securing the healthcare industry : implantable medical devices
DESCRIPTION
A broad perspective on Healthcare vulnerability in terms of security.TRANSCRIPT
Securing the Healthcare Industry: IMD
Tandhy Simanjuntak
Seminar on Practical Security
08/18/2014
Implantable Medical DevicesDevice inserted into human body for medical purposes
39%
11%8%
8%
7%
6%
6%
6%
4%3% 2%
Artificial Eye Lenses
Ear Tubes
Coronary Stents
Artificial Knees
Traumatic Fracture Repair
IUDs
Spinal Fusion Hardware
Breast Implants
Heart Pacemakers
Artificial Hips
Implantable Cardioverter Defibrillators
2011 Most implanted medical devices in America[17]
Implantable Medical DevicesDevice inserted into human body for medical purposes
Limited Resources[28]
Limited Power[28]
Programmable[28]
Small size
Network-connected
Tiny computing platform with firmware[28]
Deep Brain Neurostimulator[1]
Deep brain neurostimulator. http://www.synaptix.be
Use for treatment of movement and affective disorders[6]
• Parkinson’s disease• Essential tremor• Dystonia• Chronic Pain• Major depression• OCD
Cochlear Implant[3]
Cochlear implant. www.medel.com.
May helps patients with deaf to enable sufficient hearing for better understanding of speech[7]
Gastric Stimulator[2]
Implant Cardiac Defibrillator[4]
Insulin Pumps[5]
• Attached to the surface of the stomach[7]
• Aimed at obesity management[7]
• Implanted in the upper left chest and the lead in the right ventricle of the heart[9]
• Detect Cardiac Arrhythmia and correct it with brief electrical impulse[9]
• Implanted under the skin[10]
• Administer the insulin for the treatment of diabetes mellitus patient[10]
ACNR. Foot drop. http://www.acnr.co.uk
Foot Drop Implant• Implanted on peroneal nerve, proximal to the knee[11]
• Gait abnormality, which dropping the forefoot[12]
http://groups.csail.mit.edu/netmit/IMDShield
IMD Data[28]
Static Data• Device make and model number
Semi-static Data• Physician & Health Center ID
• Patient Name and DOB
• Medical Condition
• Therapy configuration
Dynamic Data• Patient health status history
• Therapy and dosage history
• Audit logs
Threats[28]
Patient data extraction
Patient data tampering
Device re-programming
Repeated access attempts
Threats[28]
Device shut-off
Therapy update
Malicious inputs
Data flooding
Attacks Pacemakers & ICDs : software radio attacks and Zero-Power defenses[26]
Resource depletion attacks[27]
pacemaker or ICDs
Insulin pumps
AttacksPacemakers & ICDs : software radio attacks and Zero-Power defenses[26]
Pacemakers & ICDs : software radio attacks
and Zero-Power defenses[26]
Resource depletion attacks[27]
pacemaker or ICD
insulin pumps
Non-encrypted sensitive information
Reprogramming attack
Communicate with unauthenticated device DoS
3 adversaries:
Adversary with commercial ICD programmer
Passive adversary : eavesdrops communication
Active adversary : generate arbitrary RF
AttacksResource depletion attacks[27]
bladeRF. www.nuand.com
Pacemakers & ICDs : software radio attacks
and Zero-Power defenses[26]
Resource depletion attacks[27]
pacemaker or ICD
insulin pumps
Forced authentication attack: software defined radio (bladeRF[29]/hackRF[30])
Communications and computations
Security logs
Attacks
Pacemakers & ICDs : software radio attacks
and Zero-Power defenses[26]
Resource depletion attacks[27]
pacemaker or ICD
insulin pumps
Pacemaker or ICD[32]
• Device shut-off
• Read and write
• Deliver electric shock up to 830 Volts
