POKs Based Secure and Energy-Efficient Access Control for Implantable Medical Devices

Implantable medical devices (IMDs), such as pacemakers, implanted cardiac defibrillators, and neurostimulators are medical devices implanted into patients' bodies for monitoring physiological signals and performing medical treatments. Many IMDs have built-in wireless communication modules to facilitate data collecting and device reprogramming by external programmers. The wireless communication brings significant conveniences for advanced applications such as real-time and remote monitoring but also introduces the risk of unauthorized wireless access. The absence of effective access control mechanisms exposes patients' life to cyber attacks. In this paper, we present a lightweight and universally applicable access control system for IMDs. By leveraging Physically Obfuscated Keys (POKs) as the hardware root of trust, provable security is achieved based on standard cryptographic primitives while attaining high energy efficiency. In addition, barrier-free IMD access under emergent situations is realized by utilizing the patient's biometrical information. We evaluate our proposed scheme through extensive security analysis and a prototype implementation, which demonstrates our work's superiority on security and energy efficiency.

[1]  Daniel E. Holcomb,et al.  Power-Up SRAM State as an Identifying Fingerprint and Source of True Random Numbers , 2009, IEEE Transactions on Computers.

[2]  Farinaz Koushanfar,et al.  Balancing security and utility in Medical Devices? , 2013, 2013 50th ACM/EDAC/IEEE Design Automation Conference (DAC).

[3]  Kang-Woon Lee,et al.  An embedded nonvolatile FRAM with electrical fuse repair scheme and one time programming scheme for high performance smart cards , 2005, Proceedings of the IEEE 2005 Custom Integrated Circuits Conference, 2005..

[4]  Fengyuan Xu,et al.  IMDGuard: Securing implantable medical devices with the external wearable guardian , 2011, 2011 Proceedings IEEE INFOCOM.

[5]  Mohsen Guizani,et al.  Transactions papers a routing-driven Elliptic Curve Cryptography based key management scheme for Heterogeneous Sensor Networks , 2009, IEEE Transactions on Wireless Communications.

[6]  Kevin Fu,et al.  Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security , 2008, HotSec.

[7]  Xiaojiang Du,et al.  Biometric-based two-level secure access control for Implantable Medical Devices during emergencies , 2011, 2011 Proceedings IEEE INFOCOM.

[8]  Alan Borning,et al.  Patients, pacemakers, and implantable defibrillators: human values and security for wireless implantable medical devices , 2010, CHI.

[9]  Muhammad Faisal Amjad,et al.  Combining algebraic and side channel attacks on stream ciphers , 2017, 2017 International Conference on Communication Technologies (ComTech).

[10]  Matthew J. B. Robshaw,et al.  The eSTREAM Project , 2008, The eSTREAM Finalists.

[11]  Mohsen Guizani,et al.  A Routing-Driven Key Management Scheme for Heterogeneous Sensor Networks , 2007, 2007 IEEE International Conference on Communications.

[12]  Xiaojiang Du,et al.  Toward Vehicle-Assisted Cloud Computing for Smartphones , 2015, IEEE Transactions on Vehicular Technology.

[13]  Hugo Krawczyk,et al.  UMAC: Fast and Secure Message Authentication , 1999, CRYPTO.

[14]  Xiaojiang Du,et al.  PIPAC: Patient infusion pattern based access control scheme for wireless insulin pump system , 2013, 2013 Proceedings IEEE INFOCOM.

[15]  Xiaojiang Du,et al.  Achieving big data privacy via hybrid cloud , 2014, 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[16]  John Daugman How iris recognition works , 2004 .

[17]  John Daugman,et al.  The importance of being random: statistical principles of iris recognition , 2003, Pattern Recognit..

[18]  Jongsung Kim,et al.  On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (Extended Abstract) , 2006, SCN.

[19]  Roberto Passerone,et al.  A methodology for power consumption evaluation of wireless sensor networks , 2009, 2009 IEEE Conference on Emerging Technologies & Factory Automation.

[20]  Jie Wu,et al.  Defending Resource Depletion Attacks on Implantable Medical Devices , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[21]  Xiaojiang Du,et al.  Security threats to mobile multimedia applications: Camera-based attacks on mobile phones , 2014, IEEE Communications Magazine.

[22]  Kevin Fu,et al.  They can hear your heartbeats: non-invasive security for implantable medical devices , 2011 .

[23]  Christos Koulamas,et al.  A modeling approach on the TelosB WSN platform power consumption , 2010, J. Syst. Softw..

