Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses

Our study analyzes the security and privacy properties of an implantable cardioverter defibrillator (ICD). Introduced to the U.S. market in 2003, this model of ICD includes pacemaker technology and is designed to communicate wirelessly with a nearby external programmer in the 175 kHz frequency range. After partially reverse-engineering the ICD's communications protocol with an oscilloscope and a software radio, we implemented several software radio-based attacks that could compromise patient safety and patient privacy. Motivated by our desire to improve patient safety, and mindful of conventional trade-offs between security and power consumption for resource-constrained devices, we introduce three new zero-power defenses based on RF power harvesting. Two of these defenses are human-centric, bringing patients into the loop with respect to the security and privacy of their implantable medical devices (IMDs). Our contributions provide a scientific baseline for understanding the potential security and privacy risks of current and future IMDs, and introduce human-perceptible and zero-power mitigation techniques that address those risks. To the best of our knowledge, this paper is the first in our community to use general-purpose software radios to analyze and attack previously unknown radio communications protocols.

[1]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[2]  Sandeep K. S. Gupta,et al.  Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body , 2003, 2003 International Conference on Parallel Processing Workshops, 2003. Proceedings..

[3]  Michael Sirivianos,et al.  Loud and Clear: Human-Verifiable Authentication Based on Audio , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[4]  Nancy G. Leveson,et al.  An investigation of the Therac-25 accidents , 1993, Computer.

[5]  K.K. Venkatasubramanian,et al.  Security for Pervasive Health Monitoring Sensor Applications , 2006, 2006 Fourth International Conference on Intelligent Sensing and Information Processing.

[6]  Brett Kaufman,et al.  OsteoConduct: wireless body-area communication based on bone conduction , 2007, BODYNETS.

[7]  J. Lebak,et al.  Interoperability and Security in Wireless Body Area Network Infrastructures , 2005, 2005 IEEE Engineering in Medicine and Biology 27th Annual Conference.

[8]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[9]  Alanson P. Sample,et al.  A Wirelessly-Powered Platform for Sensing and Computation , 2006, UbiComp.

[10]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[11]  Andrea Bittau,et al.  BlueSniff: Eve Meets Alice and Bluetooth , 2007, WOOT.

[12]  W. Maisel,et al.  Pacemaker and ICD generator malfunctions: analysis of Food and Drug Administration annual reports. , 2006, JAMA.

[13]  Markus G. Kuhn,et al.  Compromising Emanations , 2005, Encyclopedia of Cryptography and Security.

[14]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[15]  Kevin Fu,et al.  Secure Software Updates: Disappointments and New Challenges , 2006, HotSec.

[16]  Kevin Fu,et al.  Security and Privacy for Implantable Medical Devices , 2008, IEEE Pervasive Comput..

[17]  S. Sastry,et al.  Security and Privacy Issues with Health Care Information Technology , 2006, 2006 International Conference of the IEEE Engineering in Medicine and Biology Society.

[18]  Ronald L. Rivest,et al.  The RC5 Encryption Algorithm , 1994, FSE.

[19]  W. Maisel Safety issues involving medical devices: implications of recent implantable cardioverter-defibrillator malfunctions. , 2005, JAMA.

[20]  Kevin Fu,et al.  Vulnerabilities in First-Generation RFID-Enabled Credit Cards , 2007, Financial Cryptography.

[21]  Maria L. Gini,et al.  Implantable medical devices as agents and part of multiagent systems , 2006, AAMAS '06.

[22]  David A. Wagner,et al.  TinySec: a link layer security architecture for wireless sensor networks , 2004, SenSys '04.

[23]  Daniel E. Holcomb,et al.  Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags , 2007 .

[24]  Z. Wang,et al.  MICS transceivers: regulatory standards and applications [medical implant communications service] , 2005, Proceedings. IEEE SoutheastCon, 2005..

[25]  Kevin Fu,et al.  Key Regression: Enabling Efficient Key Distribution for Secure Distributed Storage , 2006, NDSS.

[26]  Joshua R. Smith,et al.  Design of a Passively-Powered, Programmable Sensing Platform for UHF RFID Systems , 2007, 2007 IEEE International Conference on RFID.

[27]  Dong Chao,et al.  Universal Software Radio Peripheral , 2010 .