Heart-to-heart (H2H): authentication for implanted medical devices

We present Heart-to-Heart (H2H), a system to authenticate external medical device controllers and programmers to Implantable Medical Devices (IMDs). IMDs, which include pacemakers and cardiac defibrillators, are therapeutic medical devices partially or wholly embedded in the human body. They often have built-in radio communication to facilitate non-invasive reprogramming and data readout. Many IMDs, though, lack well designed authentication protocols, exposing patients to over-the-air attack and physical harm. H2H makes use of ECG (heartbeat data) as an authentication mechanism, ensuring access only by a medical instrument in physical contact with an IMD-bearing patient. Based on statistical analysis of real-world data, we propose and analyze new techniques for extracting time-varying randomness from ECG signals for use in H2H. We introduce a novel cryptographic device pairing protocol that uses this randomness to protect against attacks by active adversaries, while meeting the practical challenges of lightweight implementation and noise tolerance in ECG readings. Finally, we describe an end-to-end implementation in an ARM-Cortex M-3 microcontroller that demonstrates the practicality of H2H in current IMD hardware. Previous schemes have had goals much like those of H2H, but with serious limitations making them unfit for deployment---such as naively designed cryptographic pairing protocols (some of them recently broken). In addition to its novel analysis and use of ECG entropy, H2H is the first physiologically-based IMD device pairing protocol with a rigorous adversarial model and protocol analysis.

[1]  Ralf Bousseljot,et al.  Nutzung der EKG-Signaldatenbank CARDIODAT der PTB über das Internet , 2009 .

[2]  Srdjan Capkun,et al.  Physical-Layer Identification of Wireless Devices , 2011 .

[3]  Srdjan Capkun,et al.  Distance Hijacking Attacks on Distance Bounding Protocols , 2012, 2012 IEEE Symposium on Security and Privacy.

[4]  Lucila Ohno-Machado,et al.  Real-Time ECG Algorithms for Ambulatory Patient Monitoring , 2005, AMIA.

[5]  Kevin Fu,et al.  Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security , 2008, HotSec.

[6]  Kevin Fu,et al.  They can hear your heartbeats: non-invasive security for implantable medical devices , 2011, SIGCOMM.

[7]  J. Cacioppo,et al.  Handbook Of Psychophysiology , 2019 .

[8]  W. Maisel Safety issues involving medical devices: implications of recent implantable cardioverter-defibrillator malfunctions. , 2005, JAMA.

[9]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[10]  E. S. Pearson,et al.  On the Problem of the Most Efficient Tests of Statistical Hypotheses , 1933 .

[11]  Dong Hoon Lee,et al.  Biometric Based Secure Communications without Pre-deployed Key for Biosensor Implanted in Body Sensor Networks , 2011, WISA.

[12]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[13]  Ayan Banerjee,et al.  PSKA: Usable and Secure Key Agreement Scheme for Body Area Networks , 2010, IEEE Transactions on Information Technology in Biomedicine.

[14]  Albert Levi,et al.  A Survey on the Development of Security Mechanisms for Body Area Networks , 2014, Comput. J..

[15]  E. B. ASSESSMENT AND DIAGNOSTIC APPLICATIONS OF HEART RATE VARIABILITY , 2010 .

[16]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[17]  Jeffrey M. Hausdorff,et al.  Physionet: Components of a New Research Resource for Complex Physiologic Signals". Circu-lation Vol , 2000 .

[18]  P. Hänggi,et al.  Quantification of heart rate variability by discrete nonstationary non-Markov stochastic processes. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[19]  Christof Paar,et al.  Understanding Cryptography: A Textbook for Students and Practitioners , 2009 .

[20]  S. Knardahl Cardiovascular psychophysiology , 2000, Annals of medicine.

[21]  G.B. Moody,et al.  The impact of the MIT-BIH Arrhythmia Database , 2001, IEEE Engineering in Medicine and Biology Magazine.

[22]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[23]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[24]  Fan Zhang,et al.  OPFKA: Secure and efficient Ordered-Physiological-Feature-based key agreement for wireless Body Area Networks , 2013, 2013 Proceedings IEEE INFOCOM.

[25]  Sandeep K. S. Gupta,et al.  Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body , 2003, 2003 International Conference on Parallel Processing Workshops, 2003. Proceedings..

[26]  Rosalind W. Picard,et al.  Non-contact, automated cardiac pulse measurements using video imaging and blind source separation , 2022 .

[27]  S. Cerutti,et al.  Applying nonlinear noise reduction in the analysis of heart rate variability , 2001, IEEE Engineering in Medicine and Biology Magazine.

[28]  Farinaz Koushanfar,et al.  Balancing security and utility in Medical Devices? , 2013, 2013 50th ACM/EDAC/IEEE Design Automation Conference (DAC).

[29]  Elaine B. Barker,et al.  A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications , 2000 .

[30]  Frederick J. Manning,et al.  Innovation and Invention In Medical Devices: Workshop Summary , 2001 .

[31]  Daniel R. Frisch,et al.  16-year trends in the infection burden for pacemakers and implantable cardioverter-defibrillators in the United States 1993 to 2008. , 2011, Journal of the American College of Cardiology.

[32]  Panagiotis Papadimitratos,et al.  Distance Bounding with IEEE 802.15.4a: Attacks and Countermeasures , 2011, IEEE Transactions on Wireless Communications.

[33]  Srdjan Capkun,et al.  Proximity-based access control for implantable medical devices , 2009, CCS.

[34]  G. Berntson,et al.  Handbook of Psychophysiology: Cardiovascular Psychophysiology , 2007 .

[35]  Elaine B. Barker,et al.  Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths , 2011 .

[36]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[37]  Carmen C. Y. Poon,et al.  A novel biometrics method to secure wireless body area sensor networks for telemedicine and m-health , 2006, IEEE Communications Magazine.

[38]  Fengyuan Xu,et al.  IMDGuard: Securing implantable medical devices with the external wearable guardian , 2011, 2011 Proceedings IEEE INFOCOM.

[39]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[40]  Carmen C. Y. Poon,et al.  Using the Timing Information of Heartbeats as an Entity Identifier to Secure Body Sensor Network , 2008, IEEE Transactions on Information Technology in Biomedicine.

[41]  Sandeep K. S. Gupta,et al.  Physiological value-based efficient usable security solutions for body sensor networks , 2010, TOSN.

[42]  Bruce J. West,et al.  Chaos and fractals in human physiology. , 1990, Scientific American.

[43]  J. Lebak,et al.  Interoperability and Security in Wireless Body Area Network Infrastructures , 2005, 2005 IEEE Engineering in Medicine and Biology 27th Annual Conference.

[44]  B. E. Eckbo,et al.  Appendix , 1826, Epilepsy Research.

[45]  Luc Vanhees,et al.  Physical activity and blood pressure , 1985 .

[46]  Maria L. Gini,et al.  Implantable medical devices as agents and part of multiagent systems , 2006, AAMAS '06.

[47]  Kevin Fu,et al.  Security and Privacy for Implantable Medical Devices , 2008, IEEE Pervasive Comput..