security in Substation Automation (IEC 61850)
Nikandrov Maxim
 
Wireless Body Area network
Wireless Body Area networkWireless Body Area network
Wireless Body Area network
Rajeev N
 
Protocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its SecurityProtocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its Security
IJERA Editor
 
A_Novel_Standalone_Implementation_of_MDNN_Controller_for_DC-DC_Converter_Resi...
A_Novel_Standalone_Implementation_of_MDNN_Controller_for_DC-DC_Converter_Resi...A_Novel_Standalone_Implementation_of_MDNN_Controller_for_DC-DC_Converter_Resi...
A_Novel_Standalone_Implementation_of_MDNN_Controller_for_DC-DC_Converter_Resi...
lvskumar1
 

Similar to Securing Wireless IMD (20)

Cyber Security in Substation Automation (IEC 61850)
Cyber Security in Substation Automation (IEC 61850)Cyber Security in Substation Automation (IEC 61850)
Cyber Security in Substation Automation (IEC 61850)
 
Wireless applications in various areas
Wireless applications in various areasWireless applications in various areas
Wireless applications in various areas
 
Cyber security in Smart grid system
Cyber security in Smart grid systemCyber security in Smart grid system
Cyber security in Smart grid system
 
Shibu
ShibuShibu
Shibu
 
Cse727
Cse727Cse727
Cse727
 
1678 1683
1678 16831678 1683
1678 1683
 
Kv2518941899
Kv2518941899Kv2518941899
Kv2518941899
 
Kv2518941899
Kv2518941899Kv2518941899
Kv2518941899
 
Secret key generation
Secret key generationSecret key generation
Secret key generation
 
An IDS for Secure Visible Light Communication on Android Devices
An IDS for Secure Visible Light Communication on Android DevicesAn IDS for Secure Visible Light Communication on Android Devices
An IDS for Secure Visible Light Communication on Android Devices
 
Wireless Body Area network
Wireless Body Area networkWireless Body Area network
Wireless Body Area network
 
Presentation1 160729072733
Presentation1 160729072733Presentation1 160729072733
Presentation1 160729072733
 
CYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRIDCYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRID
 
Protocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its SecurityProtocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its Security
 
Wireless sensor network
Wireless sensor networkWireless sensor network
Wireless sensor network
 
finger print based door lock.pptx
finger print based door lock.pptxfinger print based door lock.pptx
finger print based door lock.pptx
 
A_Novel_Standalone_Implementation_of_MDNN_Controller_for_DC-DC_Converter_Resi...
A_Novel_Standalone_Implementation_of_MDNN_Controller_for_DC-DC_Converter_Resi...A_Novel_Standalone_Implementation_of_MDNN_Controller_for_DC-DC_Converter_Resi...
A_Novel_Standalone_Implementation_of_MDNN_Controller_for_DC-DC_Converter_Resi...
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control System
 
Security system using Arduino
Security system using ArduinoSecurity system using Arduino
Security system using Arduino
 
Designing an Architecture for Monitoring Patients at Home: Ontologies and We...
Designing an Architecture for Monitoring Patients at Home: Ontologies and We...Designing an Architecture for Monitoring Patients at Home: Ontologies and We...
Designing an Architecture for Monitoring Patients at Home: Ontologies and We...
 

Recently uploaded

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
UXDXConf
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
UXDXConf
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Femke de Vroome
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 

Recently uploaded (20)

