Security and Privacy for Implantable Medical Devices

Presented by : Dilip Simha.C.R.

Authors and Publication

• Daniel Halperin, Thomas S. Heydt-Benjamin, Kevin Fu, Tadayoshi Kohno, and William H. Maisel

• Pervasive Computing, IEEE  (Volume:7, Issue: 1 )

Topics

• What are IMD’s?.• Need of Security and Privacy.• Design issues• Types of intruders• Methods to deal with security issues• Tensions• Future research

What are Implantable Medical Devices

• Monitor and treat physiological conditions.• Placed inside the body• Examples

• Pacemakers• ICD’s(Implantable cardiac defibrillators)• Drug delivery systems• Neurostimulators

Importance of IMD’s

• Used in treatment of diseases like• Cardiac arrhythmia• Diabetes • Parkinson’s disease

• Over 25 million US citizens are dependent on IMD’s.

Modern day IMD’s

• Enable remote monitoring over long-range• Communicate with other interoperating

IMD’s

Criteria for design of IMD’s

• Safety and Utility goals• Security and Privacy goals

Safety and Utility goals

• Data accuracy• Device Identification• Configurability• Updatable Software• Multidevice Coordination• Auditable

Data accuracy

• Measured and stored data should be accurate.

• Incudes data about physiological conditions and timing.

Device Identification

• Authorized personnel must detect the presence of IMD’s.

• Example- ICD’s removal before heart surgery• FDA considered attaching RFID(Radio

Frequency ID) to IMD’s.

Configurability

• Authorized personnel must be able to change IMD settings.

• ICD’s and Open loop Insulin pumps.

Updatable Software

• Appropriately engineered updates are necessary

• Updates need to come from authorized personnel

Multidevice Coordination

• Current IMD’s have some examples of coordination• CROS(Contralateral routing of signals) hearing Aid.

• Projected future devices use more coordination• closed loop insulin delivery system

Auditable

• In case of failure• Device’s operational history to manufacturers.

• Might differ from the data received by healthcare professionals.

Resource Efficient

• Power consumption• More energy for wireless communications.• Must minimize computation and communication.

• Data storage requirements

Security and Privacy Goals

• Authorization• Availability• Device software and settings• Device Existence Privacy• Device-type privacy• Specific Device ID privacy• Measurement and Log privacy• Bearer privacy• Data integrity

Authorization

• Personal Authorization• Specific basic rights are granted• Patients and primary-care physicians

• Role-based authorization• Authorized for a set of tasks• Physician or Ambulance Computer

• IMD selection• Only interact with intended devices.

Availability

• DoS attack prevention• Intruder should not be able to

• Drain battery• Overflow data storage• Jam the communication

Device software and settings

• Authorized personnel should only modify IMD’s.

• Avoid accidental malfunctions.

Device existence privacy

• IMD’s are expensive.• Avoid detection by unauthorized personnel.

Specific device ID privacy

• Attacker should not be able to track IMD’s.• Location privacy.

Measurement and log privacy

• Private information about measurements and audit log data.

Bearer Privacy

• Private information of patient• Name• Medical history• Detailed diagnoses.

Data integrity

• Avoid tampering of past data.• Avoid inducing modifications to future data.

Classes of adversaries

• Passive adversaries• Active adversaries• Coordinated adversaries• Insiders

Tensions

• Security v/s Accessibility• Security v/s Device resources• Security v/s Usability

Research directions

• Fine grained access control• Open access with revocation and second-

factor authentication• Accountability• Patient awareness via secondary channels• Authorization via secondary channels • Shift computation to external devices

QUESTIONS?