Security for Wireless Implantable Medical Devices

This chapter introduces the background of wireless IMDs and the related security issues. For ease of understanding, we first discuss the challenges of securing IMDs. The organization of the book is given in the last paragraph.

This chapter describes the related work to our research, and it includes a brief survey on defense solutions to protect IMDs during normal situations, access control schemes for IMDs during emergencies, and related work on biometric systems.

With the rapid growth of IMDs, IMD security becomes a critical issue since the attacks on the devices may directly harm the patient. IMDs typically have very limited resources in terms of energy, processing capability, and storage. In this chapter, we will introduce a new kind of attack on IMDs: the Resource Depletion (RD) attack, which is used to quickly deplete the resources of an IMD, such as battery power. The RD attacks can reduce the lifetime of an IMD from several years to a few weeks. The attacks can be easily launched but cannot be defended against by traditional cryptographic approaches. In our paper [11], we propose utilizing the patient’s IMD access pattern, and we design a novel Support Vector Machine (SVM) based scheme to address the RD attacks. Our SVM-based scheme is very effective at defending against the RD attacks. Our experimental results show that the average detection rate of the SVM-based scheme is above 90 %.

IMDs are widely used to treat chronic diseases. Many IMDs can communicate wirelessly with an outside programmer (reader). However, wireless access also introduces security concerns. An attacker may obtain an IMD reader and gain unauthorized access to a patient’s device. IMD security is an important issue, since attacks on IMDs may cause physical harm to the patient. A number of research groups have studied IMD security issues when the patient is in a non-emergency situation. However, these security schemes usually require the patient’s participation, and therefore may not work during emergencies (e.g., when the patient is in a coma). In this chapter, we present a light-weight secure access control scheme for IMDs during emergencies. Our scheme utilizes the patient’s biometric information to prevent unauthorized access to the IMD. The scheme consists of two levels: level 1 is a lightweight scheme using some basic biometric information about the patient; level 2 utilizes a patient’s iris for authentication in a very effective manner. We also make one contribution in human iris verification: we show that it is possible to perform iris verification by comparing partial iris data rather than using iris data of an entire eye. This significantly reduces the overhead of iris verification, which is critical for resource-limited IMDs. We evaluate the performance of our schemes by using real iris data sets. Our experimental results show that the secure access control scheme is very effective and has small overhead (hence feasible for IMDs). Specifically, the false acceptance rate (FAR) and false rejection rate (FRR) of our secure access control scheme are close to 0.000 % when suitable thresholds are used, and the memory and computation overheads are very small. Our analysis shows that the secure access control scheme reduces computation overhead by an average of 58 %.

First, we describe new attacks on wireless IMDs–wireless insulin pump. Then, we discuss the challenges and possible solutions to defend against this kind of attacks. Finally, we conclude the book.