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 

Securing Wireless IMD

  • 1. Presented by Harish Gonnabattula Ideas and Challenges for Securing Wireless Implantable Medical Devices: A Review 1
  • 2. Table of Contents What are IMD's? IMD Architecture Security Requirements SECURITY SOLUTIONS FOR SUPPORTING EMERGENCY ACCESS SECURITY SCHEMES FOR SUPPORTING REGULAR CHECK-ups SECURITY SCHEMES FOR ADDRESSING IMD RESOURCE CONSTRAINTS FUTURE WORK & CONCLUSION 2
  • 3. What are IMD’s? • Implantable Medical Devices (IMD) are miniaturized computer systems used for monitoring and treating various medical conditions. • Modern IMD’s are wireless. • They are configured using external radio wave programmers e.g., parameter configuration and data extraction. • This exposes it to security attacks because the wireless communication channels between the IMD and the programmer are in cleartext and hence are not protected cryptographically. 3 Programmer IMD
  • 5. IMD Architecture • Adding a wireless module to the IMD has facilitated a convenient way to configure its relevant parameters, resulting in efficient remote monitoring of the patient. • a device programmer to communicate with the IMD through the wireless channel • Recent studies, however, have shown that an attacker can use the insecure wireless link to manipulate the operations performed on an IMD by sending unauthorized commands thereby compromising the patient’s security and privacy. 5
  • 6. Security Requirements Potential threats that need to be dealt with and trade-offs that need to be considered in the IMD security design. • Threat Modelling • Passive Eavesdroppers : Listens to an IMD’s wireless transmissions, can capture and decode transmitted data with off-the-shelf or custom-built radio equipment. Compromises privacy and confidentiality of patient. • Active Adversaries : Replay recorded control commands, or generate new radio commands, to an IMD, aiming at modifying the IMD’s settings or triggering data transmissions actively. More harmful. Eg: stopping the required insulin injection or injecting more than the required dose to the patients. 6
  • 7. Power Denial of Service (DoS) • An Active Adversary attack which severely impacts the IMDs more than any other types of sensor nodes due to the IMD’s limited battery power. • An IMD has limited battery life of 5-10 years. • Each communication consumes some power and memory. • Continuous authentication requests from the attacker would lead to battery being compromised or even be depleted. Attacker IMD dummy auth req 7
  • 8. Security Requirements • Trade-offs in Security Design • Security vs. Accessibility: The design of IMD security safeguards should balance requirements between security and device accessibility in an emergency situation. • Emergency Situation vs. Normal Circumstance: The need of emergency treatment for chronic patients bearing IMDs will not happen frequently. Security solutions proposed for supporting the emergency access usually require extra resources. • Strong Security vs. Limited Resources: The IMD security design should achieve a trade-off between robust security and its resource constraints. A strong security mechanism, which has capabilities of authentication, encryption, non-repudiation, authorization, etc., will consume plenty of resources which are limited in the IMD. 8
  • 9. Introduction What are IMD's? IMD Architecture Security Requirements SECURITY SOLUTIONS FOR SUPPORTING EMERGENCY ACCESS SECURITY SCHEMES FOR SUPPORTING REGULAR CHECK-ups SECURITY SCHEMES FOR ADDRESSING IMD RESOURCE CONSTRAINTS FUTURE WORK & CONCLUSION 9
  • 10. SECURITY SOLUTIONS FOR SUPPORTING EMERGENCY ACCESS As discussed above, the doctors must be able to access the IMD to perform emergency treatment of patients in a hospital setting where security tokens or keys may not be present. External Proxy-Based Solutions • Provides a fail-open access in order to achieve the trade- off between security and accessibility. • The use of an external security proxy requires a little or no modifications to the IMD. • This design can mitigate battery draining attacks on the IMD, since the majority of security operations are delegated to the external proxy device. 10
  • 12. 12
  • 13. Biometric-Based Access Control Biometric features of people are used for access control. Two Level-AC : • This proposed access has two levels. In the first level, the patient’s fingerprints, iris color and height are used. • In the second level, a iris verification tool is used to unlock access to IMD. • In the emergency situation, a sample iris image is captured and converted into a sample iris code. • However, a security flaw in biometrics based approaches is that the selected biometric is normally unchangeable and an attacker may gain access to the biometric template. Heart-to-Heart (H2H) : • ECG signals are used as authentication for the IMD. • IMD can be only accessed by a programmer which is in physical contact. • ECG signal is measured by the programmer and is compared with the ECG signal from IMD for a match. • These two signals have similarity only when they are measured from same body. Hence, an attacker cant have access to the IMD using patient’s records or from other person. • Processing real-time ECG signals every attempt is both energy and time consuming. 13
  • 14. 14
  • 15. Proximity-Based Security Schemes Distance between the programmer and IMD is used as an access control mechanism. Critical operations, e.g., fine-tuning the IMD should use a security range much smaller than those used in remote monitoring. Ultrasonic-AC: • The protocol uses ultrasonic distance bounding technique to measure the range between the IMD and the programmer. • The patient carries a security token that shares a secret key with the IMD. • In the normal operation mode, the doctor places the programmer within a prescribed security range and uses the token from the patient to gain access to the IMD. 15
