what is an implantable medical device
play

What is an Implantable Medical Device? The FDA strictly defines a - PowerPoint PPT Presentation

Dec 21, 2023 •128 likes •384 views

SoK: Security and Privacy in Implantable Medical Devices Michael Rushanan 1 , Denis Foo Kune 2 , Colleen M. Swanson 2 , Aviel D. Rubin 1 1. Johns Hopkins University 2. University of Michigan 0 This work was supported by STARnet, the Dept. of

  1. SoK: Security and Privacy in Implantable Medical Devices Michael Rushanan 1 , Denis Foo Kune 2 , Colleen M. Swanson 2 , Aviel D. Rubin 1 1. Johns Hopkins University 2. University of Michigan 0 This work was supported by STARnet, the Dept. of HHS under award number 90TR0003-01, and the NSF under award number CNS1329737, 1330142.

  2. What is an Implantable Medical Device? • The FDA strictly defines a medical device Neuro- Cochlear stimulator implant • Device Cardiac – Embedded system that can ������������ sense and actuate Gastric Simulator Insulin Pump • Implantable – Surgically placed inside of a patient’s body • Medical – Provides diagnosis and therapy for numerous health conditions 1

  3. Implantable Medical Devices are not your typical PCs 2

  4. Implantable Medical Devices are not your typical PCs 3

  5. Implantable Medical Devices are not your typical PCs • There exists resource limitations – The battery limits computation and is not rechargeable • There are safety and utility concerns – The IMD must be beneficial to the patient and elevate patient safety above all else – Security and privacy mechanisms must not adversely affect the patient or therapy • Lack of security mechanisms may have severe consequences • IMD’s provide safety-critical operation – Must fail-open in the context of an emergency 4

  6. Research Questions • How do we provide security and privacy mechanisms that adequately consider safety and utility? • When do we use traditional security and privacy mechanisms or invent new protocols? • How do we formally evaluate security and privacy mechanisms? • Novel attack surfaces 5

  7. A Healthcare Story Alice Cardiac Carl Nurse Patient 6

  8. Cardiac Carl’s Condition • Atrial Fibrillation Cardiac Carl • Implantable Cardioverter Atrial Fib. Defibrillator • His ICD is safety-critical 7

  9. Alice and Carl’s Relationship Where are the security and privacy mechanisms ? visits Nurse Cardiac accesses ICD w/ programmer Alice Carl receives private data adjusts therapy 8

  10. Alice and Carl’s Relationship Mallory Hacker Elite 9

  11. Alice Mallory and Carl’s Relationship Mallory eavesdrop modify forge jam Cardiac Nurse Carl Alice wireless communication [Halperin, S&P , 08], [Li, HealthCom, 11] 10

  12. Attack Surfaces Telemetry Interface Cardiac Carl Software Hardware/Sensor Interface 11

  13. Security and Privacy Mechanisms • Security and Privacy mechanisms exist in standards – Medical Implant Communication Services – Wireless Medical Telemetry Service • These mechanisms are optional • Interoperability might take priority of security [Foo Kune, MedCOMM, 12] 12

