SlideShare a Scribd company logo

Cse727

Meenakshi Muthuraman
Meenakshi Muthuraman
TechnologyBusiness
1 of 27
Download to read offline
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses CSE 727 - Spring 2014 Seminar in Wireless Network Security Principles and Practices Professor Shambhu Upadhyaya Meenakshi Muthuraman & Bich Vu
● D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohmo, and W. H. Maisel. “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses” in IEEE Symposium on Security and Privacy, Oakland, CA, 2008, pp. 129-142.
Agenda ● Introduction to implantable medical devices ● Security attacks ● Security mechanisms
Implantable Medical Devices (IMD) Pacemakers ● Medical device used to restore heartbeat to normal (uses electrodes) ● About the size of a small coin ● Placed under the skin - near the heart ● Between 1992 and 2006 2.6 Million pacemakers and ICDs were implanted in patients in the US
Implantable Medical Devices (IMD) Neurostimulators ● Delivers electric signals to the epidural space near the spine ● About the size of a stop watch ● Reduces chronic pain ● Sends electronic signals to the brain faster than the pain signal
● Introduced in 2003 ● Uses electric pulses or shocks to restore heart beat ● Especially used during a cardiac arrest ● Typically include wires that pass through a vein to the right chamber of the heart ● Communicates with external programmer at 175 kHz frequency Implantable Cardioverter Defibrillator (ICD) Implantable Medical Devices (IMD)
ICD Post Surgery medical practitioner can use external programmer for : ● Perform diagnostics ● Read/Write private data ● Adjust therapy settings
Magnetic Switch ● Located within the ICD ● Used to send telemetry data and electrocardiogram readings Wireless Communications ● 175 kHz for short range communications ● 402 - 405 MHz (Medical Implant Communications Band) for long range communications
Motivation ● ICD discloses sensitive information in clear ● Reprogramming attacks (attacks that change the operation of the device) have been conducted ● Denial of service attacks have been performed ● Attacks can be performed within the range of a few centimeters using a specially configured radio device
Proposed Defence ● 3 different deterrence and prevention mechanisms ● Zero-power Defenses - draw no power from the primary battery ● Zero-power Notification ● Zero-power Authentication ● Sensible Security
Wireless Identification and Sensing Platform (WISP) ● WISP is a family of sensors that are powered and read by UHF RFID readers ● They do not require batteries ● They harvest their power from RF signal generated by the reader ● It is open source
Security Model Possible types of attacks : 1. An adversary with an commercial ICD programmer 2. Passive Attacks 3. Active Attacks
Tools used to reverse-engineer attacks ● Commercial ICD programmer ● Software radio (Universal Software Radio Peripheral - USRP) ● Oscilloscope ● Device Used for study ➢ Medtronic Maximo DR VVE-DDDR model #7278 ICD ● Threats ➢ Vital information life patient details and vital signals of the patient are transmitted in clear
Reverse Engineering Transmissions ● ICD and the programmer use the same encoding scheme but different modulation schemes ● Programmer uses binary frequency shift keying (2-FSK) for modulation ● ICD uses differential binary phase shift keying (DBPSK) for modulation ● Encoded using Non-Return-to-Zero Inverted (NRZI) with bit stuffing
Conversation between ICD and programmer
Attacks Performed Replay attacks ● ICD Identification ● Disclosing patient data ● Disclosing cardiac data (32 packets/second) ● Changing the patient's name (10 attempts) ● Setting ICD’s clock (10 attempts) ● Changing therapies (24 attempts) ● Denial of service (esp. with respect to power consumption) ● Inducing Fibrillation (electro psychological test)
Test mode ● Safety mechanisms are enforced in the ICD programmers software so that the physician can not accidently active test mode ● But can be induced using USRP systems ● Solution Proposed : “we argue that if any IMD exhibits a test procedure T for some property P, and if there are no medical reasons for conducting procedure T other than testing property P , then it should be impossible to trigger T unless P is enabled.”
Zero Power Notification ● Cryptographic keys - hinders emergency response ● Must not consume a lot of energy ● Harvests power from RF energy ● Uses Piezo-elements to alert user ● Uses Wireless Identification and Sensing Platform (WISP) that contains a RFID circuitry and a microcontroller with 256 Bytes RAM and 8KB memory
Evaluation ● Standard - Sound Pressure Level ● Buzzing peaks at 67 dB SPL at 1m ● Simulation : Device implanted beneath 1cm of Bacon and 4 cm of 85% lean ground beef ● Measured 84 dB SPL at a distance of 1m
Evaluation
Zero Power Authentication ● Harvests RF energy to power a cryptographic protocol that authenticates requests from external device programmer ● Challenge response protocol based on RC5-32/12/16 ● Master Key - Km ● IMD identity I ● IMD specific key K = (Km ,I)
Zero Power Sensible Key Exchange ● Complements above 2 defence techniques ● Primary goal is to allow the user to know that a key exchange is happening ● Programmer initiates the protocol by supplying unmodulated RF signal ● IMD generates a random no to be used as session key and modulates it as sound wave ● The sound wave can only be read and demodulated by a reader with a microphone situated close to the patients body ● Can latter be used for long range communication
Future Work ● Access for previously unauthorized users during emergency situations ● Next generation IMDs with more networking abilities should not rely solely on external mechanisms for security. ● Device manufacturers must not view external devices like external programmers as trusted computing base for IMDs ● Ensure that all devices used do not harm the human body
References ● D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohmo, and W. H. Maisel. “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses” in IEEE Symposium on Security and Privacy, Oakland, CA, 2008, pp. 129-142. ● D. Halperin, T. S. Heydt-Benjamin, K. Fu, T. Kohno, and W. H. Maisel. “Security and privacy for implantable medical devices. IEEE Pervasive Computing, Special Issue on Implantable Electronics, January 2008.” ● WISP - http://sensor.cs.washington.edu/WISP.html
Cse727

