论文信息 - An authentication protocol for wearable medical devices

An authentication protocol for wearable medical devices

Wearable medical devices are playing more and more important roles in healthcare. Unlike the wired connection, the wireless connection between wearable devices and the remote servers are exceptionally vulnerable to malicious attacks, and poses threats to the safety and privacy of the patient health data. Therefore, wearable medical devices require the implementation of reliable measures to secure the wireless network communication. However, those devices usually have limited computational power that is not comparable with the desktop computer and thus, it is difficult to adopt the full-fledged security algorithm in software. In this study, we have developed an efficient authentication and encryption protocol for internetconnected wearable devices using the recognized standards of AES and SHA that can provide two-way authentication between wearable device and remote server and protection of patient privacy against various network threats. We have tested the feasibility of this protocol on the TI CC3200 Launchpad, an evaluation board of the CC3200, which is a Wi-Fi capable microcontroller designed for wearable devices and includes a hardware accelerated cryptography module for the implementation of the encryption algorithm. The microcontroller serves as the wearable device client and a Linux computer serves as the server. The embedded client software was written in ANSI C and the server software was written in Python.

Wei Lin | William J. Long

[1] Sean Turner,et al. Prohibiting Secure Sockets Layer (SSL) Version 2.0 , 2011, RFC.

[2] Lars R. Knudsen,et al. Advanced Encryption Standard (AES) - An Update , 1999, IMACC.

[3] Simon Heron,et al. Encryption: Advanced Encryption Standard (AES) , 2009 .

[4] Hugo Krawczyk,et al. HMAC-based Extract-and-Expand Key Derivation Function (HKDF) , 2010, RFC.

[5] Hugo Krawczyk,et al. HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[6] Kevin Fu,et al. Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[7] Sherali Zeadally,et al. Toward self-authenticable wearable devices , 2015, IEEE Wireless Communications.

[8] Kevin Fu,et al. They can hear your heartbeats: non-invasive security for implantable medical devices , 2011, SIGCOMM.

[9] Niraj K. Jha,et al. Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system , 2011, 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services.

[10] Morris J. Dworkin,et al. Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[11] Quynh H. Dang,et al. Secure Hash Standard | NIST , 2015 .