Top

Published in:

2014 | OriginalPaper | Chapter

7. Design Challenges for Secure Implantable Medical Devices

Authors : Benjamin Ransford, Shane S. Clark, Denis Foo Kune, Kevin Fu, Wayne P. Burleson

Published in: Security and Privacy for Implantable Medical Devices

Publisher: Springer New York

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Implantable medical devices (IMDs) are increasingly being used to improve patients’ medical outcomes. Designers of IMDs already balance safety, reliability, complexity, power consumption, and cost. However, recent research has demonstrated that designers should also consider security and data privacy to protect patients from acts of theft or malice, especially as medical technology becomes increasingly connected to other systems via wireless communications or the Internet. This survey paper summarizes recent work on IMD security. It discusses sound security principles to follow and common security pitfalls to avoid. As trends in power efficiency, sensing, wireless systems, and biointerfaces make possible new and improved IMDs, they also underscore the importance of understanding and addressing security and privacy concerns in an increasingly connected world.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Segue

next chapter Attacking and Defending a Diabetes Therapy System

See Bishop’s textbook [6] for a comprehensive introduction to security.

R. J. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, 2008.

D. Arney, R. Jetley, P. Jones, I. Lee, and O. Sokolsky. Formal methods based development of a PCA infusion pump reference model: Generic infusion pump (GIP) project. In Proceedings of the 2007 Joint Workshop on High Confidence Medical Devices, Software, and Systems and Medical Device Plug-and-Play Interoperability, HCMDSS-MDPNP ’07, pages 23–33. IEEE Computer Society, 2007.

D. Arney, M. Pajic, J. M. Goldman, I. Lee, R. Mangharam, and O. Sokolsky. Toward patient safety in closed-loop medical device systems. In Proceedings of the 1st ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS ’10, pages 139–148. ACM, 2010.

Baxa Corporation. Preventing cyber attacks. https://btsp.baxa.com/Sales%20Portal/ExactaMix/Preventing%20Cyber%20Attacks.pdf, Loaded Oct. 2012.

C. Beck, D. Masny, W. Geiselmann, and G. Bretthauer. Block cipher based security for severely resource-constrained implantable medical devices. In Proceedings of 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies, ISABEL ’11, pages 62:1–62:5. ACM, October 2011.

M. Bishop. Computer Security: Art and Science. Addison-Wesley Professional, 2003.

S. Clark, T. Goodspeed, P. Metzger, Z. Wasserman, K. Xu, and M. Blaze. Why (special agent) johnny (still) can’t encrypt: a security analysis of the apco project 25 two-way radio system. In Proceedings of the 20th USENIX conference on Security. USENIX Association, 2011.

G. De Micheli, S. Ghoreishizadeh, C. Boero, F. Valgimigli, and S. Carrara. An integrated platform for advanced diagnostics. In Design, Automation & Test in Europe Conference & Exhibition, DATE ’11. IEEE, March 2011.

A. de Saint-Exupéry. Terre des Hommes. Editions Gallimard, 1939.

10.

T. Denning, A. Borning, B. Friedman, B. T. Gill, T. Kohno, and W. H. Maisel. Patients, pacemakers, and implantable defibrillators: human values and security for wireless implantable medical devices. In Proc. International Conference on Human Factors in Computing Systems (CHI), 2010.

11.

T. Denning, K. Fu, and T. Kohno. Absence makes the heart grow fonder: New directions for implantable medical device security. In Proceedings of USENIX Workshop on Hot Topics in Security (HotSec), July 2008.

12.

X. Fan, G. Gong, K. Lauffenburger, and T. Hicks. FPGA implementations of the Hummingbird cryptographic algorithm. In Proceedings of the IEEE International Symposium on Hardware-Oriented Security and Trust, HOST ’10, pages 48–51, June 2010.

13.

X. Fan, H. Hu, G. Gong, E. Smith, and D. Engels. Lightweight implementation of Hummingbird cryptographic algorithm on 4-bit microcontrollers. In International Conference for Internet Technology and Secured Transactions, ICITST ’09, pages 1–7, November 2009.