Recommended

IR remote control system
IR remote control systemIR remote control system
IR remote control systemnewaz30
 
Implementation of patient monitoring system using gsm technology 2
Implementation of patient monitoring system using gsm technology 2Implementation of patient monitoring system using gsm technology 2
Implementation of patient monitoring system using gsm technology 2IAEME Publication
 
Infrared Remote Control Switch
Infrared Remote Control SwitchInfrared Remote Control Switch
Infrared Remote Control SwitchVivek Porwal
 
TV Remote Operated Domestic Appliances Control
TV Remote Operated Domestic Appliances ControlTV Remote Operated Domestic Appliances Control
TV Remote Operated Domestic Appliances ControlEdgefxkits & Solutions
 
102642452 infrared-remote-switch-project-report
102642452 infrared-remote-switch-project-report102642452 infrared-remote-switch-project-report
102642452 infrared-remote-switch-project-reportisnadh
 
Ir remote based 6 devices 1 fan
Ir remote based 6 devices 1 fanIr remote based 6 devices 1 fan
Ir remote based 6 devices 1 fanMarium Saleem
 
Controlling home appliances using remote (2)
Controlling home appliances using remote (2)Controlling home appliances using remote (2)
Controlling home appliances using remote (2)K Vivek Varkey
 
Remote control regulator
Remote control regulatorRemote control regulator
Remote control regulatorARUN S L
 

Recommended

IR remote control system
IR remote control systemIR remote control system
IR remote control systemnewaz30
 
Implementation of patient monitoring system using gsm technology 2
Implementation of patient monitoring system using gsm technology 2Implementation of patient monitoring system using gsm technology 2
Implementation of patient monitoring system using gsm technology 2IAEME Publication
 
Infrared Remote Control Switch
Infrared Remote Control SwitchInfrared Remote Control Switch
Infrared Remote Control SwitchVivek Porwal
 
TV Remote Operated Domestic Appliances Control
TV Remote Operated Domestic Appliances ControlTV Remote Operated Domestic Appliances Control
TV Remote Operated Domestic Appliances ControlEdgefxkits & Solutions
 
102642452 infrared-remote-switch-project-report
102642452 infrared-remote-switch-project-report102642452 infrared-remote-switch-project-report
102642452 infrared-remote-switch-project-reportisnadh
 
Ir remote based 6 devices 1 fan
Ir remote based 6 devices 1 fanIr remote based 6 devices 1 fan
Ir remote based 6 devices 1 fanMarium Saleem
 
Controlling home appliances using remote (2)
Controlling home appliances using remote (2)Controlling home appliances using remote (2)
Controlling home appliances using remote (2)K Vivek Varkey
 
Remote control regulator
Remote control regulatorRemote control regulator
Remote control regulatorARUN S L
 
Remote Controlled Home Appliance
Remote Controlled Home Appliance Remote Controlled Home Appliance
Remote Controlled Home Appliance Samir Ahmed Shimul
 
Remote controlling of home appliance by moniruzzaman iiuc
Remote controlling of home appliance by moniruzzaman iiuc Remote controlling of home appliance by moniruzzaman iiuc
Remote controlling of home appliance by moniruzzaman iiuc Md Moneruzzman
 
-1348064572-13. electronics - ijeceierd - design and - sapna katiyar - unpaid
-1348064572-13. electronics - ijeceierd - design and - sapna katiyar - unpaid -1348064572-13. electronics - ijeceierd - design and - sapna katiyar - unpaid
-1348064572-13. electronics - ijeceierd - design and - sapna katiyar - unpaidsairamreddy siddu
 
