Mitigating network-layer security attacks on authentication-enhanced openICE

Integrated Clinical Environment (ICE) is a standardized framework for achieving medical device interoperability. It utilizes high-level supervisory and medical apps and low-level communication middle-ware to coordinate medical devices to accomplish a shared clinical mission. With the potential to significantly improve healthcare productivity and reduce medical errors, the interoperability of medical devices also subjects ICE systems to unprecedented security threats. In this paper, we present a set of security attacks, namely interception, tampering, and replay attack, to the network level of ICE systems, which we identify through a threat modeling analysis on OpenICE, the best-known instantiation of ICE system. For these security attacks, we devise corresponding defense mechanisms on top of OpenICE. Our experiments demonstrate that these defense mechanisms can effectively protect OpenICE from the identified attacks with acceptable computational overhead.

[1]  Steve Warren,et al.  An open test bed for medical device integration and coordination , 2009, 2009 31st International Conference on Software Engineering - Companion Volume.

[2]  Yang Zhang,et al.  Protecting interoperable clinical environment with authentication , 2017, SIGBED.

[3]  Insup Lee,et al.  Plug-and-play for medical devices: experiences from a case study. , 2009, Biomedical instrumentation & technology.

[4]  Insup Lee,et al.  Rationale and Architecture Principles for Medical Application Platforms , 2012, 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems.

[5]  Insup Lee,et al.  Prototyping closed loop physiologic control with the medical device coordination framework , 2010, SEHC '10.

[6]  Eugene Y. Vasserman,et al.  Foundational Security Principles for Medical Application Platforms - (Extended Abstract) , 2013, WISA.

[7]  Insup Lee,et al.  Toward a safe integrated clinical environment: a communication security perspective , 2012, MedCOMM '12.

[8]  David Arney,et al.  OpenICE: An open, interoperable platform for medical cyber-physical systems , 2014, 2014 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS).

[9]  Eugene Y. Vasserman,et al.  Retrofitting Communication Security into a Publish/Subscribe Middleware Platform , 2014, FHIES/SEHC.

[10]  Insup Lee,et al.  The MIDdleware Assurance Substrate: Enabling Strong Real-Time Guarantees in Open Systems with OpenFlow , 2014, 2014 IEEE 17th International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing.

[11]  Insup Lee,et al.  Security and Interoperable-Medical-Device Systems, Part 1 , 2012, IEEE Security & Privacy.

[12]  Insup Lee,et al.  Security and Interoperable-Medical-Device Systems, Part 2: Failures, Consequences, and Classification , 2012, IEEE Security & Privacy.

[13]  David Arney - 1-Toward a Safe and Secure Medical Internet of Things , 2016 .

[14]  Curtis R. Taylor,et al.  Understanding the security of interoperable medical devices using attack graphs , 2014, HiCoNS.

[15]  Carlos Salazar A security architecture for medical application platforms , 2014 .

[16]  Insup Lee,et al.  Challenges and Research Directions in Medical Cyber–Physical Systems , 2012, Proceedings of the IEEE.