Skip to main content
SpringerLink
Log in

POKs Based Secure and Energy-Efficient Access Control for Implantable Medical Devices

  • Conference paper
  • First Online:
Book cover Security and Privacy in Communication Networks (SecureComm 2019)

Abstract

Implantable medical devices (IMDs), such as pacemakers, implanted cardiac defibrillators and neurostimulators are medical devices implanted into patients’ bodies for monitoring physiological signals and performing medical treatments. Many IMDs have built-in wireless communication modules to facilitate data collecting and device reprogramming by external programmers. The wireless communication brings significant conveniences for advanced applications such as real-time and remote monitoring but also introduces the risk of unauthorized wireless access. The absence of effective access control mechanisms exposes patients’ life to cyber attacks. In this paper, we present a lightweight and universally applicable access control system for IMDs. By leveraging Physically Obfuscated Keys (POKs) as the hardware root of trust, provable security is achieved based on standard cryptographic primitives while attaining high energy efficiency. In addition, barrier-free IMD access under emergent situations is realized by utilizing the patient’s biometrical information. We evaluate our proposed scheme through extensive security analysis and a prototype implementation, which demonstrate our work’s superiority on security and energy efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Barnaby jack hacks diabetes insulin pump live at hacker halted (2011). https://www.infosecurity-magazine.com/news

  2. Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: fast and secure message authentication. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 216–233. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_14

    Chapter  Google Scholar 

  3. Bringer, J., Chabanne, H., Icart, T.: On physical obfuscation of cryptographic algorithms. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 88–103. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10628-6_6

    Chapter  Google Scholar 

  4. Daugman, J.: The importance of being random: statistical principles of iris recognition. Pattern Recogn. 36(2), 279–291 (2003)

    Article  Google Scholar 

  5. Daugman, J.: How iris recognition works. IEEE Trans. Circuits Syst. Video Technol. 14(1), 21–30 (2004)

    Article  Google Scholar 

  6. Cannière, C.: Trivium: a stream cipher construction inspired by block cipher design principles. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 171–186. Springer, Heidelberg (2006). https://doi.org/10.1007/11836810_13

    Chapter  Google Scholar 

  7. De Meulenaer, G., Gosset, F., Standaert, F.X., Pereira, O.: On the energy cost of communication and cryptography in wireless sensor networks. In: 2008 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications, WIMOB 2008, pp. 580–585. IEEE (2008)

    Google Scholar 

  8. Denning, T., Borning, A., Friedman, B., Gill, B.T., Kohno, T., Maisel, W.H.: Patients, pacemakers, and implantable defibrillators: human values and security for wireless implantable medical devices. In: SIGCHI Conference on Human Factors in Computing Systems (2010)

    Google Scholar 

  9. Denning, T., Fu, K., Kohno, T.: Absence makes the heart grow fonder: New directions for implantable medical device security. In: USENIX HotSec (2008)

    Google Scholar 

  10. Du, X., Guizani, M., Xiao, Y., Chen, H.H.: Transactions papers a routing-driven elliptic curve cryptography based key management scheme for heterogeneous sensor networks. IEEE Trans. Wireless Commun. 8(3), 1223–1229 (2009)

    Article  Google Scholar 

  11. Du, X., Xiao, Y., Ci, S., Guizani, M., Chen, H.H.: A routing-driven key management scheme for heterogeneous sensor networks. In: 2007 IEEE International Conference on Communications, pp. 3407–3412. IEEE (2007)

    Google Scholar 

  12. Du, X., Xiao, Y., Guizani, M., Chen, H.H.: An effective key management scheme for heterogeneous sensor networks. Ad Hoc Netw. 5(1), 24–34 (2007)

    Article  Google Scholar 

  13. Fueki, S.: Semiconductor integrated circuit on IC card protected against tampering. US Patent App. 09/962,224, 26 September 2001

    Google Scholar 

  14. Galbally, J., Marcel, S., Fierrez, J.: Image quality assessment for fake biometric detection: application to iris, fingerprint, and face recognition. IEEE Trans. Image Process. 23(2), 710–724 (2014)

    Article  MathSciNet  Google Scholar 

  15. Gassend, B.L.: Physical random functions. Ph.D. thesis, Massachusetts Institute of Technology (2003)

    Google Scholar 

  16. Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D., Fu, K.: They can hear your heartbeats: non-invasive security for implantable medical devices. ACM SIGCOMM Comput. Commun. Rev. 41(4), 2–13 (2011)

