Abstract
Implantable medical devices (IMDs), such as pacemakers, implanted cardiac defibrillators and neurostimulators are medical devices implanted into patients’ bodies for monitoring physiological signals and performing medical treatments. Many IMDs have built-in wireless communication modules to facilitate data collecting and device reprogramming by external programmers. The wireless communication brings significant conveniences for advanced applications such as real-time and remote monitoring but also introduces the risk of unauthorized wireless access. The absence of effective access control mechanisms exposes patients’ life to cyber attacks. In this paper, we present a lightweight and universally applicable access control system for IMDs. By leveraging Physically Obfuscated Keys (POKs) as the hardware root of trust, provable security is achieved based on standard cryptographic primitives while attaining high energy efficiency. In addition, barrier-free IMD access under emergent situations is realized by utilizing the patient’s biometrical information. We evaluate our proposed scheme through extensive security analysis and a prototype implementation, which demonstrate our work’s superiority on security and energy efficiency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Barnaby jack hacks diabetes insulin pump live at hacker halted (2011). https://www.infosecurity-magazine.com/news
Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: fast and secure message authentication. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 216–233. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_14
Bringer, J., Chabanne, H., Icart, T.: On physical obfuscation of cryptographic algorithms. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 88–103. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10628-6_6
Daugman, J.: The importance of being random: statistical principles of iris recognition. Pattern Recogn. 36(2), 279–291 (2003)
Daugman, J.: How iris recognition works. IEEE Trans. Circuits Syst. Video Technol. 14(1), 21–30 (2004)
Cannière, C.: Trivium: a stream cipher construction inspired by block cipher design principles. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 171–186. Springer, Heidelberg (2006). https://doi.org/10.1007/11836810_13
De Meulenaer, G., Gosset, F., Standaert, F.X., Pereira, O.: On the energy cost of communication and cryptography in wireless sensor networks. In: 2008 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications, WIMOB 2008, pp. 580–585. IEEE (2008)
Denning, T., Borning, A., Friedman, B., Gill, B.T., Kohno, T., Maisel, W.H.: Patients, pacemakers, and implantable defibrillators: human values and security for wireless implantable medical devices. In: SIGCHI Conference on Human Factors in Computing Systems (2010)
Denning, T., Fu, K., Kohno, T.: Absence makes the heart grow fonder: New directions for implantable medical device security. In: USENIX HotSec (2008)
Du, X., Guizani, M., Xiao, Y., Chen, H.H.: Transactions papers a routing-driven elliptic curve cryptography based key management scheme for heterogeneous sensor networks. IEEE Trans. Wireless Commun. 8(3), 1223–1229 (2009)
Du, X., Xiao, Y., Ci, S., Guizani, M., Chen, H.H.: A routing-driven key management scheme for heterogeneous sensor networks. In: 2007 IEEE International Conference on Communications, pp. 3407–3412. IEEE (2007)
Du, X., Xiao, Y., Guizani, M., Chen, H.H.: An effective key management scheme for heterogeneous sensor networks. Ad Hoc Netw. 5(1), 24–34 (2007)
Fueki, S.: Semiconductor integrated circuit on IC card protected against tampering. US Patent App. 09/962,224, 26 September 2001
Galbally, J., Marcel, S., Fierrez, J.: Image quality assessment for fake biometric detection: application to iris, fingerprint, and face recognition. IEEE Trans. Image Process. 23(2), 710–724 (2014)
Gassend, B.L.: Physical random functions. Ph.D. thesis, Massachusetts Institute of Technology (2003)
Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D., Fu, K.: They can hear your heartbeats: non-invasive security for implantable medical devices. ACM SIGCOMM Comput. Commun. Rev. 41(4), 2–13 (2011)
Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D., Fu, K.: They can hear your heartbeats: non-invasive security for implantable medical devices. In: ACM SIGCOMM (2011)
Gupta, S.: Dick cheney’s heart, October 2013. http://www.cbsnews.com/news/dick-cheneys-heart/
Halperin, D., et al.: Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defenses. In: IEEE S&P (2008)
Hao, F., Anderson, R., Daugman, J.: Combining crypto with biometrics effectively. IEEE Trans. Comput. 55(9), 1081–1088 (2006)
Hei, X., Du, X.: Biometric-based two-level secure access control for implantable medical devices during emergencies. In: IEEE INFOCOM (2011)
Hei, X., Du, X., Lin, S., Lee, I.: PIPAC: patient infusion pattern based access control scheme for wireless insulin pump system. In: 2013 Proceedings IEEE INFOCOM, pp. 3030–3038. IEEE (2013)
Hei, X., Du, X., Wu, J., Hu, F.: Defending resource depletion attacks on implantable medical devices. In: 2010 IEEE Global Telecommunications Conference GLOBECOM 2010, pp. 1–5. IEEE (2010)
