Secure communication in imd


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Secure communication in imd

  1. 1. AJAY KarriAJITH Joseph Jose
  2. 2. OverviewProblem Resource DepletionProposed SolutionFeatures of ShieldSecurity ModelTicket FormatSecurity Issues AddressedDemoTest CasesFuture EnhancementsReferences
  3. 3. Problem- Resource DepletionIMD Wireless Attacker
  4. 4. Why Prevent Resource Depletion?• Attacks can cause serious fatalities to the patient• The lifetime of IMD reduces from several years to weeks• Replacing an IMD requires major surgery and will put patient at risk• Attacker may try to gain access to patient privacy information
  6. 6. Features of Shield Prevents against the resource depletion attacks . Provides user authentication. Provides confidentiality to the IMD data. Acts as an gateway to the IMD. Maintains the user log. Acts as a session manager for IMD.
  7. 7. Security Model 6 3Shield User TGS 5 4 1 2 Assumption:  Shared Secret shared securely shared between the users.  AES used as encryption algorithm. IMD Authenticator
  8. 8. User Authenticator TGS SHIELD E[Name,Idc] K * - SHARED SECRED IDc - CLIENT ID E[K*,Tickettgs] E[IDc, Tickettgs] E[K*,Ticketshield ] E[IDc, Ticketshield] Begin Communication
  9. 9. TICKET FORMATAuthentication Client Server E[K*, IDC, TIMESTAMP, LIFETIME]
  10. 10. Access Pattern
  11. 11. Authenticator User Request Access Allow or Deny Access Verify the user with Request TGS shared the secret database User accessShared Keys Authenticator Valid/ Pattern Invalid TGS Shared secret
  12. 12. Shield Session Management:  Date and Time the user requested the access .  Duration of the user request.  Ticket lifetime. User logs: [ Time, User, Session Time, Access/Denied ] Establishes a secure communication channel between User and IMD by acting as a relay. Shield User Secure Channel Secure Channel IMD
  13. 13. Start Listen to the incoming request Deny Accept Accept Check Validate Block the the log the userconnection Initiate Connection Deny the connection Add to log
  14. 14. Security Issues Addressed• Attacker Directly contacts the IMD• Using Fake User ID and Password to authenticate• Sending Expired Ticket to TGS or Shield Server• Sending Fake Ticket to TGS or Shield Server
  15. 15. DEMOSHIELD USER TGS  Communication between devices via Sockets  Programing Language: Java  Java CryptoX package used for security. IMD AUTHENTICATOR
  16. 16. Test Cases Expired Ticket Invalid Ticket Invalid User access Pattern User Trying to Contact the IMD Directly Session Management
  17. 17. Future Enhancements System needs to handle simultaneous user request The user and shield can to be implemented on a mobile device. Incorporate Key Exchange. Incorporate Log Auditing. The Log File At the Shield can be synchronized with the Authentication server
  18. 18. Sources[1] Daniel Halperin, Thomas S. Heydt-benjamin, Kevin Fu, Tadayoshi Kohno, William H. Maisel“Security and Privacy for Implantable Medical Devices”, IEEE Pervasive Computing, vol 7, no.1,pp. 30-39, 2008.[2] Daniel Halperin, Kevin Fu, Shaun S.Clark, Pacemakers and Implantable CardiacDefibrillators: Software Radio Attacks and Zero-Power Defenses, IEEE Symposium on Securityand Privacy 2008.[3][4] K. Fu, “Inside risks: reducing risks of implantable medical devices,” Communications of theACM,vol. 52, pp: 25-27, Jun. 2009.[5] K. Malasri and L. Wang, “Securing wireless implantable devices for healthcare: ideas andchallenges,” IEEE Communications, vol. 47, pp: 74-80, Jul. 2009[6] Xiali Hei, Xiaojiang Du, Jie Wu, Fei Hu “Defending Resource Depletion Attacks onImplantable edical Devices”, Global Telecommunication Conference-GLOBECOM,pMp 1-5,2010.[7] B. E. Boser, I. M. Guyon, and V. N. Vapnik, “A training algorithm for optimal marginclassifiers,” In Proc. of the 5th Annual ACM Workshop on COLT, pp: 144-152, 1992.[8] S. Cherukuri, K. K. Venkatasubramanian, and S. K. S. Gupta, “Biosec: a biometric basedapproach for securing communication in wireless networks of biosensors implanted in thehuman body,” In Proc. of Intl. Conf. on Parallel Processing Workshops, pp: 432-439, 2003.