they can hear your heartbeats: non-invasive security for implantable medical devices

Download They Can Hear Your Heartbeats: Non-Invasive Security for  Implantable Medical Devices

Post on 24-Feb-2016

107 views

Category:

Documents

0 download

Embed Size (px)

DESCRIPTION

They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices. Introduction. Implantable Medical Devices ( IMDs ) are vulnerable to exploitation (last paper) Unauthorized data retrieval Malicious commands Millions of IMDs are currently deployed This is a big problem. - PowerPoint PPT Presentation

TRANSCRIPT

They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices

They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical DevicesIntroductionImplantable Medical Devices (IMDs) are vulnerable to exploitation (last paper)Unauthorized data retrievalMalicious commands

Millions of IMDs are currently deployedThis is a big problem

Implantable Medical Devices (IMDs)http://wwwp.medtronic.com/newsroom/content/1150828881634.low_resolution.jpg Surgically Implanted into a patients body

Facilitates Medical Treatment i.e. pacemakers, defibrillators, insulin pumps.

Communicates Wirelessly Sends vital sign information Receives commands

Battery Powered

http://groups.csail.mit.edu/netmit/IMDShield/images/WIMD.pngMore IMD PropertiesDoes not transmit unlessIt is responding to an IMD programmerIt detects a life-threatening condition

Does not share channels with other IMDsIMD Programmer

http://henkboxma.com/casestudy/2090.gif Wirelessly configure IMDs query IMD for data send commands to IMD

Requires no credentials Good: settings can be changed in an emergency without hassle Bad: anyone can use it

Communicates Wirelessly Sends vital sign information Receives commands

Commands Confidential Patient data

Unauthorized Commands Confidential Patient dataProblems with using cryptoInalterabilityIMDs last for up to 10 yearsIMD replacement requires surgeryIMD hardware is inadequateSafetyImmediate accessFalse negativesMaintainabilityBugs/RecallsSolution: The ShieldDoes not alter IMD

Protects against Passive and Active Adversaries

Does not inconvenience patient

Does not reduce safety of IMD

The shield passes legitimateCommands along to the IMDEncrypted Channels

The shield blocks unauthorized commandsAssumptionsIMDs and Programmers are honestThe shield is a wearable device such as a necklaceThere is a secure channel between IMD and the programmer

http://groups.csail.mit.edu/netmit/IMDShield/images/IMDShield.pngJammingJams Eavesdroppers during IMDs transmissionsDoes this only when it knows the IMD will transmit

Jams the IMD during programmer transmissions

If a signal is detected while the shield is transmitting, it automatically starts jamminghttp://groups.csail.mit.edu/netmit/IMDShield/images/FULLDUPLEX.png

http://groups.csail.mit.edu/netmit/IMDShield/images/ResultsAC1.png

http://groups.csail.mit.edu/netmit/IMDShield/images/ResultsAC2.pngThe End.

Recommended

View more >