  • 16. • In the emergency mode when the token is not available, the IMD will generate a temporary secret key and share it with a programmer which is within its security range. • However, this proximity-based security scheme could be breached if the adversary can get close to the patient, e.g., in the public transportation or other public area. 16
  • 17. Key Distribution Supporting Emergency Access • Direct-KD: A direct Key Distribution (Direct-KD) method can be used to provide the key instantaneously during the emergency situation by printing the key on a bracelet or the patient’s skin. • Public Key Cryptography: With a public key infrastructure, a certificate with a trusted party’s public key can be deployed in the IMD initially. In emergencies, a programmer contacts the party and obtains a valid certificate which is later used to establish a symmetric key between the IMD and the programmer. The public key cryptography is too expensive in terms of computation and energy consumption, so it is inappropriate for implantable medical sensor devices. 17
  • 18. • ECG-KD: The technique of ECG signal based Key Distribution (ECG-KD) has been studied for use in wireless body area networks (WBANs) and IMDs. PSKA scheme is used to convey the key securely from one sensor to another. The polynomial computation and construction is computationally expensive for the IMD which has limited resources. A symmetric key is encrypted by a random BS generated from ECG signals, and decrypted in another WBAN sensor by a synchronously generated BS BS- Binary Sequences from ECG 18
  • 19. 19
  • 20. SECURITY SCHEMES FOR SUPPORTING REGULAR CHECK-ups 20
  • 21. SECURITY SCHEMES FOR ADDRESSING IMD RESOURCE CONSTRAINTS This section examines security approaches which can address the resource constraint requirement of the IMD and counter power DoS attacks by using lightweight algorithms, harvesting energy and using a separate security unit. • A. Lightweight Security Algorithms • Security functions should use as less energy as possible. • Hosseini-Khayat proposed a lightweight security protocol to provide data confidentiality and authentication between the IMD and its base station. • Strydis studied a number of symmetric (block) ciphers in terms of various metrics, such as power consumption, total energy budget, encryption rate and efficiency, program-code size and security level 21
  • 22. SECURITY SCHEMES FOR ADDRESSING IMD RESOURCE CONSTRAINTS • A performance and power simulator, XTREM, is used to evaluate the ciphers and found MISTY-1 , IDEA and RC6 to be the best performing ciphers. B. Energy Harvesting • Potential way to counter attack power DoS attacks. • Use the Radio Frequency (RF) based energy harvesting technique to power security circuitry. • A Wireless Identification and Sensing Platform (WISP), with an attached piezo- element, harvests energy from the wireless channel when it senses signals from a programmer. 22
  • 23. SECURITY SCHEMES FOR ADDRESSING IMD RESOURCE CONSTRAINTS C. Separate Security Unit • Used to mitigate security overhead on IMD. • For external proxy based security solutions, shift the security related computations to an external device. • An experiment was performed using a cell phone device to run the IMD authentication. The IMD device will not run the computations and instead will sleep thereby saving energy 23
  • 24. FUTURE WORK • A. Proper Assumptions • Patients, doctors and hospitals, emergency medical personnel, and IMD manufacturers are trustworthy. • The IMD may record all accesses and active commands in the past few months into its log for the purpose of analysis and detection. • Licensed doctors are trustworthy and hospitals are a safe working environment. • B. Decoupled Design • Divide the IMD into multiple submodules. • Each component of a system works independently and any changes to one component will have a minimal effect on the others. • Reduces complexity and risks of device recalls. • Speedy approvals. 24
  • 25. FUTURE WORK C. Safety Overrides Security • Safety and utility of an IMD has a higher priority than its privacy and security requirements. • Ex: Guaranteed access to unauthorized doctors during emergency situation. • Major part of IMD resources should be allocated for supporting IMD medical functionality. So, the designers must carefully weigh costs arising from security algorithms against the safety and utility capabilities of the IMD. • They can use light weight security algorithms and power them up using the energy harvesting method. 25
  • 26. CONCLUSION • By incorporating a tiny wireless module into the IMD, a doctor can configure parameters in and transmit medical data to/from the IMD by using external programmers. • However, an undesirable, yet inevitable, side effect is that these IMDs are increasingly vulnerable to security attacks. • This paper has analyzed threats faced by the IMDs and trade-offs that we need to consider in their security design. • Since the IMDs normally perform critical functions for chronic patients, the security issues in the IMDs have to be addressed in a proactive manner or else a patient may be exposed to severe life threatening health hazards. 26

Editor's Notes

  1. Older IMD’s used wires to communicate with circuitry outside the body. The wires are a common source of surgical complications, including breakage, infection and electrical noise
  2. physiological-signal-based key agreement (PSKA), a scheme for enabling secure intersensor communication within a BAN in a usable (plug-n-play, transparent) manner. one-time pad (OTP) is an encryption technique that cannot be cracked, but requires the use of a one-time pre-shared key the same size as, or longer than, the message being sent. In this technique, a plaintext is paired with a random secret key. XOR between message and random key.