A review of security challenges, attacks and resolutions for wireless medical devices

Evolution of implantable medical devices for human beings has provided a radical new way for treating chronic diseases such as diabetes, cardiac arrhythmia, cochlear, gastric diseases etc. Implantable medical devices have provided a breakthrough in network transformation by enabling and accessing the technology on demand. However, with the advancement of these devices with respect to wireless communication and ability for outside caregiver to communicate wirelessly have increased its potential to impact the security, and breach in privacy of human beings. There are several vulnerable threats in wireless medical devices such as information harvesting, tracking the patient, impersonation, relaying attacks and denial of service attack. These threats violate confidentiality, integrity, availability properties of these devices. For securing implantable medical devices diverse solutions have been proposed ranging from machine learning techniques to hardware technologies. The present survey paper focusses on the challenges, threats and solutions pertaining to the privacy and safety issues of medical devices.

[1]  K K Venkatasubramanian,et al.  Interoperable Medical Devices , 2010, IEEE Pulse.

[2]  Meng Zhang,et al.  MedMon: Securing Medical Devices Through Wireless Monitoring and Anomaly Detection , 2013, IEEE Transactions on Biomedical Circuits and Systems.

[3]  Farinaz Koushanfar,et al.  Heart-to-heart (H2H): authentication for implanted medical devices , 2013, CCS.

[4]  Xiaojiang Du,et al.  Patient Infusion Pattern based Access Control Schemes for Wireless Insulin Pump System , 2015, IEEE Transactions on Parallel and Distributed Systems.

[5]  Miodrag Potkonjak,et al.  Semantic attacks on wireless medical devices , 2014, IEEE SENSORS 2014 Proceedings.

[6]  Peris-LopezPedro,et al.  Security and privacy issues in implantable medical devices , 2015 .

[7]  Heena Rathore Mapping Biological Systems to Network Systems , 2016 .

[8]  Kevin Fu,et al.  Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security , 2008, HotSec.

[9]  Xiaojiang Du,et al.  Biometric-based two-level secure access control for Implantable Medical Devices during emergencies , 2011, 2011 Proceedings IEEE INFOCOM.

[10]  Kevin Fu,et al.  They can hear your heartbeats: non-invasive security for implantable medical devices , 2011, SIGCOMM.

[11]  Juan E. Tapiador,et al.  Security and privacy issues in implantable medical devices: A comprehensive survey , 2015, J. Biomed. Informatics.

[12]  Amr M. Youssef,et al.  Security Tradeoffs in Cyber Physical Systems: A Case Study Survey on Implantable Medical Devices , 2016, IEEE Access.

[13]  Erchin Serpedin,et al.  Physical layer security for wireless implantable medical devices , 2015, 2015 IEEE 20th International Workshop on Computer Aided Modelling and Design of Communication Links and Networks (CAMAD).

[14]  Robert G. Hauser,et al.  Lessons From the Failure and Recall of an Implantable Cardioverter-Defibrillator , 2005, Circulation.

[15]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[16]  Eryk Dutkiewicz,et al.  An ECG-based Secret Data Sharing scheme supporting emergency treatment of Implantable Medical Devices , 2014, 2014 International Symposium on Wireless Personal Multimedia Communications (WPMC).

[17]  Fengyuan Xu,et al.  IMDGuard: Securing implantable medical devices with the external wearable guardian , 2011, 2011 Proceedings IEEE INFOCOM.

[18]  Farinaz Koushanfar,et al.  Balancing security and utility in Medical Devices? , 2013, 2013 50th ACM/EDAC/IEEE Design Automation Conference (DAC).

[19]  Kevin Fu,et al.  Recent Results in Computer Security for Medical Devices , 2011, MobiHealth.

[20]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[21]  Saied Hosseini-Khayat A lightweight security protocol for ultra-low power ASIC implementation for wireless Implantable Medical Devices , 2011, 2011 5th International Symposium on Medical Information and Communication Technology.

[22]  Sudipto Chakraborty,et al.  Fully Wireless Implantable Cardiovascular Pressure Monitor Integrated with a Medical Stent , 2010, IEEE Transactions on Biomedical Engineering.

[23]  Hyogon Kim,et al.  In-vivo NFC: remote monitoring of implanted medical devices with improved privacy , 2012, SenSys '12.

[24]  Srdjan Capkun,et al.  Proximity-based access control for implantable medical devices , 2009, CCS.

[25]  Colleen Swanson,et al.  SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks , 2014, 2014 IEEE Symposium on Security and Privacy.

[26]  Nancy G. Leveson,et al.  An investigation of the Therac-25 accidents , 1993, Computer.

[27]  Erchin Serpedin,et al.  A comparative review on the wireless implantable medical devices privacy and security , 2014, 2014 4th International Conference on Wireless Mobile Communication and Healthcare - Transforming Healthcare Through Innovations in Mobile and Wireless Technologies (MOBIHEALTH).

[28]  Jie Wu,et al.  Defending Resource Depletion Attacks on Implantable Medical Devices , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[29]  V. Muthukkumarasamy,et al.  Authenticated Key Establishment Protocols for a Home Health Care System , 2007, 2007 3rd International Conference on Intelligent Sensors, Sensor Networks and Information.

[30]  Kevin Fu,et al.  Security and Privacy for Implantable Medical Devices , 2008, IEEE Pervasive Comput..