Holcomb, D.E., Burleson, W.P., Fu, K.: Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. 58(9), 1198–1210 (2009)
Hu, C., Cheng, X., Zhang, F., Wu, D., Liao, X., Chen, D.: OPFKA: secure and efficient ordered-physiological-feature-based key agreement for wireless body area networks. In: IEEE INFOCOM (2013)
Karpinskyy, B., Lee, Y., Choi, Y., Kim, Y., Noh, M., Lee, S.: 8.7 physically unclonable function for secure key generation with a key error rate of 2E-38 in 45nm smart-card chips. In: 2016 IEEE International Solid-State Circuits Conference (ISSCC), pp. 158–160. IEEE (2016)
Kazmi, A.R., Afzal, M., Amjad, M.F., Abbas, H., Yang, X.: Algebraic side channel attack on trivium and grain ciphers. IEEE Access (2017)
Kohli, N., Yadav, D., Vatsa, M., Singh, R., Noore, A.: Detecting medley of iris spoofing attacks using desist. In: 2016 IEEE 8th International Conference on Biometrics Theory, Applications and Systems (BTAS), pp. 1–6. IEEE (2016)
Li, C., Raghunathan, A., Jha, N.K.: Hijacking an insulin pump: security attacks and defenses for a diabetes therapy system. In: IEEE HealthCom (2011)
Lim, D., Lee, J.W., Gassend, B., Suh, G.E., Van Dijk, M., Devadas, S.: Extracting secret keys from integrated circuits. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 13(10), 1200–1205 (2005)
Min, B.J., et al.: An embedded nonvolatile FRAM with electrical fuse repair scheme and one time programming scheme for high performance smart cards. In: 2005 Proceedings of the IEEE Custom Integrated Circuits Conference, pp. 255–258. IEEE (2005)
Ming-Chien, C., Chi-Wei, K.: Stolen-verifier attack on two new strong-password authentication protocols. IEICE Trans. Commun. 85(11), 2519–2521 (2002)
Pope, A., Bouxsein, P., Manning, F.J., Hanna, K.E., et al.: Innovation and invention in medical devices: workshop summary. National Academies Press (2001)
Potestad-Ordóñez, F., Jiménez-Fernández, C.J., Valencia-Barrero, M.: Fault attack on FPGA implementations of trivium stream cipher. In: 2016 IEEE International Symposium on Circuits and Systems (ISCAS), pp. 562–565. IEEE (2016)
Prayati, A., Antonopoulos, C., Stoyanova, T., Koulamas, C., Papadopoulos, G.: A modeling approach on the TelosB WSN platform power consumption. J. Syst. Softw. 83(8), 1355–1363 (2010)
Radcliffe, J.: Hacking medical devices for fun and insulin: breaking the human SCADA system. In: Black Hat Conference Presentation Slides, vol. 2011 (2011)
Ravikanth, P.S.: Physical one-way functions. Ph.D. thesis, Massachusetts Institute Of Technology (2001)
Robshaw, M.: The eSTREAM project. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 1–6. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68351-3_1
Rostami, M., Burleson, W., Juels, A., Koushanfar, F.: Balancing security and utility in medical devices? In: IEEE Design Automation Conference (DAC) (2013)
Rostami, M., Juels, A., Koushanfar, F.: Heart-to-heart (H2H): authentication for implanted medical devices. In: ACM CCS (2013)
Skorobogatov, S.: Flash Memory ‘Bumping’ Attacks. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 158–172. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_11
Somov, A., Minakov, I., Simalatsar, A., Fontana, G., Passerone, R.: A methodology for power consumption evaluation of wireless sensor networks. In: 2009 IEEE Conference on Emerging Technologies & Factory Automation, ETFA 2009, pp. 1–8. IEEE (2009)
Wei, Z., Qiu, X., Sun, Z., Tan, T.: Counterfeit iris detection based on texture analysis. In: 2008 19th International Conference on Pattern Recognition, ICPR 2008, pp. 1–4. IEEE (2008)
Xia, Q., Sifah, E.B., Asamoah, K.O., Gao, J., Du, X., Guizani, M.: MeDShare: trust-less medical data sharing among cloud service providers via blockchain. IEEE Access 5, 14757–14767 (2017)
Xiao, Y., Rayi, V.K., Sun, B., Du, X., Hu, F., Galloway, M.: A survey of key management schemes in wireless sensor networks. Comput. Commun. 30(11–12), 2314–2341 (2007)
Xu, F., Qin, Z., Tan, C.C., Wang, B., Li, Q.: IMDGuard: securing implantable medical devices with the external wearable guardian. In: INFOCOM, 2011 Proceedings IEEE, pp. 1862–1870. IEEE (2011)
Zheng, G., Fang, G., Orgun, M.A., Shankaran, R.: A non-key based security scheme supporting emergency treatment of wireless implants. In: IEEE ICC (2014)
Zheng, G., et al.: Multiple ECG fiducial points based random binary sequence generation for securing wireless body area networks. IEEE J. Biomed. Health Inform. PP(99), 655–663 (2016)
Acknowledgments
This publication was made possible by NPRP grant #8-408-2-172 from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Fu, C., Du, X., Wu, L., Zeng, Q., Mohamed, A., Guizani, M. (2019). POKs Based Secure and Energy-Efficient Access Control for Implantable Medical Devices. In: Chen, S., Choo, KK., Fu, X., Lou, W., Mohaisen, A. (eds) Security and Privacy in Communication Networks. SecureComm 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 304. Springer, Cham. https://doi.org/10.1007/978-3-030-37228-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-37228-6_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37227-9
Online ISBN: 978-3-030-37228-6
eBook Packages: Computer ScienceComputer Science (R0)