Transcript ppt

Security and Privacy for
Implantable Medical Devices
Presented by : Dilip Simha.C.R.
Authors and Publication
• Daniel Halperin, Thomas S. Heydt-Benjamin,
Kevin Fu, Tadayoshi Kohno, and William H.
Maisel
• Pervasive Computing, IEEE (Volume:7, Issue:
1)
Topics
•
•
•
•
•
•
•
What are IMD’s?.
Need of Security and Privacy.
Design issues
Types of intruders
Methods to deal with security issues
Tensions
Future research
What are Implantable Medical
Devices
• Monitor and treat physiological conditions.
• Placed inside the body
• Examples
•
•
•
•
Pacemakers
ICD’s(Implantable cardiac defibrillators)
Drug delivery systems
Neurostimulators
Importance of IMD’s
• Used in treatment of diseases like
• Cardiac arrhythmia
• Diabetes
• Parkinson’s disease
• Over 25 million US citizens are dependent on
IMD’s.
Modern day IMD’s
• Enable remote monitoring over long-range
• Communicate with other interoperating
IMD’s
Criteria for design of IMD’s
• Safety and Utility goals
• Security and Privacy goals
Safety and Utility goals
•
•
•
•
•
•
Data accuracy
Device Identification
Configurability
Updatable Software
Multidevice Coordination
Auditable
Data accuracy
• Measured and stored data should be
accurate.
• Incudes data about physiological conditions
and timing.
Device Identification
• Authorized personnel must detect the
presence of IMD’s.
• Example- ICD’s removal before heart surgery
• FDA considered attaching RFID(Radio
Frequency ID) to IMD’s.
Configurability
• Authorized personnel must be able to
change IMD settings.
• ICD’s and Open loop Insulin pumps.
Updatable Software
• Appropriately engineered updates are
necessary
• Updates need to come from authorized
personnel
Multidevice Coordination
• Current IMD’s have some examples of
coordination
• CROS(Contralateral routing of signals) hearing Aid.
• Projected future devices use more
coordination
•
closed loop insulin delivery system
Auditable
• In case of failure
• Device’s operational history to manufacturers.
• Might differ from the data received by
healthcare professionals.
Resource Efficient
• Power consumption
• More energy for wireless communications.
• Must minimize computation and communication.
• Data storage requirements
Security and Privacy Goals
•
•
•
•
•
•
•
•
•
Authorization
Availability
Device software and settings
Device Existence Privacy
Device-type privacy
Specific Device ID privacy
Measurement and Log privacy
Bearer privacy
Data integrity
Authorization
• Personal Authorization
• Specific basic rights are granted
• Patients and primary-care physicians
• Role-based authorization
• Authorized for a set of tasks
• Physician or Ambulance Computer
• IMD selection
• Only interact with intended devices.
Availability
• DoS attack prevention
• Intruder should not be able to
• Drain battery
• Overflow data storage
• Jam the communication
Device software and settings
• Authorized personnel should only modify
IMD’s.
• Avoid accidental malfunctions.
Device existence privacy
• IMD’s are expensive.
• Avoid detection by unauthorized personnel.
Specific device ID privacy
• Attacker should not be able to track IMD’s.
• Location privacy.
Measurement and log privacy
• Private information about measurements and
audit log data.
Bearer Privacy
• Private information of patient
• Name
• Medical history
• Detailed diagnoses.
Data integrity
• Avoid tampering of past data.
• Avoid inducing modifications to future data.
Classes of adversaries
•
•
•
•
Passive adversaries
Active adversaries
Coordinated adversaries
Insiders
Tensions
• Security v/s Accessibility
• Security v/s Device resources
• Security v/s Usability
Research directions
• Fine grained access control
• Open access with revocation and secondfactor authentication
• Accountability
• Patient awareness via secondary channels
• Authorization via secondary channels
• Shift computation to external devices
QUESTIONS?