they can hear your heartbeats: non-invasive security for implantable medical devices
DESCRIPTION
They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices. Introduction. Implantable Medical Devices ( IMDs ) are vulnerable to exploitation (last paper) Unauthorized data retrieval Malicious commands Millions of IMDs are currently deployed This is a big problem. - PowerPoint PPT PresentationTRANSCRIPT
They Can Hear Your Heartbeats:
Non-Invasive Security for Implantable Medical Devices
Introduction
• Implantable Medical Devices (IMDs) are vulnerable to exploitation (last paper)– Unauthorized data retrieval– Malicious commands
• Millions of IMDs are currently deployed– This is a big problem
Implantable Medical Devices (IMDs)
http://wwwp.medtronic.com/newsroom/content/1150828881634.low_resolution.jpg
• Surgically Implanted into a patient’s body
• Facilitates Medical Treatment• i.e. pacemakers, defibrillators,
insulin pumps.
• Communicates Wirelessly• Sends vital sign information• Receives commands
• Battery Powered
http://groups.csail.mit.edu/netmit/IMDShield/images/WIMD.png
More IMD Properties
• Does not transmit unless…– It is responding to an IMD programmer– It detects a life-threatening condition
• Does not share channels with other IMDs
IMD Programmer
http://henkboxma.com/casestudy/2090.gif
• Wirelessly configure IMDs • query IMD for data• send commands to IMD
• Requires no credentials• Good: settings can be changed in
an emergency without hassle• Bad: anyone can use it
• Communicates Wirelessly• Sends vital sign information• Receives commands
Commands Confidential Patient data
Unauthorized Commands
Confidential Patient data
Problems with using crypto
• Inalterability– IMDs last for up to 10 years– IMD replacement requires surgery– IMD hardware is inadequate
• Safety– Immediate access– False negatives
• Maintainability– Bugs/Recalls
Solution: The Shield
• Does not alter IMD
• Protects against Passive and Active Adversaries
• Does not inconvenience patient
• Does not reduce safety of IMD
The shield passes legitimateCommands along to the IMD
Encrypted Channels
The shield blocks unauthorized commands
Assumptions
• IMDs and Programmers are honest• The shield is a wearable device such as a
necklace• There is a secure channel between IMD and
the programmer
http://groups.csail.mit.edu/netmit/IMDShield/images/IMDShield.png
Jamming
• Jams Eavesdroppers during IMDs transmissions– Does this only when it knows the IMD will transmit
• Jams the IMD during programmer transmissions
• If a signal is detected while the shield is transmitting, it automatically starts jamming
http://groups.csail.mit.edu/netmit/IMDShield/images/FULLDUPLEX.png
http://groups.csail.mit.edu/netmit/IMDShield/images/ResultsAC1.png
http://groups.csail.mit.edu/netmit/IMDShield/images/ResultsAC2.png
The End.