Insulin Pumps
• Supply more insulin[33]
• Hacking Medical Devices for Fun and Insulin: Brea-king the Human SCADA System
[34]
Blackhat 2013
Challenges[28]
Resource limitations
Cryptography : ECC[14][15]
Audit mechanisms
Criteria forIMDs[22] Safety and Utility Goals
Security and Privacy Goals
Criteria forIMD
Safety and Utility Goals
Security and Privacy Goals
Data access
Data accuracy
Device identification
Configurability
Criteria forIMD
Safety and Utility Goals
Security and Privacy Goals
Updatable software
Multi-device coordination
Auditable
Resource efficient
Criteria forIMD
Safety and Utility Goals
Security and Privacy Goals
Authorization
• Personal
• Role-based
• IMD selection
Availability
Device software and testing
Criteria forIMD
Safety and Utility Goals
Security and Privacy Goals
Device-existence privacy
Device-type privacy
Specific-device ID privacy
Measurement and log privacy
Criteria forIMD
Safety and Utility Goals
Security and Privacy Goals
Bearer privacy
Data Integrity
AdversariesType
Passive adversaries
Active adversaries
Coordinated adversaries
Insiders
AdversariesEquipment
Standard equipment
Custom equipment
Others work MedMon: with wireless monitoring and anomaly detection[18]
• Snoops radio-frequency wireless
• Multi-layer anomaly detection
• Identify malicious transactions
• Response: passive (notify user) or active (jamming packets)
IMDShield[16]
• Jam IMD’s messages and unauthorized commands
“At this time we believe that the risk is low and the benefits of the therapy to people with diabetes outweigh theRisk of an individual criminal attack”
Amanda McNulty SheldonDirector of Public Relations for Medtronic Diabetes
http://www.bloomberg.com/video/87427352-mcafee-s-barnaby-on-medical-device-hacking.html
References1. Deep brain neurosimulator. www.virtualworldlets.net. Web. 7 Aug 2014.
2. Gastric Stimulator. www.medicalexpo.com. Web. 7 Aug 2014.
3. Cochlear Implant. http://professionals.cochlearamericas.com. Web. 7 Aug 2014.
4. Implant Cardiac Defribillator. drivetheweb.com. Web. 7 Aug 2014.
5. Insulin pumps. www.medgadget.com. Web. 7 Aug 2014.
6. Wikipedia. http://en.wikipedia.org/wiki/Deep_brain_stimulation. Web. 8 Aug 2014.
7. Wikipedia. http://en.wikipedia.org/wiki/Cochlear_implant. Web. 8 Aug 2014.
8. Wikipedia. http://en.wikipedia.org/wiki/Implantable_gastric_stimulation. Web. 8 Aug 2014.
9. Wikipedia. http://en.wikipedia.org/wiki/Implantable_cardioverter-defibrillator. Web. 8 Aug 2014.
10. Wikipedia. http://en.wikipedia.org/wiki/Insulin_pump. Web. 8 Aug 2014.
11. Haugland, M., Childs, C., Ladouceur, M., Haase*, J., Sinkjær, T. (2000). An Implantable Foot Drop Stimulator. Proceedings of the 5th Annual IFESS Conference, pp. 59-62. 2000.
12. Wikipedia. http://en.wikipedia.org/wiki/Foot_drop. Web. 8 Aug 214.
13. T. Buchegger, G. Obberger, A. Reisenzahn, E. Hochmair, A. Stelzer, and A. Springer, ‘‘Ultrawideband transceivers for cochlear implants,EURASIP J. Appl. Signal. Process., vol. 2005, no. 18, pp. 3069–3075, 2005.
14. Fan, J., Reparaz, O., Rozic, V., Verbauwhede, I. (2013). Low-Energy Encryption for Medical Devices: Security Adds an Extra Design Dimension. Design Automation Conference (DAC), 2013 50th ACM / EDAC / IEEE. May 29 2013-June 7 2013.
15. Malasri, K., Wang, L. (2008) Design and Implementation of a Secure Wireless Mote-Based Medical Sensor Network. UbiComp 2008, Sept 21-24, 2008, Seoul, Korea.
16. IMDShield. http://groups.csail.mit.edu/netmit/IMDShield/. Web. 7 Aug 2014.
References17. The eleven most implanted medical devices in America. http://247wallst.com/healthcare-economy/2011/07/18/the-eleven-most-implanted-medical-devices-in-
america/3/. Web. 12 Aug 2014.
18. Zhang, M., Raghunathan, A., Jha, N.K. (2013). MedMon : Securing Medical Devices Through Wireless Monitoring and Anomaly Detection. IEEE TRANSACTIONS ON BIOMEDICAL CIRCUITS AND SYSTEMS, VOL. 7, NO. 6, DECEMBER 2013
19. Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D., Fu, K (2011). They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices. SIGCOMM 2011, Aug 15-19, 2011, Toronto, ON, Canada.
20. C. Zhan, W. B. Baine, A. Sedrakyan, and S. Claudia. Cardiac device implantation in the US from 1997 through 2004: A population-based analysis. Journal of General Internal Medicine, 2007.
21. Fu, K. (2009) Inside risks: Reducing risks of implantable medical devices. Communications of the ACM - One Laptop Per Child: Vision vs. Reality CACM Homepage archive, Volume 52 Issue 6, June 2009 Pages 25-27, ACM New York, NY, USA.
22. Halperin, D. ; Kohno, T. ; Heydt-Benjamin, T.S. ; Fu, K. ; Maisel, W.H. (2008). Security and Privacy for Implantable Medical Devices. Pervasive Computing, IEEE (Volume:7 , Issue: 1 ). Date of Publication: Jan.-March 2008. IEEE
23. W. H. Maisel. Safety issues involving medical devices: Implications of recent implantable cardioverter-defibrillator malfunctions. Journal of the American Medical Association, 2005.
24. ETSI EN 301 839-1 V 1.3.1 (2009-10). Electromagnetic compatibility and Radio spectrum Matters (ERM); Short Range Devices (SRD); Ultra Low Power Active Medical Implants (ULP-AMI) and Peripherals (ULP-AMI-P) operating in the frequency range 402 MHz to 405 MHz; Part 1: Technical characteristics and test methods
25. Medical Implant Communication Service. http://en.wikipedia.org/wiki/Medical_Implant_Communication_Service. Web. 13 Aug 2014.
26. Halperin, D. ; Heydt-Benjamin, T.S. ; Ransford, B. ; Clark, S.S. ; Defend, B. ; Morgan, W. ; Fu, K. ; Kohno, T. ; Maisel, W.H. (2008) Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses. Security and Privacy, 2008. SP 2008. IEEE Symposium. Publication Year: 2008 , Page(s): 129 – 142.
References27. Hei, X., Du, X., Wu, J., Hu, F. (2010). Defending Resource Depletion Attacks on Implantable Medical Devices. Global Telecommunications Conference
(GLOBECOM 2010),IEEE.
28. Gupta, S.(2012). Implantable Medical Devices-Cyber Risks and Mitigation Approaches. Presentation. NIST Cyber Physical Systems Workshop. April 23-24, 2012.
29. BladeRF, Software defined Radio. www.nuand.com. Web. 17 Aug 2014.
30. hackRF, open source software defined radio. http://greatscottgadgets.com/hackrf/. Web. 17 Aug 2014.
31. bladeRF. https://www.kickstarter.com/projects/1085541682/bladerf-usb-30-software-defined-radio. Web. 17 Aug 2014
32. Hacking implantable medical devices. http://resources.infosecinstitute.com/hcking-implantable-medical-devices/. Web. 17 Aug 2014.
33. McAfee’s Barnaby on Medical Device Hacking. http://www.bloomberg.com/video/87427352-mcafee-s-barnaby-on-medical-device-hacking.html. Video. 17 Aug 2014.
34. Radcliffe, J. (2011). Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System.