    Article  Google Scholar 

  17. Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D., Fu, K.: They can hear your heartbeats: non-invasive security for implantable medical devices. In: ACM SIGCOMM (2011)

    Google Scholar 

  18. Gupta, S.: Dick cheney’s heart, October 2013. http://www.cbsnews.com/news/dick-cheneys-heart/

  19. Halperin, D., et al.: Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defenses. In: IEEE S&P (2008)

    Google Scholar 

  20. Hao, F., Anderson, R., Daugman, J.: Combining crypto with biometrics effectively. IEEE Trans. Comput. 55(9), 1081–1088 (2006)

    Article  Google Scholar 

  21. Hei, X., Du, X.: Biometric-based two-level secure access control for implantable medical devices during emergencies. In: IEEE INFOCOM (2011)

    Google Scholar 

  22. Hei, X., Du, X., Lin, S., Lee, I.: PIPAC: patient infusion pattern based access control scheme for wireless insulin pump system. In: 2013 Proceedings IEEE INFOCOM, pp. 3030–3038. IEEE (2013)

    Google Scholar 

  23. Hei, X., Du, X., Wu, J., Hu, F.: Defending resource depletion attacks on implantable medical devices. In: 2010 IEEE Global Telecommunications Conference GLOBECOM 2010, pp. 1–5. IEEE (2010)

    Google Scholar 

  24. Holcomb, D.E., Burleson, W.P., Fu, K.: Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. 58(9), 1198–1210 (2009)

    Article  MathSciNet  Google Scholar 

  25. Hu, C., Cheng, X., Zhang, F., Wu, D., Liao, X., Chen, D.: OPFKA: secure and efficient ordered-physiological-feature-based key agreement for wireless body area networks. In: IEEE INFOCOM (2013)

    Google Scholar 

  26. Karpinskyy, B., Lee, Y., Choi, Y., Kim, Y., Noh, M., Lee, S.: 8.7 physically unclonable function for secure key generation with a key error rate of 2E-38 in 45nm smart-card chips. In: 2016 IEEE International Solid-State Circuits Conference (ISSCC), pp. 158–160. IEEE (2016)

    Google Scholar 

  27. Kazmi, A.R., Afzal, M., Amjad, M.F., Abbas, H., Yang, X.: Algebraic side channel attack on trivium and grain ciphers. IEEE Access (2017)

    Google Scholar 

  28. Kohli, N., Yadav, D., Vatsa, M., Singh, R., Noore, A.: Detecting medley of iris spoofing attacks using desist. In: 2016 IEEE 8th International Conference on Biometrics Theory, Applications and Systems (BTAS), pp. 1–6. IEEE (2016)

    Google Scholar 

  29. Li, C., Raghunathan, A., Jha, N.K.: Hijacking an insulin pump: security attacks and defenses for a diabetes therapy system. In: IEEE HealthCom (2011)

    Google Scholar 

  30. Lim, D., Lee, J.W., Gassend, B., Suh, G.E., Van Dijk, M., Devadas, S.: Extracting secret keys from integrated circuits. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 13(10), 1200–1205 (2005)

    Article  Google Scholar 

  31. Min, B.J., et al.: An embedded nonvolatile FRAM with electrical fuse repair scheme and one time programming scheme for high performance smart cards. In: 2005 Proceedings of the IEEE Custom Integrated Circuits Conference, pp. 255–258. IEEE (2005)

    Google Scholar 

  32. Ming-Chien, C., Chi-Wei, K.: Stolen-verifier attack on two new strong-password authentication protocols. IEICE Trans. Commun. 85(11), 2519–2521 (2002)

    Google Scholar 

  33. Pope, A., Bouxsein, P., Manning, F.J., Hanna, K.E., et al.: Innovation and invention in medical devices: workshop summary. National Academies Press (2001)

    Google Scholar 

  34. Potestad-Ordóñez, F., Jiménez-Fernández, C.J., Valencia-Barrero, M.: Fault attack on FPGA implementations of trivium stream cipher. In: 2016 IEEE International Symposium on Circuits and Systems (ISCAS), pp. 562–565. IEEE (2016)

    Google Scholar 

  35. Prayati, A., Antonopoulos, C., Stoyanova, T., Koulamas, C., Papadopoulos, G.: A modeling approach on the TelosB WSN platform power consumption. J. Syst. Softw. 83(8), 1355–1363 (2010)

