Proximity-based access control for implantable medical devices

We propose a proximity-based access control scheme for implantable medical devices (IMDs). Our scheme is based on ultrasonic distance-bounding and enables an implanted medical device to grant access to its resources only to those devices that are in its close proximity. We demonstrate the feasibility of our approach through tests in an emulated patient environment. We show that, although implanted, IMDs can successfully verify the proximity of other devices with high accuracy. We propose a set of protocols that support our scheme, analyze their security in detail and discuss possible extensions. We make new observations about the security of implementations of ultrasonic distance-bounding protocols. Finally, we discuss the integration of our scheme with existing IMD devices and with their existing security measures.

[1]  David A. Wagner,et al.  Secure verification of location claims , 2003, WiSe '03.

[2]  Markus G. Kuhn,et al.  So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks , 2006, ESAS.

[3]  T. D. Clark,et al.  Electric potential probes - new directions in the remote sensing of the human body , 2002 .

[4]  Srdjan Capkun,et al.  SECTOR: secure tracking of node encounters in multi-hop wireless networks , 2003, SASN '03.

[5]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[6]  Bart Preneel,et al.  Distance Bounding in Noisy Environments , 2007, ESAS.

[7]  D. S. Hale,et al.  Predicting intramuscular fat in beef longissimus muscle from speed of sound. , 1994, Journal of animal science.

[8]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[9]  Hari Balakrishnan,et al.  6th ACM/IEEE International Conference on on Mobile Computing and Networking (ACM MOBICOM ’00) The Cricket Location-Support System , 2022 .

[10]  P. Inchingolo,et al.  MEDICAL DATA PROTECTION WITH A NEW GENERATION OF HARDWARE AUTHENTICATION TOKENS , 2001 .

[11]  E. Freudenthal,et al.  Practical Techniques for Limiting Disclosure of RF-Equipped Medical Devices , 2007, 2007 IEEE Dallas Engineering in Medicine and Biology Workshop.

[12]  Kevin Fu,et al.  Security and Privacy for Implantable Medical Devices , 2008, IEEE Pervasive Comput..

[13]  Ghassan O. Karame,et al.  Integrity Regions: Authentication through Presence in Wireless Networks , 2006, IEEE Transactions on Mobile Computing.

[14]  Sandeep K. S. Gupta,et al.  Criticality aware access control model for pervasive applications , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[15]  Klaus Wehrle,et al.  Security for pervasive healthcare , 2009, 2009 6th Annual International Mobile and Ubiquitous Systems: Networking & Services, MobiQuitous.

[16]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[17]  Tim Kindberg,et al.  Validating and Securing Spontaneous Associations between Wireless Devices , 2003, ISC.

[18]  Srdjan Capkun,et al.  Location privacy of distance bounding protocols , 2008, CCS.

[19]  K. Fotopoulou,et al.  Optimum antenna coil structure for inductive powering of passive rfid tags , 2007, 2007 IEEE International Conference on RFID.

[20]  Sandeep K. S. Gupta,et al.  Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body , 2003, 2003 International Conference on Parallel Processing Workshops, 2003. Proceedings..

[21]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[22]  Srdjan Capkun,et al.  Secure positioning of wireless devices with application to sensor networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[23]  C. Israel,et al.  Pacemaker systems as implantable cardiac rhythm monitors. , 2001, The American journal of cardiology.

[24]  Kevin Fu,et al.  Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security , 2008, HotSec.

[25]  Tor Helleseth,et al.  Workshop on the theory and application of cryptographic techniques on Advances in cryptology , 1994 .