Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors

Electromagnetic interference (EMI) affects circuits by inducing voltages on conductors. Analog sensing of signals on the order of a few millivolts is particularly sensitive to interference. This work (1) measures the susceptibility of analog sensor systems to signal injection attacks by intentional, low-power emission of chosen electromagnetic waveforms, and (2) proposes defense mechanisms to reduce the risks. Our experiments use specially crafted EMI at varying power and distance to measure susceptibility of sensors in implantable medical devices and consumer electronics. Results show that at distances of 1-2m, consumer electronic devices containing microphones are vulnerable to the injection of bogus audio signals. Our measurements show that in free air, intentional EMI under 10 W can inhibit pacing and induce defibrillation shocks at distances up to 1-2m on implantable cardiac electronic devices. However, with the sensing leads and medical devices immersed in a saline bath to better approximate the human body, the same experiment decreases to about 5 cm. Our defenses range from prevention with simple analog shielding to detection with a signal contamination metric based on the root mean square of waveform amplitudes. Our contribution to securing cardiac devices includes a novel defense mechanism that probes for forged pacing pulses inconsistent with the refractory period of cardiac tissue.

[1]  G. A. Miller The masking of speech. , 1947, Psychological bulletin.

[2]  A. Waugh Island in the Sun , 1955 .

[3]  L. A. Wojciechowaski Island in the sun. , 1978, The Penn dental journal.

[4]  C. Paul Introduction to electromagnetic compatibility , 2005 .

[5]  M. Sadiku Electromagnetic compatibility , 1992, IEEE Potentials.

[6]  John G. Proakis,et al.  Digital Signal Processing: Principles, Algorithms, and Applications , 1992 .

[7]  Johan Karlsson,et al.  Fault injection into VHDL models: the MEFISTO tool , 1994 .

[8]  J. Karlsson,et al.  Application of Three Physical Fault Injection Techniques to the Experimental Assessment of the MARS Architecture , 1995 .

[9]  H. W. Moses,et al.  A Practical Guide to Cardiac Pacing , 1995 .

[10]  M. Kroll,et al.  Implantable Cardioverter Defibrillator Therapy: The Engineering-Clinical Interface , 2012, Developments in Cardiovascular Medicine.

[11]  W. Irnich,et al.  Electromagnetic Interference of Pacemakers by Mobile Phones , 1996, Pacing and clinical electrophysiology : PACE.

[12]  P. J. Wang,et al.  Interference with cardiac pacemakers by cellular telephones. , 1997, The New England journal of medicine.

[13]  S. Hohnloser,et al.  Worldwide clinical experience with a down-sized active can implantable cardioverter defibrillator in 162 consecutive patients. Worldwide 7221 ICD Investigators. , 1998, Pacing and clinical electrophysiology : PACE.

[14]  Behzad Razavi,et al.  Design of Analog CMOS Integrated Circuits , 1999 .

[15]  William M. Daley,et al.  Security Requirements for Cryptographic Modules , 1999 .

[16]  N AamiPacemakerCommittee-EMCtaskforcePac Active implantable medical devices-Electromagnetic compatibility-EMC test protocols for implantable cardiac pacemakers and implantable cardioverter defibrillators , 1999 .

[17]  P. Friedman,et al.  Cardiac Pacing and Defibrillation: A Clinical Approach , 2000 .

[18]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[19]  Avery Wang,et al.  An Industrial Strength Audio Search Algorithm , 2003, ISMIR.

[20]  Andrew W. Appel,et al.  Using memory errors to attack a virtual machine , 2003, 2003 Symposium on Security and Privacy, 2003..

[21]  J. Loewy,et al.  Reconsideration of pacemakers and MR imaging. , 2004, Radiographics.

[22]  K. Hekmat,et al.  Interference by cellular phones with permanent implanted pacemakers: an update. , 2003, Europace : European pacing, arrhythmias, and cardiac electrophysiology : journal of the working groups on cardiac pacing, arrhythmias, and cardiac cellular electrophysiology of the European Society of Cardiology.

[23]  F.M. Tesche,et al.  Classification of intentional electromagnetic environments (IEME) , 2004, IEEE Transactions on Electromagnetic Compatibility.

[24]  M.G. Backstrom,et al.  Susceptibility of electronic systems to high-power microwaves: summary of test experience , 2004, IEEE Transactions on Electromagnetic Compatibility.

[25]  W.A. Radasky,et al.  Introduction to the special issue on high-power electromagnetics (HPEM) and intentional electromagnetic interference (IEMI) , 2004, IEEE Transactions on Electromagnetic Compatibility.

[26]  C. Paul Introduction to Electromagnetic Compatibility: Paul/Introduction to Electromagnetic Compatibility, Second Edition , 2005 .

[27]  Wolfgang Kainz,et al.  Implantable cardiac pacemaker electromagnetic compatibility testing in a novel security system Simulator , 2005, IEEE Transactions on Biomedical Engineering.

[28]  J. Ekman,et al.  Susceptibility of sensor networks to intentional electromagnetic interference , 2006, 2006 17th International Zurich Symposium on Electromagnetic Compatibility.

[29]  C. Paul Introduction to Electromagnetic Compatibility (Wiley Series in Microwave and Optical Engineering) , 2006 .

[30]  M. Santini,et al.  Evaluation of Electromagnetic Interference of GSM Mobile Phones with Pacemakers Featuring Remote Monitoring Functions , 2006, Pacing and clinical electrophysiology : PACE.

[31]  Giovanni Calcagnini,et al.  Interference between mobile phones and pacemakers: a look inside. , 2007, Annali dell'Istituto superiore di sanita.

[32]  H. Halperin,et al.  Effects of Surgical and Endoscopic Electrocautery on Modern‐Day Permanent Pacemaker and Implantable Cardioverter‐Defibrillator Systems , 2008, Pacing and clinical electrophysiology : PACE.

[33]  N. Goldschlager,et al.  Environmental Effects on Cardiac Pacing Systems , 2008 .

[34]  S. Priori,et al.  Magnetic resonance imaging in individuals with cardiovascular implantable electronic devices. , 2008, Europace : European pacing, arrhythmias, and cardiac electrophysiology : journal of the working groups on cardiac pacing, arrhythmias, and cardiac cellular electrophysiology of the European Society of Cardiology.

[35]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[36]  T. Kohno,et al.  Clinically significant magnetic interference of implanted cardiac devices by portable headphones. , 2009, Heart rhythm.

[37]  Srdjan Capkun,et al.  Proximity-based access control for implantable medical devices , 2009, CCS.

[38]  R. Thottappillil,et al.  Methodology for Classifying Facilities With Respect to Intentional EMI , 2009, IEEE Transactions on Electromagnetic Compatibility.

[39]  Michiel Steyaert,et al.  EMC of Analog Integrated Circuits , 2009 .

[40]  Zhihao Jiang,et al.  Real-Time Heart Model for Implantable Cardiac Device Validation and Verification , 2010, 2010 22nd Euromicro Conference on Real-Time Systems.

[41]  Randall G. Brockman,et al.  In vitro tests reveal sample radiofrequency identification readers inducing clinically significant electromagnetic interference to implantable pacemakers and implantable cardioverter-defibrillators. , 2010, Heart rhythm.

[42]  Zhihao Jiang,et al.  Modeling cardiac pacemaker malfunctions with the Virtual Heart Model , 2011, 2011 Annual International Conference of the IEEE Engineering in Medicine and Biology Society.