Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security in Computer Networks and Distributed Systems

SNDS 2014: Recent Trends in Computer Networks and Distributed Systems Security pp 370–381Cite as

Emergency Aware, Non-invasive, Personalized Access Control Framework for IMDs

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 420))

Abstract

Implantable Medical Devices have helped patients suffering from chronic diseases by providing continuous diagnosis, treatment and remote monitoring without hospitalization and at a less expense with increased flexibility. Incorporation of wireless bidirectional communication has introduced vulnerabilities like unauthorized wireless access which might get realized as a security attack and endanger patient privacy and safety. Traditional security and privacy techniques cannot be directly applied to these devices because of their miniaturized size which leads to power, computational and storage constraint. Moreover their positioning inside the human body makes battery replacement possible only through surgery. Security and privacy technique for these devices must balance security and safety and should also be acceptable and usable. Moreover it should not reduce the clinical effectiveness of the device. Security researchers have proposed ways of providing security but have kept the property of fail openness in order to make IMD accessible during emergencies. Fail openness is defined as a property of Implantable Medical Device due to which during emergency condition access is granted bypassing all security techniques. We argue that the patient is all the more vulnerable during an emergency situation and complete removal of security may be dangerous for the safety of the patient.We propose a solution to provide fine grained Access Control which also takes emergency condition into notice. The security needs for IMD communication requires dynamic and flexible policy enforcement. While providing strong Access Control during normal situation, our solution accommodates emergency access to the data in a life-threatening situation. We propose personalized Emergency Aware role based Access Control (EAAC) framework. This framework can work in conjunction with Authentication and Encryption to provide a strong security solution as compared to other solutions. In fact we believe that the possibility of an attacker inducing false alarms to introduce fake emergency situation and take control of the IMD is likely to increase and the solution that we propose here may be more useful in such cases.Our paper highlight security challenges when fail open access is given and provide a solution using EAAC framework.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Insulin pumps - global pipeline analysis, opportunity assessment and market forecasts to 2016. GlobalData, http://www.globaldata.com

  2. Halperin, D., Heydt-Benjamin, T.S., Fu, K., Kohno, T., Maisel, W.H.: Security and privacy for Implantable medical devices. IEEE Pervasive Computing 7(1), 30–39 (2008)

    Article  Google Scholar 

  3. Roberts, P.: Blind attack on wireless insulin pumps could deliver lethal dose. Threatpost (blog post) (October 2011), http://threatpost.com/en_us/blogs/blind-attack-wireless-insulin-pumps-could-deliver-lethal-dose-102711

  4. Li, C., Raghunathan, A., Jha, N.K.: Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system. In: Proceedings of the 13th IEEE International Conference on e-Health Networking, Applications, and Services, Healthcom 2011 (June 2011)

    Google Scholar 

  5. Burleson, W., Clark, S.S., Ransford, B., Fu, K.: Design challenges for secure implantable medical devices. In: Proceedings of the 49th Annual Design Automation Conference (DAC 2012), pp. 12–17. ACM, New York (2012)

    Chapter  Google Scholar 

  6. Bergamasco, S., Bon, M., Inchingolo, P.: Medical data protection with a new generation of hardware authentication tokens. In: Mediterranean Conference on Medical and Biological Engineering and Computing (MEDICON), Pula, Croatia, pp. 82–85 (2001)

    Google Scholar 

  7. Schechter, S.: Security that is Meant to be Skin Deep: Using Ultraviolet Micropigmentation to Store Emergency-Access Keys for Implantable Medical Devices. In: USENIX Workshop on Health Security and Privacy (2010)

    Google Scholar 

  8. Rasmussen, K.B., Castelluccia, C., Heydt-Benjamin, T.S., Capkun, S.: Proximity-Based Access Control for Implantable Medical Devices. In: ACM Conference on Computer and Communications Sexscurity (2009)

    Google Scholar 

  9. Halperin, D., Heydt-Benjamin, T.S., Ransford, B., Clark, S.S., Defend, B., Morgan, W., Fu, K., Kohno, T., Maisel, W.H.: Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses. In: IEEE Symposium on Security and Privacy (2008)

    Google Scholar 

  10. Denning, T., Fu, K., Kohno, T.: Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security. In: HotSec (2008)

    Google Scholar 

  11. Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D., Fu, K.: They Can Hear Your Heartbeats: Noninvasive Security for Implanted Medical Devices. In: ACM SIGCOMM (2011)

    Google Scholar 

  12. Sandhu, R., Samarati, P.: Access control: Principles and practice. IEEE Communications Magazine 32(9), 40–48 (1994), http://www.list.gmu.edu/journals/commun/i94ac%28org%29.pdf

    Article  Google Scholar 

  13. D. of Defense, Department of defense trusted computer system evaluation criteria, Department of Defense Standard, Tech. Rep., (December 1985), http://csrc.nist.gov/publications/history/dod85.pdf

  14. Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role Based Access Control Models. IEEE Computer, 38–47 (February 1996)

    Google Scholar 

  15. Covington, M.J., Long, W., Srinivasan, S.: Secure Context-Aware Applications Using Environmental Roles. In: Proc. of 6th ACM Symp. on Access Control Models Tech. (2001)

    Google Scholar 

  16. Al-Muhtadi, J., Ranganathan, A., Campbell, R.H., Mickunas, M.D.: Cerberus: A Context-Aware Security Scheme for Smart Spaces. In: Proc. IEEE Percom (2003)

    Google Scholar 

  17. Hu, J., Weaver, A.C.: Dynamic, Context-aware Security Infrastructure for Distributed Healthcare Applications. In: Proc. 1st Workshop on Pervasive Security, Privacy Trust (2004)

    Google Scholar 

  18. Gupta, S.K.S., Mukherjee, T., Venkatasubramanian, K.: Criticality Aware Access Control Model for Pervasive Applications. In: Proceedings of the Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM 2006), pp. 251–257. IEEE Computer Society, Washington, DC (2006)

    Chapter  Google Scholar 

  19. USPTO Patent Application 20080044014. Secure telemetric link, http://www.freshpatents.com/Secure-telemetric-link-dt20080221ptan200800%44014.php?type=description

  20. Venkatasubramanian, K., Gupta, S.: Security for pervasive healthcare. In: Security in Distributed, Grid, Mobile, and Pervasive Computing, pp. 349–366 (2007)

    Google Scholar 

  21. Cherukuri, S., Venkatasubramanian, K.K., Gupta, S.K.S.: Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body. In: International Conference on Parallel Processing Workshops, pp. 432–439 (October 2003)

    Google Scholar 

  22. Harland, C.J., Clark, T.D., Prance, R.J.: Electric potential probes - new directions in the remote sensing of the human body. In: Measurement Science and Technology, vol. 13, p. 163 (2002)

    Google Scholar 

  23. Hansen, J.A., Hansen, N.M.: A taxonomy of vulnerabilities in implantable medical devices. In: Proceedings of the Second Annual Workshop on Security and Privacy in Medical and Home-care Systems (SPIMACS 2010), pp. 13–20. ACM, New York (2010)

    Chapter  Google Scholar 

  24. Savci, H., Sula, A., Wang, Z., Dogan, N.S., Arvas, E.: MICS transceivers: regulatory standards and applications [medical implant communications service. In: Proceedings of IEEE SoutheastCon 2005, pp. 179–182 (April 2005)

    Google Scholar 

  25. Calero, J.M.A., Perez, G.M., Skarmeta, A.F.G.: Towards an Authorization Model for Distributed Systems based on the Semantic Web. IET Information Security. IET 4(4), 411–421 (2010)

    Article  Google Scholar 

  26. Ni, Q., Bertino, E., Lobo, J., Calo, S.B.: Privacy aware Role Based Access Control. IEEE Security and Privacy 7(4), 35–43 (2009)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LJ Institute of Computer Application, Ahmedabad, India

    Monika Darji

  2. GLS Institute of Computer Technology, Ahmedabad, India

    Bhushan H. Trivedi

Authors
  1. Monika Darji
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bhushan H. Trivedi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Facultad de Informatica, Campus de Espinardo, s/n, 30., 100, Murcia, Spain

    Gregorio Martínez Pérez

  2. Indian Institute of Information Technology and Management, Technopark Campus, 695581, Trivandrum, Kerala, India

    Sabu M. Thampi

  3. Faculty of Computing and Mathematical Sciences, The University of Waikato, Waikato Mail Centre, Private Bag 3105, Hamilton, New Zealand

    Ryan Ko

  4. Guangdong University of Petrochemical Technology, P.R. China

    Lei Shu

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Darji, M., Trivedi, B.H. (2014). Emergency Aware, Non-invasive, Personalized Access Control Framework for IMDs. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds) Recent Trends in Computer Networks and Distributed Systems Security. SNDS 2014. Communications in Computer and Information Science, vol 420. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54525-2_33

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-54525-2_33

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-54524-5

  • Online ISBN: 978-3-642-54525-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation