Abstract
Implantable Medical Devices have helped patients suffering from chronic diseases by providing continuous diagnosis, treatment and remote monitoring without hospitalization and at a less expense with increased flexibility. Incorporation of wireless bidirectional communication has introduced vulnerabilities like unauthorized wireless access which might get realized as a security attack and endanger patient privacy and safety. Traditional security and privacy techniques cannot be directly applied to these devices because of their miniaturized size which leads to power, computational and storage constraint. Moreover their positioning inside the human body makes battery replacement possible only through surgery. Security and privacy technique for these devices must balance security and safety and should also be acceptable and usable. Moreover it should not reduce the clinical effectiveness of the device. Security researchers have proposed ways of providing security but have kept the property of fail openness in order to make IMD accessible during emergencies. Fail openness is defined as a property of Implantable Medical Device due to which during emergency condition access is granted bypassing all security techniques. We argue that the patient is all the more vulnerable during an emergency situation and complete removal of security may be dangerous for the safety of the patient.We propose a solution to provide fine grained Access Control which also takes emergency condition into notice. The security needs for IMD communication requires dynamic and flexible policy enforcement. While providing strong Access Control during normal situation, our solution accommodates emergency access to the data in a life-threatening situation. We propose personalized Emergency Aware role based Access Control (EAAC) framework. This framework can work in conjunction with Authentication and Encryption to provide a strong security solution as compared to other solutions. In fact we believe that the possibility of an attacker inducing false alarms to introduce fake emergency situation and take control of the IMD is likely to increase and the solution that we propose here may be more useful in such cases.Our paper highlight security challenges when fail open access is given and provide a solution using EAAC framework.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Insulin pumps - global pipeline analysis, opportunity assessment and market forecasts to 2016. GlobalData, http://www.globaldata.com
Halperin, D., Heydt-Benjamin, T.S., Fu, K., Kohno, T., Maisel, W.H.: Security and privacy for Implantable medical devices. IEEE Pervasive Computing 7(1), 30–39 (2008)
Roberts, P.: Blind attack on wireless insulin pumps could deliver lethal dose. Threatpost (blog post) (October 2011), http://threatpost.com/en_us/blogs/blind-attack-wireless-insulin-pumps-could-deliver-lethal-dose-102711
Li, C., Raghunathan, A., Jha, N.K.: Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system. In: Proceedings of the 13th IEEE International Conference on e-Health Networking, Applications, and Services, Healthcom 2011 (June 2011)
Burleson, W., Clark, S.S., Ransford, B., Fu, K.: Design challenges for secure implantable medical devices. In: Proceedings of the 49th Annual Design Automation Conference (DAC 2012), pp. 12–17. ACM, New York (2012)
Bergamasco, S., Bon, M., Inchingolo, P.: Medical data protection with a new generation of hardware authentication tokens. In: Mediterranean Conference on Medical and Biological Engineering and Computing (MEDICON), Pula, Croatia, pp. 82–85 (2001)
Schechter, S.: Security that is Meant to be Skin Deep: Using Ultraviolet Micropigmentation to Store Emergency-Access Keys for Implantable Medical Devices. In: USENIX Workshop on Health Security and Privacy (2010)
Rasmussen, K.B., Castelluccia, C., Heydt-Benjamin, T.S., Capkun, S.: Proximity-Based Access Control for Implantable Medical Devices. In: ACM Conference on Computer and Communications Sexscurity (2009)
Halperin, D., Heydt-Benjamin, T.S., Ransford, B., Clark, S.S., Defend, B., Morgan, W., Fu, K., Kohno, T., Maisel, W.H.: Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses. In: IEEE Symposium on Security and Privacy (2008)
Denning, T., Fu, K., Kohno, T.: Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security. In: HotSec (2008)
Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D., Fu, K.: They Can Hear Your Heartbeats: Noninvasive Security for Implanted Medical Devices. In: ACM SIGCOMM (2011)
Sandhu, R., Samarati, P.: Access control: Principles and practice. IEEE Communications Magazine 32(9), 40–48 (1994), http://www.list.gmu.edu/journals/commun/i94ac%28org%29.pdf
D. of Defense, Department of defense trusted computer system evaluation criteria, Department of Defense Standard, Tech. Rep., (December 1985), http://csrc.nist.gov/publications/history/dod85.pdf
Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role Based Access Control Models. IEEE Computer, 38–47 (February 1996)
Covington, M.J., Long, W., Srinivasan, S.: Secure Context-Aware Applications Using Environmental Roles. In: Proc. of 6th ACM Symp. on Access Control Models Tech. (2001)
Al-Muhtadi, J., Ranganathan, A., Campbell, R.H., Mickunas, M.D.: Cerberus: A Context-Aware Security Scheme for Smart Spaces. In: Proc. IEEE Percom (2003)
Hu, J., Weaver, A.C.: Dynamic, Context-aware Security Infrastructure for Distributed Healthcare Applications. In: Proc. 1st Workshop on Pervasive Security, Privacy Trust (2004)
Gupta, S.K.S., Mukherjee, T., Venkatasubramanian, K.: Criticality Aware Access Control Model for Pervasive Applications. In: Proceedings of the Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM 2006), pp. 251–257. IEEE Computer Society, Washington, DC (2006)
USPTO Patent Application 20080044014. Secure telemetric link, http://www.freshpatents.com/Secure-telemetric-link-dt20080221ptan200800%44014.php?type=description
Venkatasubramanian, K., Gupta, S.: Security for pervasive healthcare. In: Security in Distributed, Grid, Mobile, and Pervasive Computing, pp. 349–366 (2007)
Cherukuri, S., Venkatasubramanian, K.K., Gupta, S.K.S.: Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body. In: International Conference on Parallel Processing Workshops, pp. 432–439 (October 2003)
Harland, C.J., Clark, T.D., Prance, R.J.: Electric potential probes - new directions in the remote sensing of the human body. In: Measurement Science and Technology, vol. 13, p. 163 (2002)
Hansen, J.A., Hansen, N.M.: A taxonomy of vulnerabilities in implantable medical devices. In: Proceedings of the Second Annual Workshop on Security and Privacy in Medical and Home-care Systems (SPIMACS 2010), pp. 13–20. ACM, New York (2010)
Savci, H., Sula, A., Wang, Z., Dogan, N.S., Arvas, E.: MICS transceivers: regulatory standards and applications [medical implant communications service. In: Proceedings of IEEE SoutheastCon 2005, pp. 179–182 (April 2005)
Calero, J.M.A., Perez, G.M., Skarmeta, A.F.G.: Towards an Authorization Model for Distributed Systems based on the Semantic Web. IET Information Security. IET 4(4), 411–421 (2010)
Ni, Q., Bertino, E., Lobo, J., Calo, S.B.: Privacy aware Role Based Access Control. IEEE Security and Privacy 7(4), 35–43 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Darji, M., Trivedi, B.H. (2014). Emergency Aware, Non-invasive, Personalized Access Control Framework for IMDs. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds) Recent Trends in Computer Networks and Distributed Systems Security. SNDS 2014. Communications in Computer and Information Science, vol 420. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54525-2_33
Download citation
DOI: https://doi.org/10.1007/978-3-642-54525-2_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54524-5
Online ISBN: 978-3-642-54525-2
eBook Packages: Computer ScienceComputer Science (R0)