A Critical Analysis of ECG-Based Key Distribution for Securing Wearable and Implantable Medical Devices

Wearable and implantable medical devices (WIMDs) perform critical health monitoring and therapeutic functions. However, current WIMD products lack security safeguards to protect patients from fatal cyber attacks. In the recent past, electrocardiogram (ECG) signals-based security techniques have been widely explored to secure such devices by using two cryptographic primitives, the fuzzy commitment and the fuzzy vault, respectively. Nonetheless, differences, as well as similarities between these two primitives, have not been well investigated, making it difficult to decide which one would be appropriate for a particular setting. In this paper, we perform a critical analysis on both primitives and discuss their merits and drawbacks in the context of the ECG-based key distribution. We analyze the critical challenges within each primitive-based key distribution technique, such as binary sequence generation and polynomial computations. Experimental results show that the technique based on the fuzzy commitment has a better false acceptance rate due to the randomness of ECG binary sequences. On the other hand, the fuzzy vault based scheme can achieve an acceptable false reject rate (5%) with less cost to the WIMDs. Future research is suggested to enhance the precision of ECG signal processing, to improve the efficacy of binary sequence generation process as well as to suggest ways to reduce polynomial computations.

[1]  Ye Li,et al.  Biometrics based novel key distribution solution for body sensor networks , 2009, 2009 Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[2]  Carmen C. Y. Poon,et al.  Using the Timing Information of Heartbeats as an Entity Identifier to Secure Body Sensor Network , 2008, IEEE Transactions on Information Technology in Biomedicine.

[3]  Jeffrey M. Hausdorff,et al.  Physionet: Components of a New Research Resource for Complex Physiologic Signals". Circu-lation Vol , 2000 .

[4]  Carmen C. Y. Poon,et al.  Analysis of Using Interpulse Intervals to Generate 128-Bit Biometric Random Binary Sequences for Securing Wireless Body Sensor Networks , 2012, IEEE Transactions on Information Technology in Biomedicine.

[5]  Shafique Ahmad Chaudhry,et al.  Phishing Attacks and Defenses , 2016 .

[6]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[7]  Eryk Dutkiewicz,et al.  Truthful Channel Sharing for Self Coexistence of Overlapping Medical Body Area Networks , 2016, PloS one.

[8]  Craig Valli,et al.  Finger-to-Heart (F2H): Authentication for Wireless Implantable Medical Devices , 2019, IEEE Journal of Biomedical and Health Informatics.

[9]  Yajun Ha,et al.  Improved chaff point generation for vault scheme in bio-cryptosystems , 2013, IET Biom..

[10]  Mohsen Guizani,et al.  Access Control Schemes for Implantable Medical Devices: A Survey , 2017, IEEE Internet of Things Journal.

[11]  Christos Strydis,et al.  Enhancing Heart-Beat-Based Security for mHealth Applications , 2017, IEEE Journal of Biomedical and Health Informatics.

[12]  Fengyuan Xu,et al.  IMDGuard: Securing implantable medical devices with the external wearable guardian , 2011, 2011 Proceedings IEEE INFOCOM.

[13]  Athanasios V. Vasilakos,et al.  Accelerometer and Fuzzy Vault-Based Secure Group Key Generation and Sharing Protocol for Smart Wearables , 2017, IEEE Transactions on Information Forensics and Security.

[14]  Gengfa Fang,et al.  Multiple ECG Fiducial Points-Based Random Binary Sequence Generation for Securing Wireless Body Area Networks , 2017, IEEE Journal of Biomedical and Health Informatics.

[15]  Jürgen Kosel,et al.  Wearable Flexible Sensors: A Review , 2017, IEEE Sensors Journal.

[16]  H. B. Riley,et al.  Performance Study of Different Denoising Methods for ECG Signals , 2014, EUSPN/ICTH.

[17]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[18]  Fan Zhang,et al.  OPFKA: Secure and efficient Ordered-Physiological-Feature-based key agreement for wireless Body Area Networks , 2013, 2013 Proceedings IEEE INFOCOM.

[19]  Subhas Chandra Mukhopadhyay,et al.  Wearable Sensors for Human Activity Monitoring: A Review , 2015, IEEE Sensors Journal.

[20]  Mehmet A. Orgun,et al.  Design and deployment challenges in immersive and wearable technologies , 2017, Behav. Inf. Technol..

[21]  G. Moody,et al.  The European ST-T database: standard for evaluating systems for the analysis of ST-T changes in ambulatory electrocardiography. , 1992, European heart journal.

[22]  James Kinross,et al.  Effective cybersecurity is fundamental to patient safety , 2017, British Medical Journal.

[23]  Sharath Pankanti,et al.  Fuzzy Vault for Fingerprints , 2005, AVBPA.

[24]  Ayan Banerjee,et al.  PSKA: Usable and Secure Key Agreement Scheme for Body Area Networks , 2010, IEEE Transactions on Information Technology in Biomedicine.

[25]  Carmen C. Y. Poon,et al.  A fast key generation method based on dynamic biometrics to secure wireless body sensor networks for p-health , 2010, 2010 Annual International Conference of the IEEE Engineering in Medicine and Biology.

[26]  Xiaojiang Du,et al.  An Out-of-band Authentication Scheme for Internet of Things Using Blockchain Technology , 2018, 2018 International Conference on Computing, Networking and Communications (ICNC).

[27]  Tran Khanh Dang,et al.  Enhance fuzzy vault security using nonrandom chaff point generator , 2016, Inf. Process. Lett..

[28]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[29]  Sandeep K. S. Gupta,et al.  Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body , 2003, 2003 International Conference on Parallel Processing Workshops, 2003. Proceedings..

[30]  Sharath Pankanti,et al.  Fingerprint-Based Fuzzy Vault: Implementation and Performance , 2007, IEEE Transactions on Information Forensics and Security.

[31]  Shu-Di Bao A matching performance study on IPI-based entity identifiers for body sensor network security , 2012, 2012 5th International Conference on BioMedical Engineering and Informatics.

[32]  Sandeep K. S. Gupta,et al.  Physiological value-based efficient usable security solutions for body sensor networks , 2010, TOSN.

[33]  Gengfa Fang,et al.  Encryption for Implantable Medical Devices Using Modified One-Time Pads , 2015, IEEE Access.

[34]  Farinaz Koushanfar,et al.  Heart-to-heart (H2H): authentication for implanted medical devices , 2013, CCS.