    Article  Google Scholar 

  36. Radcliffe, J.: Hacking medical devices for fun and insulin: breaking the human SCADA system. In: Black Hat Conference Presentation Slides, vol. 2011 (2011)

    Google Scholar 

  37. Ravikanth, P.S.: Physical one-way functions. Ph.D. thesis, Massachusetts Institute Of Technology (2001)

    Google Scholar 

  38. Robshaw, M.: The eSTREAM project. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 1–6. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68351-3_1

    Chapter  MATH  Google Scholar 

  39. Rostami, M., Burleson, W., Juels, A., Koushanfar, F.: Balancing security and utility in medical devices? In: IEEE Design Automation Conference (DAC) (2013)

    Google Scholar 

  40. Rostami, M., Juels, A., Koushanfar, F.: Heart-to-heart (H2H): authentication for implanted medical devices. In: ACM CCS (2013)

    Google Scholar 

  41. Skorobogatov, S.: Flash Memory ‘Bumping’ Attacks. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 158–172. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_11

    Chapter  Google Scholar 

  42. Somov, A., Minakov, I., Simalatsar, A., Fontana, G., Passerone, R.: A methodology for power consumption evaluation of wireless sensor networks. In: 2009 IEEE Conference on Emerging Technologies & Factory Automation, ETFA 2009, pp. 1–8. IEEE (2009)

    Google Scholar 

  43. Wei, Z., Qiu, X., Sun, Z., Tan, T.: Counterfeit iris detection based on texture analysis. In: 2008 19th International Conference on Pattern Recognition, ICPR 2008, pp. 1–4. IEEE (2008)

    Google Scholar 

  44. Xia, Q., Sifah, E.B., Asamoah, K.O., Gao, J., Du, X., Guizani, M.: MeDShare: trust-less medical data sharing among cloud service providers via blockchain. IEEE Access 5, 14757–14767 (2017)

    Article  Google Scholar 

  45. Xiao, Y., Rayi, V.K., Sun, B., Du, X., Hu, F., Galloway, M.: A survey of key management schemes in wireless sensor networks. Comput. Commun. 30(11–12), 2314–2341 (2007)

    Article  Google Scholar 

  46. Xu, F., Qin, Z., Tan, C.C., Wang, B., Li, Q.: IMDGuard: securing implantable medical devices with the external wearable guardian. In: INFOCOM, 2011 Proceedings IEEE, pp. 1862–1870. IEEE (2011)

    Google Scholar 

  47. Zheng, G., Fang, G., Orgun, M.A., Shankaran, R.: A non-key based security scheme supporting emergency treatment of wireless implants. In: IEEE ICC (2014)

    Google Scholar 

  48. Zheng, G., et al.: Multiple ECG fiducial points based random binary sequence generation for securing wireless body area networks. IEEE J. Biomed. Health Inform. PP(99), 655–663 (2016)

    Google Scholar 

Download references

Acknowledgments

This publication was made possible by NPRP grant #8-408-2-172 from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors.

Author information

Authors and Affiliations

  1. Temple University, Philadelphia, PA, 19122, USA

    Chenglong Fu & Xiaojiang Du

  2. Fayetteville State University, Fayetteville, NC, 28301, USA

    Longfei Wu

  3. University of South Carolina, Columbia, SC, 29208, USA

    Qiang Zeng

  4. Qatar University, Doha, Qatar

    Amr Mohamed & Mohsen Guizani

Authors
  1. Chenglong Fu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiaojiang Du
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Longfei Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Qiang Zeng
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Amr Mohamed
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Mohsen Guizani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chenglong Fu .

Editor information

Editors and Affiliations

  1. George Mason University, Fairfax, VA, USA

    Songqing Chen

  2. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  3. Boston University, Lowell, MA, USA

    Xinwen Fu

  4. Virginia Tech, Blacksburg, VA, USA

    Wenjing Lou

  5. University of Central Florida, Orlando, FL, USA

    Aziz Mohaisen

Rights and permissions

Reprints and permissions

Copyright information

© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fu, C., Du, X., Wu, L., Zeng, Q., Mohamed, A., Guizani, M. (2019). POKs Based Secure and Energy-Efficient Access Control for Implantable Medical Devices. In: Chen, S., Choo, KK., Fu, X., Lou, W., Mohaisen, A. (eds) Security and Privacy in Communication Networks. SecureComm 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 304. Springer, Cham. https://doi.org/10.1007/978-3-030-37228-6_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-37228-6_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-37227-9

  • Online ISBN: 978-3-030-37228-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation