BCG & ECG-based secure communication for medical devices in Body Area Networks

An increasing amount of medical devices, such as pacemakers or insulin pumps, can communicate in wireless Body Area Networks (BANs). While this facilitates the interaction between users and medical devices, something that was previously more complicated or - in the case of implanted devices - often impossible, it also raises security and privacy questions. We exploit the wide availability of ballistocardiographs (BCG) and electrocardiographs (ECG) in consumer wearables and propose MEDISCOM, an ad-hoc, implicit, and secure communication protocol for medical devices in local BANs. Deriving common secret keys from a body's BCG or ECG signal, MEDISCOM ensures confidentiality and integrity of sensitive medical data. It also continuously authenticates devices, requiring no explicit user interaction and maintaining a low computational overhead. We consider relevant attack vectors and show how MEDISCOM is resilient towards them. Also, we validate the security of our protocol's secret keys on BCG and ECG data from 29 subjects.

[1]  Guang Zhang,et al.  Emerging Wearable Medical Devices towards Personalized Healthcare , 2013, BODYNETS.

[2]  Mahbub Hassan,et al.  H2B: Heartbeat-based Secret Key Generation Using Piezo Vibration Sensors , 2019, 2019 18th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN).

[3]  Farinaz Koushanfar,et al.  Heart-to-heart (H2H): authentication for implanted medical devices , 2013, CCS.

[4]  Ivan Martinovic,et al.  Broken Hearted: How To Attack ECG Biometrics , 2017, NDSS.

[5]  Gerhard P. Hancke,et al.  Wearable security: Key derivation for Body Area sensor Networks based on host movement , 2016, 2016 IEEE 25th International Symposium on Industrial Electronics (ISIE).

[6]  Guang-Zhong Yang,et al.  Secure key generation using gait features for Body Sensor Networks , 2017, 2017 IEEE 14th International Conference on Wearable and Implantable Body Sensor Networks (BSN).

[7]  Jian Shen,et al.  Enhanced secure sensor association and key management in wireless body area networks , 2015, Journal of Communications and Networks.

[8]  Xue Liu,et al.  Data Loss and Reconstruction in Wireless Sensor Networks , 2014, IEEE Transactions on Parallel and Distributed Systems.

[9]  Prasant Mohapatra,et al.  WearIA: Wearable device implicit authentication based on activity information , 2017, 2017 IEEE 18th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[10]  Neil W. Bergmann,et al.  Walkie-Talkie: Motion-Assisted Automatic Key Generation for Secure On-Body Device Communication , 2016, 2016 15th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN).

[11]  Long Cheng,et al.  On Threat Modeling and Mitigation of Medical Cyber-Physical Systems , 2017, 2017 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE).

[12]  Ayan Banerjee,et al.  PSKA: Usable and Secure Key Agreement Scheme for Body Area Networks , 2010, IEEE Transactions on Information Technology in Biomedicine.

[13]  Ngu Nguyen,et al.  Moves like Jagger: Exploiting variations in instantaneous gait for spontaneous device pairing , 2018, Pervasive Mob. Comput..

[14]  Ngu Nguyen,et al.  Security Properties of Gait for Mobile Device Pairing , 2018, IEEE Transactions on Mobile Computing.

[15]  René Mayrhofer,et al.  SAPHE: simple accelerometer based wireless pairing with heuristic trees , 2012, MoMM '12.