Remote Control Circuit.
Remote Control Circuit.Remote Control Circuit.
Remote Control Circuit.Maruf Priyo
 
Infrared Remote Controlled Devices
Infrared Remote Controlled DevicesInfrared Remote Controlled Devices
Infrared Remote Controlled DevicesNarayan Jaiswal
 
Ir switch & remote control
Ir switch & remote controlIr switch & remote control
Ir switch & remote controlVikas Pawar
 
Remote control for home appliances
Remote control for home appliancesRemote control for home appliances
Remote control for home appliancesBharath University
 
Gesture based appliance control
Gesture based appliance controlGesture based appliance control
Gesture based appliance controljoshimanu
 
Controlling a home appliance using IR remote
Controlling a home appliance using IR remoteControlling a home appliance using IR remote
Controlling a home appliance using IR remoteChittaranjan Baliarsingh
 
CONTROLLING HOME APPLIANCES USING REMOTE(1)
CONTROLLING HOME APPLIANCES USING REMOTE(1)CONTROLLING HOME APPLIANCES USING REMOTE(1)
CONTROLLING HOME APPLIANCES USING REMOTE(1)Ambar Gupta
 
An electronic switch sensor with a point to-point intrusive monitoring system
An electronic switch sensor with a point to-point intrusive monitoring systemAn electronic switch sensor with a point to-point intrusive monitoring system
An electronic switch sensor with a point to-point intrusive monitoring systemZac Darcy
 
Infrared control
Infrared controlInfrared control
Infrared controlNitesh Jha
 
MICROCONTROLLER BASED IR FOR HOME APPLICATION
MICROCONTROLLER BASED IR FOR HOME APPLICATIONMICROCONTROLLER BASED IR FOR HOME APPLICATION
MICROCONTROLLER BASED IR FOR HOME APPLICATIONJahir Hussain
 
A Smart Handheld Measuring and Testing Electronic Device with Touch Screen
A Smart Handheld Measuring and Testing Electronic Device with Touch ScreenA Smart Handheld Measuring and Testing Electronic Device with Touch Screen
A Smart Handheld Measuring and Testing Electronic Device with Touch ScreenIJTET Journal
 
Dry contact sensor with temperature sensor start guide
Dry contact sensor with temperature sensor start guideDry contact sensor with temperature sensor start guide
Dry contact sensor with temperature sensor start guideDomotica daVinci
 
Touch Screen Based Home Automation System
Touch Screen Based Home Automation SystemTouch Screen Based Home Automation System
Touch Screen Based Home Automation SystemEdgefxkits & Solutions
 
Mems based hand gesture controlled robot
Mems based hand gesture controlled robotMems based hand gesture controlled robot
Mems based hand gesture controlled robotSriteja Rst
 
Touchscreenbasedhomeautomationsystem dca
Touchscreenbasedhomeautomationsystem dcaTouchscreenbasedhomeautomationsystem dca
Touchscreenbasedhomeautomationsystem dcavision2d16
 
Tidc2007 cardionet
Tidc2007 cardionetTidc2007 cardionet
Tidc2007 cardionetArpan Pal
 
Gesture Control Robot
Gesture Control RobotGesture Control Robot
Gesture Control Robotnikhilsaini25
 
Implementation of dijsktra’s algorithm in parallel
Implementation of dijsktra’s algorithm in parallelImplementation of dijsktra’s algorithm in parallel
Implementation of dijsktra’s algorithm in parallelMeenakshi Muthuraman
 
Cyprus 2011 complexity extreme bursts and volatility bunching in solar terres...
Cyprus 2011 complexity extreme bursts and volatility bunching in solar terres...Cyprus 2011 complexity extreme bursts and volatility bunching in solar terres...
Cyprus 2011 complexity extreme bursts and volatility bunching in solar terres...Nick Watkins
 

More Related Content

What's hot

Remote Controlled Home Appliance
Remote Controlled Home Appliance Remote Controlled Home Appliance
Remote Controlled Home Appliance Samir Ahmed Shimul
 
Remote controlling of home appliance by moniruzzaman iiuc
Remote controlling of home appliance by moniruzzaman iiuc Remote controlling of home appliance by moniruzzaman iiuc
Remote controlling of home appliance by moniruzzaman iiuc Md Moneruzzman
 
-1348064572-13. electronics - ijeceierd - design and - sapna katiyar - unpaid
-1348064572-13. electronics - ijeceierd - design and - sapna katiyar - unpaid -1348064572-13. electronics - ijeceierd - design and - sapna katiyar - unpaid
-1348064572-13. electronics - ijeceierd - design and - sapna katiyar - unpaidsairamreddy siddu
 
