They can hear your heartbeats: non-invasive security for implantable medical devices

Wireless communication has become an intrinsic part of modern implantable medical devices (IMDs). Recent work, however, has demonstrated that wireless connectivity can be exploited to compromise the confidentiality of IMDs' transmitted data or to send unauthorized commands to IMDs---even commands that cause the device to deliver an electric shock to the patient. The key challenge in addressing these attacks stems from the difficulty of modifying or replacing already-implanted IMDs. Thus, in this paper, we explore the feasibility of protecting an implantable device from such attacks without modifying the device itself. We present a physical-layer solution that delegates the security of an IMD to a personal base station called the shield. The shield uses a novel radio design that can act as a jammer-cum-receiver. This design allows it to jam the IMD's messages, preventing others from decoding them while being able to decode them itself. It also allows the shield to jam unauthorized commands---even those that try to alter the shield's own transmissions. We implement our design in a software radio and evaluate it with commercial IMDs. We find that it effectively provides confidentiality for private data and protects the IMD from unauthorized commands.

[1]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[2]  W. C. Jakes,et al.  Microwave Mobile Communications , 1974 .

[3]  A. Field Communications , 1963, The Journal of Asian Studies.

[4]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[5]  Imre Csiszár,et al.  Broadcast channels with confidential messages , 1978, IEEE Trans. Inf. Theory.

[6]  J. Lopatka Adaptive generating of the jamming signal , 1995, Proceedings of MILCOM '95.

[7]  Peter Steenkiste,et al.  Measurement and analysis of the error characteristics of an in-building wireless network , 1996, SIGCOMM 1996.

[8]  Heinrich Meyr,et al.  Digital communication receivers - synchronization, channel estimation, and signal processing , 1997, Wiley series in telecommunications and signal processing.

[9]  Andreas Caduff,et al.  Wrist-wearable medical devices: technologies and applications. , 2003, Medical device technology.

[10]  Sandeep K. S. Gupta,et al.  Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body , 2003, 2003 International Conference on Parallel Processing Workshops, 2003. Proceedings..

[11]  Vaisala Helsinki,et al.  State-of-the-Art Radiosonde Telemetry , 2004 .

[12]  Abbas Jamalipour,et al.  Wireless communications , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[13]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[14]  W. Maisel Safety issues involving medical devices: implications of recent implantable cardioverter-defibrillator malfunctions. , 2005, JAMA.

[15]  Matt Welsh,et al.  Sensor networks for medical care , 2005, SenSys '05.

[16]  Adrian Perrig,et al.  Low-Cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup , 2007, Financial Cryptography.

[17]  M. Koplow,et al.  Thick film thermoelectric energy harvesting systems for biomedical applications , 2008, 2008 5th International Summer School and Symposium on Medical Devices and Biosensors.

[18]  Kevin Fu,et al.  Security and Privacy for Implantable Medical Devices , 2008, IEEE Pervasive Comput..

[19]  Kevin Fu,et al.  Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security , 2008, HotSec.

[20]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[21]  Ivan Martinovic,et al.  Jamming for good: a fresh approach to authentic communication in WSNs , 2009, WiSec '09.

[22]  Dinan Gunawardena,et al.  Rethinking Indoor Wireless: Low Power, Low Frequency, Full-duplex , 2009 .

[23]  Vijay Sivaraman,et al.  Transmission Power Control in Body Area Sensor Networks for Healthcare Monitoring , 2009, IEEE Journal on Selected Areas in Communications.

[24]  Srdjan Capkun,et al.  Jamming-resistant Broadcast Communication without Shared Keys , 2009, USENIX Security Symposium.

[25]  Peng Ning,et al.  Randomized Differential DSSS: Jamming-Resistant Wireless Broadcast Communication , 2010, 2010 Proceedings IEEE INFOCOM.

[26]  Dong Chao,et al.  Universal Software Radio Peripheral , 2010 .

[27]  Judith E. Terrill,et al.  Channel Models for Medical Implant Communication , 2010, Int. J. Wirel. Inf. Networks.

[28]  T. Kohno,et al.  Improving the security and privacy of implantable medical devices. , 2010, The New England journal of medicine.

[29]  Stuart E. Schechter Security That Is Meant to Be Skin Deep: Using Ultraviolet Micropigmentation to Store Emergency-Access Keys for Implantable Medical Devices , 2010, HealthSec.

[30]  Ashutosh Sabharwal,et al.  Full-duplex wireless communications using off-the-shelf radios: Feasibility and first results , 2010, 2010 Conference Record of the Forty Fourth Asilomar Conference on Signals, Systems and Computers.

[31]  Philip Levis,et al.  Achieving single channel, full duplex wireless communication , 2010, MobiCom.

[32]  Kevin Fu,et al.  Trustworthy Medical Device Software , 2011 .

[33]  Srinivasan Seshan,et al.  Clearing the RF smog: making 802.11n robust to cross-technology interference , 2011, SIGCOMM.

[34]  Dina Katabi,et al.  Secure In-Band Wireless Pairing , 2011, USENIX Security Symposium.

[35]  Suhas N. Diggavi,et al.  Exchanging Secrets without Using Cryptography , 2011, ArXiv.

[36]  Fengyuan Xu,et al.  IMDGuard: Securing implantable medical devices with the external wearable guardian , 2011, 2011 Proceedings IEEE INFOCOM.

[37]  Candice King,et al.  Fundamentals of wireless communications , 2013, 2013 IEEE Rural Electric Power Conference (REPC).