PIPAC: Patient infusion pattern based access control scheme for wireless insulin pump system

Wireless insulin pumps have been widely deployed in hospitals and home healthcare systems. Most of these insulin pump systems have limited security mechanisms embedded to protect them from malicious attacks. In this paper, two attacks against insulin pump systems via wireless links are investigated: a single acute overdose with a significant amount of medication, and chronic overdose with an insignificant amount of extra medication over a long time period, e.g., several months. These attacks can be launched unobtrusively and may jeopardize patients' lives. It is very important and urgent to protect patients from these attacks. To address this issue, we propose a novel patient infusion pattern based access control scheme (PIPAC) for wireless insulin pumps. This scheme employs a supervised learning approach to learn normal patient infusions pattern with the dosage amount, rate, and time of infusion, which are automatically recorded in insulin pump logs. The generated regression models are used to dynamically configure a safety infusion range for abnormal infusion identification. The proposed algorithm is evaluated with real insulin pump logs used by several patients for up to 6 months. The evaluation results demonstrate that our scheme can reliably detect the single overdose attack with a success rate up to 98% and defend against the chronic overdose attack with a very high success rate.

[1]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[2]  Yuguang Fang,et al.  HCPP: Cryptography Based Secure EHR System for Patient Privacy and Emergency Healthcare , 2011, 2011 31st International Conference on Distributed Computing Systems.

[3]  Chieh-Yih Wan,et al.  A context-management framework for telemedicine: an emergency medicine case study , 2010, Wireless Health.

[4]  Chunxiao Li System design and verification methodologies for secure computing , 2012 .

[5]  Niraj K. Jha,et al.  Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system , 2011, 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services.

[6]  Srdjan Capkun,et al.  Jamming-resistant Broadcast Communication without Shared Keys , 2009, USENIX Security Symposium.

[7]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[8]  Fengyuan Xu,et al.  IMDGuard: Securing implantable medical devices with the external wearable guardian , 2011, 2011 Proceedings IEEE INFOCOM.

[9]  E. Freudenthal,et al.  Practical Techniques for Limiting Disclosure of RF-Equipped Medical Devices , 2007, 2007 IEEE Dallas Engineering in Medicine and Biology Workshop.

[10]  Wenyuan Xu,et al.  Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors , 2013, 2013 IEEE Symposium on Security and Privacy.

[11]  Tibor Deutsch,et al.  Incorporating a Generic Model of Subcutaneous Insulin Absorption into the AIDA v4 Diabetes Simulator 2. Preliminary Bench Testing , 2007, Journal of diabetes science and technology.

[12]  P. Inchingolo,et al.  MEDICAL DATA PROTECTION WITH A NEW GENERATION OF HARDWARE AUTHENTICATION TOKENS , 2001 .

[13]  Li Li,et al.  A mobile health system design for home and community use , 2012, Proceedings of 2012 IEEE-EMBS International Conference on Biomedical and Health Informatics.

[14]  Georg Bretthauer,et al.  Block cipher based security for severely resource-constrained implantable medical devices , 2011, ISABEL '11.

[15]  Xiaohui Liang,et al.  Enabling pervasive healthcare with privacy preservation in smart community , 2012, 2012 IEEE International Conference on Communications (ICC).

[16]  Saied Hosseini-Khayat A lightweight security protocol for ultra-low power ASIC implementation for wireless Implantable Medical Devices , 2011, 2011 5th International Symposium on Medical Information and Communication Technology.

[17]  Yi Zhang,et al.  Safety-assured development of the GPCA infusion pump software , 2011, 2011 Proceedings of the Ninth ACM International Conference on Embedded Software (EMSOFT).

[18]  Srdjan Capkun,et al.  Proximity-based access control for implantable medical devices , 2009, CCS.

[19]  Yi Zhang,et al.  A Hazard Analysis for a Generic Insulin Infusion Pump , 2010, Journal of diabetes science and technology.

[20]  Kevin Fu,et al.  Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security , 2008, HotSec.

[21]  Xiaojiang Du,et al.  Biometric-based two-level secure access control for Implantable Medical Devices during emergencies , 2011, 2011 Proceedings IEEE INFOCOM.

[22]  Kevin Fu,et al.  They can hear your heartbeats: non-invasive security for implantable medical devices , 2011, SIGCOMM.

[23]  Xiaojiang Du,et al.  Poster: near field communication based access control for wireless medical devices , 2014, MobiHoc '14.

[24]  Chenyang Lu,et al.  Reliable clinical monitoring using wireless sensor networks: experiences in a step-down hospital unit , 2010, SenSys '10.

[25]  Jie Wu,et al.  Defending Resource Depletion Attacks on Implantable Medical Devices , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.