Remote Control Circuit.
Remote Control Circuit.Remote Control Circuit.
Remote Control Circuit.Maruf Priyo
 
Infrared Remote Controlled Devices
Infrared Remote Controlled DevicesInfrared Remote Controlled Devices
Infrared Remote Controlled DevicesNarayan Jaiswal
 
Ir switch & remote control
Ir switch & remote controlIr switch & remote control
Ir switch & remote controlVikas Pawar
 
Remote control for home appliances
Remote control for home appliancesRemote control for home appliances
Remote control for home appliancesBharath University
 
Gesture based appliance control
Gesture based appliance controlGesture based appliance control
Gesture based appliance controljoshimanu
 
Controlling a home appliance using IR remote
Controlling a home appliance using IR remoteControlling a home appliance using IR remote
Controlling a home appliance using IR remoteChittaranjan Baliarsingh
 
CONTROLLING HOME APPLIANCES USING REMOTE(1)
CONTROLLING HOME APPLIANCES USING REMOTE(1)CONTROLLING HOME APPLIANCES USING REMOTE(1)
CONTROLLING HOME APPLIANCES USING REMOTE(1)Ambar Gupta
 
An electronic switch sensor with a point to-point intrusive monitoring system
An electronic switch sensor with a point to-point intrusive monitoring systemAn electronic switch sensor with a point to-point intrusive monitoring system
An electronic switch sensor with a point to-point intrusive monitoring systemZac Darcy
 
Infrared control
Infrared controlInfrared control
Infrared controlNitesh Jha
 
MICROCONTROLLER BASED IR FOR HOME APPLICATION
MICROCONTROLLER BASED IR FOR HOME APPLICATIONMICROCONTROLLER BASED IR FOR HOME APPLICATION
MICROCONTROLLER BASED IR FOR HOME APPLICATIONJahir Hussain
 
A Smart Handheld Measuring and Testing Electronic Device with Touch Screen
A Smart Handheld Measuring and Testing Electronic Device with Touch ScreenA Smart Handheld Measuring and Testing Electronic Device with Touch Screen
A Smart Handheld Measuring and Testing Electronic Device with Touch ScreenIJTET Journal
 
Dry contact sensor with temperature sensor start guide
Dry contact sensor with temperature sensor start guideDry contact sensor with temperature sensor start guide
Dry contact sensor with temperature sensor start guideDomotica daVinci
 
Touch Screen Based Home Automation System
Touch Screen Based Home Automation SystemTouch Screen Based Home Automation System
Touch Screen Based Home Automation SystemEdgefxkits & Solutions
 
Mems based hand gesture controlled robot
Mems based hand gesture controlled robotMems based hand gesture controlled robot
Mems based hand gesture controlled robotSriteja Rst
 
Touchscreenbasedhomeautomationsystem dca
Touchscreenbasedhomeautomationsystem dcaTouchscreenbasedhomeautomationsystem dca
Touchscreenbasedhomeautomationsystem dcavision2d16
 
Tidc2007 cardionet
Tidc2007 cardionetTidc2007 cardionet
Tidc2007 cardionetArpan Pal
 
Gesture Control Robot
Gesture Control RobotGesture Control Robot
Gesture Control Robotnikhilsaini25
 

What's hot (20)

Remote Controlled Home Appliance
Remote Controlled Home Appliance Remote Controlled Home Appliance
Remote Controlled Home Appliance
 
Remote controlling of home appliance by moniruzzaman iiuc
Remote controlling of home appliance by moniruzzaman iiuc Remote controlling of home appliance by moniruzzaman iiuc
Remote controlling of home appliance by moniruzzaman iiuc
 
-1348064572-13. electronics - ijeceierd - design and - sapna katiyar - unpaid
-1348064572-13. electronics - ijeceierd - design and - sapna katiyar - unpaid -1348064572-13. electronics - ijeceierd - design and - sapna katiyar - unpaid
-1348064572-13. electronics - ijeceierd - design and - sapna katiyar - unpaid
 
Remote Control Circuit.
Remote Control Circuit.Remote Control Circuit.
Remote Control Circuit.
 