14.

N. Ferguson, B. Schneier, and T. Kohno. Cryptography Engineering: Design Principles and Practical Applications. Wiley, 2010.

15.

D. Foo Kune, J. Backes, S. S. Clark, D. B. Kramer, M. R. Reynolds, K. Fu, Y. Kim, and W. Xu. Ghost talk: mitigating EMI signal injection attacks against analog sensors. In Proceedings of the 34th Annual IEEE Symposium on Security and Privacy, May 2013.

16.

K. Fu. Trustworthy medical device software. In Public Health Effectiveness of the FDA 510(k) Clearance Process: Measuring Postmarket Performance and Other Select Topics: Workshop Report, Washington, DC, July 2011. IOM (Institute of Medicine), National Academies Press.

17.

S. Gollakota, N. Ahmed, N. Zeldovich, and D. Katabi. Secure in-band wireless pairing. In Proceedings of the 20th USENIX Security Symposium, August 2011.

18.

S. Gollakota, H. Hassanieh, B. Ransford, D. Katabi, and K. Fu. They can hear your heartbeats: non-invasive security for implanted medical devices. In Proceedings of ACM SIGCOMM, Aug. 2011.

19.

P. Gould and A. Krahn. Complications associated with implantable cardioverter–defibrillator replacement in response to device advisories. Journal of the American Medical Association (JAMA), 295(16):1907–1911, April 2006.

20.

S. Guan, J. Gu, Z. Shen, J. Wang, Y. Huang, and A. Mason. A wireless powered implantable bio-sensor tag system-on-chip for continuous glucose monitoring. In Proceedings of the IEEE Biomedical Circuits and Systems Conference, BioCAS ’11, November 2011.

21.

A. Guiseppi-Elie. An implantable biochip to influence patient outcomes following trauma-induced hemorrhage. Analytical and Bioanalytical Chemistry, 399(1):403–419, January 2011.CrossRef

22.

D. Halperin, T. S. Heydt-Benjamin, K. Fu, T. Kohno, and W. H. Maisel. Security and privacy for implantable medical devices. IEEE Pervasive Computing, Special Issue on Implantable Electronics, 7(1):30–39, January 2008.CrossRef

23.

D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W. H. Maisel. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In Proceedings of the 29th Annual IEEE Symposium on Security and Privacy, pages 129–142, May 2008.

24.

25.

A. Hintz. Fingerprinting websites using traffic analysis. In R. Dingledine and P. Syverson, editors, Proceedings of the Privacy Enhancing Technologies workshop, PET ’02. Springer, LNCS 2482, April 2002.

26.

G. Hoglund and G. McGraw. Exploiting Software: How to Break Code. Addison-Wesley Professional, 2004.

27.

S. Hosseini-Khayat. A lightweight security protocol for ultra-low power ASIC implementation for wireless implantable medical devices. In Proceedings of the 5th International Symposium on Medical Information Communication Technology, ISMICT ’11, pages 6–9, March 2011.

28.

R. P. Jetley, P. L. Jones, and P. Anderson. Static analysis of medical device software using CodeSonar. In Proceedings of the 2008 Workshop on Static Analysis, SAW ’08, pages 22–29. ACM, 2008.

29.

A. Kerckhoffs. La cryptographie militaire. Journal des Sciences Militaires, IX, Jan 1883.

30.

I. Lee, G. J. Pappas, R. Cleaveland, J. Hatcliff, and B. H. Krogh. High-confidence medical device software and systems. IEEE Computer, 39(4):33–38, 2006.CrossRef

31.

A. K. Lenstra. Key lengths. In H. Bidgoli, editor, Handbook of Information Security, Volume 1: Key Concepts, Infrastructure, Standards and Protocols., page …John Wiley, 2006.

32.

C. Li, A. Raghunathan, and N. K. Jha. Hijacking an insulin pump: security attacks and defenses for a diabetes therapy system. In Proceedings of the 13th IEEE International Conference on e-Health Networking, Applications, and Services, Healthcom ’11, June 2011.