[24]  Alex Biryukov,et al.  Two Trivial Attacks on Trivium , 2007, IACR Cryptol. ePrint Arch..

[25]  Mohsen Guizani,et al.  MeDShare: Trust-Less Medical Data Sharing Among Cloud Service Providers via Blockchain , 2017, IEEE Access.

[26]  Haider Abbas,et al.  Algebraic Side Channel Attack on Trivium and Grain Ciphers , 2017, IEEE Access.

[27]  Tieniu Tan,et al.  Counterfeit iris detection based on texture analysis , 2008, 2008 19th International Conference on Pattern Recognition.

[28]  Julien Bringer,et al.  On Physical Obfuscation of Cryptographic Algorithms , 2009, INDOCRYPT.

[29]  Xiaojiang Du,et al.  Permission-combination-based scheme for Android mobile malware detection , 2014, 2014 IEEE International Conference on Communications (ICC).

[30]  Sébastien Marcel,et al.  Image Quality Assessment for Fake Biometric Detection: Application to Iris, Fingerprint, and Face Recognition , 2014, IEEE Transactions on Image Processing.

[31]  G. Edward Suh,et al.  Extracting secret keys from integrated circuits , 2005, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[32]  Blaise L. P. Gassend,et al.  Physical random functions , 2003 .

[33]  Yongki Lee,et al.  8.7 Physically unclonable function for secure key generation with a key error rate of 2E-38 in 45nm smart-card chips , 2016, 2016 IEEE International Solid-State Circuits Conference (ISSCC).

[34]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[35]  Fan Zhang,et al.  OPFKA: Secure and efficient Ordered-Physiological-Feature-based key agreement for wireless Body Area Networks , 2013, 2013 Proceedings IEEE INFOCOM.

[36]  Feng Hao,et al.  Combining Crypto with Biometrics Effectively , 2006, IEEE Transactions on Computers.

[37]  F. E. Potestad-Ordonez,et al.  Fault attack on FPGA implementations of Trivium stream cipher , 2016, 2016 IEEE International Symposium on Circuits and Systems (ISCAS).

[38]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[39]  François-Xavier Standaert,et al.  On the Energy Cost of Communication and Cryptography in Wireless Sensor Networks , 2008, 2008 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications.

[40]  Lionel Torres,et al.  Person Identification Technique Using Human Iris Recognition , 2002 .

[41]  Xiaojiang Du,et al.  A survey of key management schemes in wireless sensor networks , 2007, Comput. Commun..

[42]  Chien-Ming Chen,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols , 2002 .

[43]  Xiaojiang Du,et al.  Security in wireless sensor networks , 2008, IEEE Wireless Communications.

[44]  Mohsen Guizani,et al.  An effective key management scheme for heterogeneous sensor networks , 2007, Ad Hoc Networks.

[45]  Frederick J. Manning,et al.  Innovation and Invention In Medical Devices: Workshop Summary , 2001 .

[46]  Kyung Sup Kwak,et al.  Secure Wake-Up Scheme for WBANs , 2010, IEICE Trans. Commun..

[47]  Gengfa Fang,et al.  Multiple ECG Fiducial Points-Based Random Binary Sequence Generation for Securing Wireless Body Area Networks , 2017, IEEE Journal of Biomedical and Health Informatics.

[48]  Gengfa Fang,et al.  A non-key based security scheme supporting emergency treatment of wireless implants , 2014, 2014 IEEE International Conference on Communications (ICC).

[49]  Richa Singh,et al.  Detecting medley of iris spoofing attacks using DESIST , 2016, 2016 IEEE 8th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[50]  Farinaz Koushanfar,et al.  Heart-to-heart (H2H): authentication for implanted medical devices , 2013, CCS.

[51]  Niraj K. Jha,et al.  Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system , 2011, 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services.

[52]  Sergei Skorobogatov Flash Memory 'Bumping' Attacks , 2010, CHES.

[53]  Chen Chien-Ming,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols(Regular Section) , 2002 .

[54]  Mohammad Reza Aref,et al.  Guess and Determine Attack on Trivium Family , 2010, 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[55]  Yih-Chun Hu,et al.  Body Area Network Security: Robust Key Establishment Using Human Body Channel , 2012, HealthSec.

[56]  Christophe De Cannière,et al.  Trivium: A Stream Cipher Construction Inspired by Block Cipher Design Principles , 2006, ISC.