Infrared Remote Controlled Devices
Infrared Remote Controlled DevicesInfrared Remote Controlled Devices
Infrared Remote Controlled Devices
 
Ir switch & remote control
Ir switch & remote controlIr switch & remote control
Ir switch & remote control
 
Remote control for home appliances
Remote control for home appliancesRemote control for home appliances
Remote control for home appliances
 
Gesture based appliance control
Gesture based appliance controlGesture based appliance control
Gesture based appliance control
 
Controlling a home appliance using IR remote
Controlling a home appliance using IR remoteControlling a home appliance using IR remote
Controlling a home appliance using IR remote
 
CONTROLLING HOME APPLIANCES USING REMOTE(1)
CONTROLLING HOME APPLIANCES USING REMOTE(1)CONTROLLING HOME APPLIANCES USING REMOTE(1)
CONTROLLING HOME APPLIANCES USING REMOTE(1)
 
An electronic switch sensor with a point to-point intrusive monitoring system
An electronic switch sensor with a point to-point intrusive monitoring systemAn electronic switch sensor with a point to-point intrusive monitoring system
An electronic switch sensor with a point to-point intrusive monitoring system
 
Infrared control
Infrared controlInfrared control
Infrared control
 
MICROCONTROLLER BASED IR FOR HOME APPLICATION
MICROCONTROLLER BASED IR FOR HOME APPLICATIONMICROCONTROLLER BASED IR FOR HOME APPLICATION
MICROCONTROLLER BASED IR FOR HOME APPLICATION
 
A Smart Handheld Measuring and Testing Electronic Device with Touch Screen
A Smart Handheld Measuring and Testing Electronic Device with Touch ScreenA Smart Handheld Measuring and Testing Electronic Device with Touch Screen
A Smart Handheld Measuring and Testing Electronic Device with Touch Screen
 
Dry contact sensor with temperature sensor start guide
Dry contact sensor with temperature sensor start guideDry contact sensor with temperature sensor start guide
Dry contact sensor with temperature sensor start guide
 
Touch Screen Based Home Automation System
Touch Screen Based Home Automation SystemTouch Screen Based Home Automation System
Touch Screen Based Home Automation System
 
Mems based hand gesture controlled robot
Mems based hand gesture controlled robotMems based hand gesture controlled robot
Mems based hand gesture controlled robot
 
Touchscreenbasedhomeautomationsystem dca
Touchscreenbasedhomeautomationsystem dcaTouchscreenbasedhomeautomationsystem dca
Touchscreenbasedhomeautomationsystem dca
 
Tidc2007 cardionet
Tidc2007 cardionetTidc2007 cardionet
Tidc2007 cardionet
 
Gesture Control Robot
Gesture Control RobotGesture Control Robot
Gesture Control Robot
 

Viewers also liked

Implementation of dijsktra’s algorithm in parallel
Implementation of dijsktra’s algorithm in parallelImplementation of dijsktra’s algorithm in parallel
Implementation of dijsktra’s algorithm in parallelMeenakshi Muthuraman
 
Cyprus 2011 complexity extreme bursts and volatility bunching in solar terres...
Cyprus 2011 complexity extreme bursts and volatility bunching in solar terres...Cyprus 2011 complexity extreme bursts and volatility bunching in solar terres...
Cyprus 2011 complexity extreme bursts and volatility bunching in solar terres...Nick Watkins
 
Re/Mastering Theses at The Ohio State University
Re/Mastering Theses at The Ohio State University Re/Mastering Theses at The Ohio State University
Re/Mastering Theses at The Ohio State University Emily Frieda Shaw
 
Playground Safety; CD M23
Playground Safety; CD M23 Playground Safety; CD M23
Playground Safety; CD M23 nloehner
 
Venice 2012 Two topics in the history of complexity: Bunched Black Swans and ...
Venice 2012 Two topics in the history of complexity: Bunched Black Swans and ...Venice 2012 Two topics in the history of complexity: Bunched Black Swans and ...
Venice 2012 Two topics in the history of complexity: Bunched Black Swans and ...Nick Watkins
 
2チケット&計測」書籍で訴えたい
2チケット&計測」書籍で訴えたい2チケット&計測」書籍で訴えたい
2チケット&計測」書籍で訴えたいYoshiki Mitani
 
20140407內湖花市
20140407內湖花市20140407內湖花市
20140407內湖花市志銘 江
 
Jenis jenis teks ( 5 teks)
Jenis jenis teks ( 5 teks)Jenis jenis teks ( 5 teks)
Jenis jenis teks ( 5 teks)Eva Dian Wahyu S
 
What goes where? Bringing a new repository online at the Ohio State Universit...
What goes where? Bringing a new repository online at the Ohio State Universit...What goes where? Bringing a new repository online at the Ohio State Universit...
What goes where? Bringing a new repository online at the Ohio State Universit...Emily Frieda Shaw
 
Industrial Microbiology of Molds
Industrial Microbiology of Molds Industrial Microbiology of Molds
Industrial Microbiology of MoldsDuithy George
 

Viewers also liked (14)

Implementation of dijsktra’s algorithm in parallel
Implementation of dijsktra’s algorithm in parallelImplementation of dijsktra’s algorithm in parallel
Implementation of dijsktra’s algorithm in parallel
 
Cyprus 2011 complexity extreme bursts and volatility bunching in solar terres...
Cyprus 2011 complexity extreme bursts and volatility bunching in solar terres...Cyprus 2011 complexity extreme bursts and volatility bunching in solar terres...
Cyprus 2011 complexity extreme bursts and volatility bunching in solar terres...
 