33.

G. McGraw. Software Security: Building Security In. Addison-Wesley Professional, 2006.

34.

G. McGraw, S. Migues, and J. West. Building Security In Maturity Model, BSIMM4 edition, September 2012.

35.

T. Mitre Corporation. Common vulnerabilities and exposures.

36.

S. J. Murdoch, S. Drimer, R. Anderson, and M. Bond. Chip and PIN is broken. In Proc. IEEE Symposium on Security and Privacy (SP), May 2010.

37.

K. Nohl, D. Evans, Starbug, and H. Plötz. Reverse-engineering a cryptographic RFID tag. In Proceedings of the 17th USENIX Security Symposium, pages 185–194, July 2008.

38.

S. O’Driscoll, A. Poon, and T. Meng. A mm-sized implantable power receiver with adaptive link compensation. In Proceedings of the International Solid-State Circuits Conference, ISSCC ’09, pages 294–295,295a. IEEE, February 2009.

39.

N. Paul, T. Kohno, and D. C. Klonoff. A review of the security of insulin pump infusion systems. Journal of Diabetes Science and Technology, 5(6):1557–1562, November 2011.

40.

K. Poulsen. Hackers assault epilepsy patients via computer. Wired.com, http://www.wired.com/politics/security/news/2008/03/epilepsy, March 2008.

41.

J. Rabaey, M. Mark, D. Chen, C. Sutardja, C. Tang, S. Gowda, M. Wagner, and D. Werthimer. Powering and communicating with mm-size implants. In Design, Automation & Test in Europe Conference & Exhibition, DATE ’11. IEEE, 2011.

42.

J. Radcliffe. Hacking medical devices for fun and insulin: Breaking the human SCADA system. Black Hat Conference presentation slides, August 2011.

43.

K. B. Rasmussen, C. Castelluccia, T. S. Heydt-Benjamin, and S. Čapkun. Proximity-based access control for implantable medical devices. In Proceedings of the 16th ACM Conference on Computer and Communications Security, pages 410–419, 2009.

44.

P. Roberts. Blind attack on wireless insulin pumps could deliver lethal dose. Threatpost (blog post), http://threatpost.com/en_us/blogs/blind-attack-wireless-insulin-pumps-could-deliver-lethal-dose-102711, October 2011.

45.

J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. F. Cranor. Crying wolf: An empirical study of SSL warning effectiveness. In Proceedings USENIX Security Symposium, 2009.

46.

D. Takahashi. Excuse me while I turn off your insulin pump. VentureBeat, http://venturebeat.com/2011/08/04/excuse-me-while-i-turn-off-your-insulin-pump/, August 2011.

47.

U.S. Food and Drug Administration. 510(k) clearances. http://www.fda.gov/medicaldevices/productsandmedicalprocedures/deviceapprovalsandclearances/510kclearances/default.htm, Jun 2009.

48.

U.S. Food and Drug Administration. Reminder from FDA: cybersecurity for networked medical devices is a shared responsibility. http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm189111.htm, Nov. 2009.

49.

J. Viega and G. McGraw. Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley Professional, 2001.

50.

F. Xu, Z. Qin, C. C. Tan, B. Wang, and Q. Li. IMDGuard: Securing implantable medical devices with the external wearable guardian. In Proceedings of the 30th IEEE International Conference on Computer Communications, INFOCOM ’11, pages 1862–1870, April 2011.

Title: Design Challenges for Secure Implantable Medical Devices
Authors: Benjamin Ransford
Shane S. Clark
Denis Foo Kune
Kevin Fu
Wayne P. Burleson
Publisher: Springer New York
Book: Security and Privacy for Implantable Medical Devices
Print ISBN: 978-1-4614-1673-9

Electronic ISBN: 978-1-4614-1674-6

Copyright Year: 2014
DOI: https://doi.org/10.1007/978-1-4614-1674-6_7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"