Defending Resource Depletion Attacks on Implantable Medical Devices

Implantable Medical Devices (IMDs) have been widely used to treat chronic diseases such as cardiac arrhythmia and diabetes. Many IMDs are enabled with wireless communication capabilities and can communicate with an outside programmer/reader wirelessly. With the rapid growth of IMDs, IMD security becomes a critical issue since attacks on IMDs may directly harm the patient. Typical IMDs have very limited resource in terms of energy, computation and storage. In this research, we identify a new kind of attacks on IMDs -Resource Depletion (RD) attacks that could deplete IMD resources (e.g., battery power) quickly. The RD attacks could reduce the lifetime of an IMD from several years to a few weeks. The attacks can be easily launched but can not be defended by traditional cryptographic approaches. In this paper, we propose to utilize the patient's IMD access pattern and we design a novel Support Vector Machine (SVM) based scheme to address the RD attacks. Our SVM-based scheme is very effective in defending the RD attacks. Our experimental results show that the average detection rate of the SVM-based scheme is above 90%.

[1]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[2]  David W. Chadwick,et al.  How to Break Access Control in a Controlled Manner , 2006, 19th IEEE Symposium on Computer-Based Medical Systems (CBMS'06).

[3]  P. Inchingolo,et al.  MEDICAL DATA PROTECTION WITH A NEW GENERATION OF HARDWARE AUTHENTICATION TOKENS , 2001 .

[4]  Bernhard E. Boser,et al.  A training algorithm for optimal margin classifiers , 1992, COLT '92.

[5]  John G Webster,et al.  Design of Cardiac Pacemakers , 1995 .

[6]  E. Freudenthal,et al.  Practical Techniques for Limiting Disclosure of RF-Equipped Medical Devices , 2007, 2007 IEEE Dallas Engineering in Medicine and Biology Workshop.

[7]  Scott F. Midkiff,et al.  Denial-of-Service in Wireless Sensor Networks: Attacks and Defenses , 2008, IEEE Pervasive Computing.

[8]  D. Panescu Emerging Technologies [wireless communication systems for implantable medical devices] , 2008, IEEE Engineering in Medicine and Biology Magazine.

[9]  Kevin Fu,et al.  Security and Privacy for Implantable Medical Devices , 2008, IEEE Pervasive Comput..

[10]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[11]  Scott F. Midkiff,et al.  Effects of Denial-of-Sleep Attacks on Wireless Sensor Network MAC Protocols , 2009, IEEE Transactions on Vehicular Technology.

[12]  Srdjan Capkun,et al.  Proximity-based access control for implantable medical devices , 2009, CCS.

[13]  Lan Wang,et al.  Securing wireless implantable devices for healthcare: Ideas and challenges , 2009, IEEE Communications Magazine.

[14]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[15]  Sandeep K. S. Gupta,et al.  Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body , 2003, 2003 International Conference on Parallel Processing Workshops, 2003. Proceedings..

[16]  W. Maisel Safety issues involving medical devices: implications of recent implantable cardioverter-defibrillator malfunctions. , 2005, JAMA.

[17]  Kevin Fu,et al.  Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security , 2008, HotSec.

[18]  M. Aizerman,et al.  Theoretical Foundations of the Potential Function Method in Pattern Recognition Learning , 1964 .