ITIL Introduction
ITIL IntroductionITIL Introduction
ITIL Introduction
 
Re/Mastering Theses at The Ohio State University
Re/Mastering Theses at The Ohio State University Re/Mastering Theses at The Ohio State University
Re/Mastering Theses at The Ohio State University
 
Playground Safety; CD M23
Playground Safety; CD M23 Playground Safety; CD M23
Playground Safety; CD M23
 
Grafico02020202
Grafico02020202Grafico02020202
Grafico02020202
 
Venice 2012 Two topics in the history of complexity: Bunched Black Swans and ...
Venice 2012 Two topics in the history of complexity: Bunched Black Swans and ...Venice 2012 Two topics in the history of complexity: Bunched Black Swans and ...
Venice 2012 Two topics in the history of complexity: Bunched Black Swans and ...
 
2チケット&計測」書籍で訴えたい
2チケット&計測」書籍で訴えたい2チケット&計測」書籍で訴えたい
2チケット&計測」書籍で訴えたい
 
20140407內湖花市
20140407內湖花市20140407內湖花市
20140407內湖花市
 
Inisiasi polipeptida pada translasi
Inisiasi polipeptida pada translasiInisiasi polipeptida pada translasi
Inisiasi polipeptida pada translasi
 
Jenis jenis teks ( 5 teks)
Jenis jenis teks ( 5 teks)Jenis jenis teks ( 5 teks)
Jenis jenis teks ( 5 teks)
 
What goes where? Bringing a new repository online at the Ohio State Universit...
What goes where? Bringing a new repository online at the Ohio State Universit...What goes where? Bringing a new repository online at the Ohio State Universit...
What goes where? Bringing a new repository online at the Ohio State Universit...
 
CSE633
CSE633CSE633
CSE633
 
Industrial Microbiology of Molds
Industrial Microbiology of Molds Industrial Microbiology of Molds
Industrial Microbiology of Molds
 

Similar to Cse727

Home Automation/Smart Home/Power Reduction Mechanism
Home Automation/Smart Home/Power Reduction MechanismHome Automation/Smart Home/Power Reduction Mechanism
Home Automation/Smart Home/Power Reduction MechanismYOGEESH M
 
Paper id 21201422
Paper id 21201422Paper id 21201422
Paper id 21201422IJRAT
 
Intra body communication in biomedical 1
Intra body communication in biomedical 1Intra body communication in biomedical 1
Intra body communication in biomedical 1suvedhajeyaraman
 
Remote-Monitoring and Energy-Saving Room Architecture with Security System ba...
Remote-Monitoring and Energy-Saving Room Architecture with Security System ba...Remote-Monitoring and Energy-Saving Room Architecture with Security System ba...
Remote-Monitoring and Energy-Saving Room Architecture with Security System ba...Praveen Reddy
 
254997587-Gsm-Based-Patient-Health-Monitoring-System (1).pptx
254997587-Gsm-Based-Patient-Health-Monitoring-System (1).pptx254997587-Gsm-Based-Patient-Health-Monitoring-System (1).pptx
254997587-Gsm-Based-Patient-Health-Monitoring-System (1).pptxKIYALIBAN1
 
Light Automation System Using Bidirectional Visitor Counter
Light Automation System Using Bidirectional Visitor CounterLight Automation System Using Bidirectional Visitor Counter
Light Automation System Using Bidirectional Visitor CounterRituraj Singh
 
Light Automation System Using Bidirectional Visitor Counter
Light Automation System Using Bidirectional Visitor CounterLight Automation System Using Bidirectional Visitor Counter
Light Automation System Using Bidirectional Visitor CounterRituraj Singh
 
heart rate monitoring using mobile technology
heart rate monitoring using mobile technologyheart rate monitoring using mobile technology
heart rate monitoring using mobile technologyPawan Kumar Ganjhu
 
IOT BASED HEALTH MONITORING BY USING PULSE OXIMETER AND ECG
IOT BASED HEALTH MONITORING BY USING PULSE OXIMETER AND ECGIOT BASED HEALTH MONITORING BY USING PULSE OXIMETER AND ECG
IOT BASED HEALTH MONITORING BY USING PULSE OXIMETER AND ECGPonselvanV
 
Wireless sensor network
Wireless sensor networkWireless sensor network
Wireless sensor networkPREMKUMAR
 
Wireless Body Area network
Wireless Body Area networkWireless Body Area network
Wireless Body Area networkRajeev N
 
