Patient Infusion Pattern based Access Control Schemes for Wireless Insulin Pump System

Wireless insulin pumps have been widely deployed in hospitals and home healthcare systems. Most of them have limited security mechanisms embedded to protect them from malicious attacks. In this paper, two attacks against insulin pump systems via wireless links are investigated: a single acute overdose with a significant amount of medication and a chronic overdose with a small amount of extra medication over a long time period. They can be launched unobtrusively and may jeopardize patients' lives. It is very urgent to protect patients from these attacks. We propose a novel personalized patient infusion pattern based access control scheme (PIPAC) for wireless insulin pumps. This scheme employs supervised learning approaches to learn normal patient infusion patterns in terms of the dosage amount, rate, and time of infusion, which are automatically recorded in insulin pump logs. The generated regression models are used to dynamically configure a safe infusion range for abnormal infusion identification. This model includes two sub models for bolus (one type of insulin) abnormal dosage detection and basal abnormal rate detection. The proposed algorithms are evaluated with real insulin pump. The evaluation results demonstrate that our scheme is able to detect the two attacks with a very high success rate.

[1]  Srdjan Capkun,et al.  Proximity-based access control for implantable medical devices , 2009, CCS.

[2]  Fengyuan Xu,et al.  IMDGuard: Securing implantable medical devices with the external wearable guardian , 2011, 2011 Proceedings IEEE INFOCOM.

[3]  E. Freudenthal,et al.  Practical Techniques for Limiting Disclosure of RF-Equipped Medical Devices , 2007, 2007 IEEE Dallas Engineering in Medicine and Biology Workshop.

[4]  Wenyuan Xu,et al.  Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors , 2013, 2013 IEEE Symposium on Security and Privacy.

[5]  Xiaojiang Du,et al.  Poster: near field communication based access control for wireless medical devices , 2014, MobiHoc '14.

[6]  Yi Zhang,et al.  A Hazard Analysis for a Generic Insulin Infusion Pump , 2010, Journal of diabetes science and technology.

[7]  P. Inchingolo,et al.  MEDICAL DATA PROTECTION WITH A NEW GENERATION OF HARDWARE AUTHENTICATION TOKENS , 2001 .

[8]  Li Li,et al.  A mobile health system design for home and community use , 2012, Proceedings of 2012 IEEE-EMBS International Conference on Biomedical and Health Informatics.

[9]  Yi Zhang,et al.  Safety-assured development of the GPCA infusion pump software , 2011, 2011 Proceedings of the Ninth ACM International Conference on Embedded Software (EMSOFT).

[10]  Yuguang Fang,et al.  HCPP: Cryptography Based Secure EHR System for Patient Privacy and Emergency Healthcare , 2011, 2011 31st International Conference on Distributed Computing Systems.

[11]  Kevin Fu,et al.  Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security , 2008, HotSec.

[12]  Xiaojiang Du,et al.  Biometric-based two-level secure access control for Implantable Medical Devices during emergencies , 2011, 2011 Proceedings IEEE INFOCOM.

[13]  Kevin Fu,et al.  They can hear your heartbeats: non-invasive security for implantable medical devices , 2011, SIGCOMM.

[14]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[15]  Chunxiao Li System design and verification methodologies for secure computing , 2012 .

[16]  Saied Hosseini-Khayat A lightweight security protocol for ultra-low power ASIC implementation for wireless Implantable Medical Devices , 2011, 2011 5th International Symposium on Medical Information and Communication Technology.

[17]  Tibor Deutsch,et al.  Incorporating a Generic Model of Subcutaneous Insulin Absorption into the AIDA v4 Diabetes Simulator 2. Preliminary Bench Testing , 2007, Journal of diabetes science and technology.

[18]  Georg Bretthauer,et al.  Block cipher based security for severely resource-constrained implantable medical devices , 2011, ISABEL '11.

[19]  Jie Wu,et al.  Defending Resource Depletion Attacks on Implantable Medical Devices , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[20]  Niraj K. Jha,et al.  Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system , 2011, 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services.

[21]  Srdjan Capkun,et al.  Jamming-resistant Broadcast Communication without Shared Keys , 2009, USENIX Security Symposium.

[22]  Chieh-Yih Wan,et al.  A context-management framework for telemedicine: an emergency medicine case study , 2010, Wireless Health.

[23]  Xiaojiang Du,et al.  PIPAC: Patient infusion pattern based access control scheme for wireless insulin pump system , 2013, 2013 Proceedings IEEE INFOCOM.

[24]  Chenyang Lu,et al.  Reliable clinical monitoring using wireless sensor networks: experiences in a step-down hospital unit , 2010, SenSys '10.