Live Human Detecting Robot for Earthquake Rescue Operation
Live Human Detecting Robot for Earthquake Rescue OperationLive Human Detecting Robot for Earthquake Rescue Operation
Live Human Detecting Robot for Earthquake Rescue Operationijcnes
 

Similar to Cse727 (20)

Securing Wireless IMD
Securing Wireless IMDSecuring Wireless IMD
Securing Wireless IMD
 
Home Automation/Smart Home/Power Reduction Mechanism
Home Automation/Smart Home/Power Reduction MechanismHome Automation/Smart Home/Power Reduction Mechanism
Home Automation/Smart Home/Power Reduction Mechanism
 
Paper id 21201422
Paper id 21201422Paper id 21201422
Paper id 21201422
 
Cj35483486
Cj35483486Cj35483486
Cj35483486
 
Intra body communication in biomedical 1
Intra body communication in biomedical 1Intra body communication in biomedical 1
Intra body communication in biomedical 1
 
J04701080085
J04701080085J04701080085
J04701080085
 
Kv2518941899
Kv2518941899Kv2518941899
Kv2518941899
 
Kv2518941899
Kv2518941899Kv2518941899
Kv2518941899
 
Presentation22
Presentation22Presentation22
Presentation22
 
Secret key generation
Secret key generationSecret key generation
Secret key generation
 
Remote-Monitoring and Energy-Saving Room Architecture with Security System ba...
Remote-Monitoring and Energy-Saving Room Architecture with Security System ba...Remote-Monitoring and Energy-Saving Room Architecture with Security System ba...
Remote-Monitoring and Energy-Saving Room Architecture with Security System ba...
 
254997587-Gsm-Based-Patient-Health-Monitoring-System (1).pptx
254997587-Gsm-Based-Patient-Health-Monitoring-System (1).pptx254997587-Gsm-Based-Patient-Health-Monitoring-System (1).pptx
254997587-Gsm-Based-Patient-Health-Monitoring-System (1).pptx
 
Light Automation System Using Bidirectional Visitor Counter
Light Automation System Using Bidirectional Visitor CounterLight Automation System Using Bidirectional Visitor Counter
Light Automation System Using Bidirectional Visitor Counter
 
Light Automation System Using Bidirectional Visitor Counter
Light Automation System Using Bidirectional Visitor CounterLight Automation System Using Bidirectional Visitor Counter
Light Automation System Using Bidirectional Visitor Counter
 
heart rate monitoring using mobile technology
heart rate monitoring using mobile technologyheart rate monitoring using mobile technology
heart rate monitoring using mobile technology
 
IOT BASED HEALTH MONITORING BY USING PULSE OXIMETER AND ECG
IOT BASED HEALTH MONITORING BY USING PULSE OXIMETER AND ECGIOT BASED HEALTH MONITORING BY USING PULSE OXIMETER AND ECG
IOT BASED HEALTH MONITORING BY USING PULSE OXIMETER AND ECG
 
final
finalfinal
final
 
Wireless sensor network
Wireless sensor networkWireless sensor network
Wireless sensor network
 
Wireless Body Area network
Wireless Body Area networkWireless Body Area network
Wireless Body Area network
 
Live Human Detecting Robot for Earthquake Rescue Operation
Live Human Detecting Robot for Earthquake Rescue OperationLive Human Detecting Robot for Earthquake Rescue Operation
Live Human Detecting Robot for Earthquake Rescue Operation
 

Recently uploaded

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 

Recently uploaded (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 

Cse727

  • 1. Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses CSE 727 - Spring 2014 Seminar in Wireless Network Security Principles and Practices Professor Shambhu Upadhyaya Meenakshi Muthuraman & Bich Vu
  • 2. ● D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohmo, and W. H. Maisel. “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses” in IEEE Symposium on Security and Privacy, Oakland, CA, 2008, pp. 129-142.
  • 3. Agenda ● Introduction to implantable medical devices ● Security attacks ● Security mechanisms
  • 4. Implantable Medical Devices (IMD) Pacemakers ● Medical device used to restore heartbeat to normal (uses electrodes) ● About the size of a small coin ● Placed under the skin - near the heart ● Between 1992 and 2006 2.6 Million pacemakers and ICDs were implanted in patients in the US
  • 5. Implantable Medical Devices (IMD) Neurostimulators ● Delivers electric signals to the epidural space near the spine ● About the size of a stop watch ● Reduces chronic pain ● Sends electronic signals to the brain faster than the pain signal
  • 6. ● Introduced in 2003 ● Uses electric pulses or shocks to restore heart beat ● Especially used during a cardiac arrest ● Typically include wires that pass through a vein to the right chamber of the heart ● Communicates with external programmer at 175 kHz frequency Implantable Cardioverter Defibrillator (ICD) Implantable Medical Devices (IMD)
  • 7. ICD Post Surgery medical practitioner can use external programmer for : ● Perform diagnostics ● Read/Write private data ● Adjust therapy settings
  • 8. Magnetic Switch ● Located within the ICD ● Used to send telemetry data and electrocardiogram readings Wireless Communications ● 175 kHz for short range communications ● 402 - 405 MHz (Medical Implant Communications Band) for long range communications
  • 9. Motivation ● ICD discloses sensitive information in clear ● Reprogramming attacks (attacks that change the operation of the device) have been conducted ● Denial of service attacks have been performed ● Attacks can be performed within the range of a few centimeters using a specially configured radio device
  • 10.
  • 11. Proposed Defence ● 3 different deterrence and prevention mechanisms ● Zero-power Defenses - draw no power from the primary battery ● Zero-power Notification ● Zero-power Authentication ● Sensible Security
  • 12. Wireless Identification and Sensing Platform (WISP) ● WISP is a family of sensors that are powered and read by UHF RFID readers ● They do not require batteries ● They harvest their power from RF signal generated by the reader ● It is open source
  • 13. Security Model Possible types of attacks : 1. An adversary with an commercial ICD programmer 2. Passive Attacks 3. Active Attacks
  • 14. Tools used to reverse-engineer attacks ● Commercial ICD programmer ● Software radio (Universal Software Radio Peripheral - USRP) ● Oscilloscope ● Device Used for study ➢ Medtronic Maximo DR VVE-DDDR model #7278 ICD ● Threats ➢ Vital information life patient details and vital signals of the patient are transmitted in clear
  • 15.
  • 16. Reverse Engineering Transmissions ● ICD and the programmer use the same encoding scheme but different modulation schemes ● Programmer uses binary frequency shift keying (2-FSK) for modulation ● ICD uses differential binary phase shift keying (DBPSK) for modulation ● Encoded using Non-Return-to-Zero Inverted (NRZI) with bit stuffing
  • 17. Conversation between ICD and programmer
  • 18. Attacks Performed Replay attacks ● ICD Identification ● Disclosing patient data ● Disclosing cardiac data (32 packets/second) ● Changing the patient's name (10 attempts) ● Setting ICD’s clock (10 attempts) ● Changing therapies (24 attempts) ● Denial of service (esp. with respect to power consumption) ● Inducing Fibrillation (electro psychological test)
  • 19. Test mode ● Safety mechanisms are enforced in the ICD programmers software so that the physician can not accidently active test mode ● But can be induced using USRP systems ● Solution Proposed : “we argue that if any IMD exhibits a test procedure T for some property P, and if there are no medical reasons for conducting procedure T other than testing property P , then it should be impossible to trigger T unless P is enabled.”
  • 20. Zero Power Notification ● Cryptographic keys - hinders emergency response ● Must not consume a lot of energy ● Harvests power from RF energy ● Uses Piezo-elements to alert user ● Uses Wireless Identification and Sensing Platform (WISP) that contains a RFID circuitry and a microcontroller with 256 Bytes RAM and 8KB memory
  • 21. Evaluation ● Standard - Sound Pressure Level ● Buzzing peaks at 67 dB SPL at 1m ● Simulation : Device implanted beneath 1cm of Bacon and 4 cm of 85% lean ground beef ● Measured 84 dB SPL at a distance of 1m
  • 23. Zero Power Authentication ● Harvests RF energy to power a cryptographic protocol that authenticates requests from external device programmer ● Challenge response protocol based on RC5-32/12/16 ● Master Key - Km ● IMD identity I ● IMD specific key K = (Km ,I)
  • 24. Zero Power Sensible Key Exchange ● Complements above 2 defence techniques ● Primary goal is to allow the user to know that a key exchange is happening ● Programmer initiates the protocol by supplying unmodulated RF signal ● IMD generates a random no to be used as session key and modulates it as sound wave ● The sound wave can only be read and demodulated by a reader with a microphone situated close to the patients body ● Can latter be used for long range communication
  • 25. Future Work ● Access for previously unauthorized users during emergency situations ● Next generation IMDs with more networking abilities should not rely solely on external mechanisms for security. ● Device manufacturers must not view external devices like external programmers as trusted computing base for IMDs ● Ensure that all devices used do not harm the human body
  • 26. References ● D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohmo, and W. H. Maisel. “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses” in IEEE Symposium on Security and Privacy, Oakland, CA, 2008, pp. 129-142. ● D. Halperin, T. S. Heydt-Benjamin, K. Fu, T. Kohno, and W. H. Maisel. “Security and privacy for implantable medical devices. IEEE Pervasive Computing, Special Issue on Implantable Electronics, January 2008.” ● WISP - http://sensor.cs.washington.edu/WISP.html