  14. 2013 H2H: Attacks on Using bowel authentication OPFKA and sounds for audit using IPI IMDGuard Rostami et al. [45], Rostami et al. [19], Henry et al. [46], CCS ’13 DAC ’13 HealthTech ’13 OPFKA: key Namaste: ASK-BAN: key FDA MAUDE Attacks on MedMon: Ghost Talk: agreement proximity- gen and auth and Recall friendly physical layer EMI signal based on based attack database jamming anomaly injection using wireless overlapping against ECG analysis detection channel chars techniques on ICDs PVs Hu et al. [47], Bagade et al. [23], Shi et al. [48], Alemzadeh et al. Tippenhauer et al. Zhang et al. [51], Foo Kune et al. [22] INFOCOM ’13 BSN ’13 WiSec ’13 [49], SP ’13 [50], SP ’13 T-BCAS ’13 SP ’13 Key sharing via Security and human body privacy analysis transmission of MAUDE Database Chang et al. [52], Kramer et al. [53], HealthSec ’12 PLoS ONE ’12 BANA: Side-channel authentication attacks on BCI using received signal strength variation Shi et al. [54], Martinovic et al. WiSec ’12 [55], USENIX ’12 PSKA: PPG Wristband ECG used ICD validation Shield: external and ECG-based and password to determine and verification proxy and key agreement tattoos proximity jamming device Venkatasubramanian Denning et al. [39], Jurik et al. [57], Jiang et al. [58], Gollakota et al. [59] et al. [56], T- Biometrics and Physiological CHI ’10 Anomaly Detection Telemetry Interface Distance Bounding Software/Malware External Devices Future Work Out-of-Band ICCCN ’11 ECRTS ’10 Values SIGCOMM ’11 ITB ’10 BioSec Eavesdropping Wireless Authentication Software IMDGuard: Defending extension on acoustic attacks against using body security ECG-based key against for BANs authentication insulin pumps coupled analysis of management resource (journal version) communication external depletion defibrillator Venkatasubramanian Halevi et al. [61], Li et al. [18], Li et al. [18], Hanna et al. [1], Xu et al. [62], Hei et al. [63], et al. [60], CCS ’10 HealthCom ’11 HealthCom ’11 HealthSec ’10 INFOCOM ’11 GLOBECOM ’10 TOSN ’10 PPG-based Audible, tactile, Wireless Proximity- Security and key agreement and zero power attacks based access privacy of against ICDs key exchange control using neural devices ultrasonic frequency Venkatasubramanian Halperin et al. [12], Halperin et al. [12], Rasmussen et al. Denning et al. [66], et al. [64], SP ’08 SP ’08 [65], CCS ’09 Neurosurg MILCOM ’08 Focus ’09 Biometric ECG-based Cloaker: requirements key agreement external for key proxy device generation Ballard et al. [67], Venkatasubramanian Denning et al. [69], USENIX ’08 et al. [68], HotSec ’08 INFOCOM ’08 BioSec extension for BANs Venkatasubramanian and Gupta. [70], ICISIP ’06 BioSec: Authentication extracting and secure keys from PVs key exchange using IPI 2003 Cherukuri Poon et al. [72], et al. [71] Commun. Mag ’06 ICPPW ’03 13

  15. Research Challenges • Access to Implantable Medical Devices – Is much harder then getting other components • Reproducibility – Limited analysis of attacks and defenses – Do not use meat-based human tissue simulators – Do use a calibrated saline solution at 1.8 g/L at 21 ◦ C • The complete design is described in the ANSI/AAMI PC69:2007 standard [92, Annex G] 14

  16. Security and Privacy Mechanisms • Biometric and Physiological Values – Key generation and agreement • Electrocardiogram (ECG) – Heart activity signal • Interpulse interval – Time between heartbeats 15

  17. H2H Authentication Protocol TLS without certs Cardiac Nurse measure ECG α Carl Alice measure ECG β send ECG measurement β send ECG measurement α [Rostami, CCS, 13] 16

  18. H2H Authentication Protocol • Adversarial Assumptions – Active attacker with full network control – The attacker cannot: • Compromise the programmer • Engage in a denial-of-service • Remotely measure ECG to weaken authentication [Rostami, CCS, 13] 17

  19. Physiological Values as an Entropy Source • How do ECG-based protocols work in practice? – Age, Exertion, Noise [Rostami, S&P , 2013] [Chang, HealthTech, 2012] • ECG-based protocols rely on an analysis of ideal data in an unrealistic setting – Data sample is close to their ideal distribution – Very accurate estimate of distribution characteristics – Extract randomness using the estimate on the same data sample • Observability – Using video processing techniques to extract ECG-signals [Poh, Biomedical Engineering, 11] 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security

Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security

Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security Balancing Safety and Security Tamara Denning 1 , Tadayoshi Kohno 1 , Kevin Fu 2 1 University of Washington 2 University of Massachusetts at Amherst

253 views • 22 slides
Medical devices vs 6 Cardinal Health 12.4 6 Broadcom 15.5 6 Philips HealthTech 12.4 7

Medical devices vs 6 Cardinal Health 12.4 6 Broadcom 15.5 6 Philips HealthTech 12.4 7

2019/2/26 Context Challenges in the Design of Integrated Circuits for Wireless Power Delivery Medical devices vs Semiconductors industries and Information Transfer in How to develop a medical instrument, equipment, or device Implantable

287 views • 16 slides
SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks Michael

SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks Michael

SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks Michael Rushan[JHU], Aviel Rubin[JHU], Denis Foo Kune[Michigan] and Colleen Swanson[Michigan] Presented by: Matthew S. Bauer September 20, 2016 Implantable medical

301 views • 19 slides
Patients, Pacemakers, and Implantable Defibrillators: Human Values and Security for Wireless

Patients, Pacemakers, and Implantable Defibrillators: Human Values and Security for Wireless

Patients, Pacemakers, and Implantable Defibrillators: Human Values and Security for Wireless Implantable Medical Devices Tamara Denning 1 , Alan Borning 1 , Batya Friedman 1 , Brian Gill 2 , Tadayoshi Kohno 1 , William H. Maisel 3 Implantable

491 views • 37 slides
ChemoPort Access Guidelines & Demonstration What is Implantable Chemoport ?

ChemoPort Access Guidelines & Demonstration What is Implantable Chemoport ?

ChemoPort Access Guidelines & Demonstration What is Implantable Chemoport ? Ports are a type of Totally Implantable Central Venous Access Device used for intermediate and long term therapies. A Catheter attached to a

378 views • 23 slides
MEDICAL DEVICE REW a clinicians perspective INTERNATIONAL MEDICAL DEVICE REGULATORY FORUM

MEDICAL DEVICE REW a clinicians perspective INTERNATIONAL MEDICAL DEVICE REGULATORY FORUM

MEDICAL DEVICE REW a clinicians perspective INTERNATIONAL MEDICAL DEVICE REGULATORY FORUM (IMDRF) 2017 Harindra Wijeysundera MD PhD FRCPC Vice President Medical Devices & Clinical Interventions, CADTH Associate Professor, Department of

750 views • 37 slides
Powering Implantable Medical Devices Dr. Sujeet Kumar MITStanfordUC Berkeley

Powering Implantable Medical Devices Dr. Sujeet Kumar MITStanfordUC Berkeley

Powering Implantable Medical Devices Dr. Sujeet Kumar MITStanfordUC Berkeley Nanotechnology Forum October 6, 2005 About Us 2 Highlights Founded by Wilson Greatbatch in 1970; IPO in 2000 (NYSE: GB) Leading component supplier to

350 views • 22 slides
Biotech MATT GANI My Job Medical Devices Design and develop products Organize and run

Biotech MATT GANI My Job Medical Devices Design and develop products Organize and run

Biotech MATT GANI My Job Medical Devices Design and develop products Organize and run projects Lead and manage teams of people What is a Medical Device? Implantable Brain Stimulator Wearable Heart Monitor How Do You Develop a

421 views • 19 slides
Current Regulatory Landscape for Medical Device 3D-Printing Elizabeth McGrath Director, Medical

Current Regulatory Landscape for Medical Device 3D-Printing Elizabeth McGrath Director, Medical

Current Regulatory Landscape for Medical Device 3D-Printing Elizabeth McGrath Director, Medical Device Reforms and Emerging Technology Therapeutic Goods Administration Department of Health 30 March 2019 Medical device 3D printing - This talk

589 views • 22 slides
Molybdenum-Rhenium Implantable Medical Devices Todd Leonhardt Rhenium Alloys, Inc. N. Ridgeville,

Molybdenum-Rhenium Implantable Medical Devices Todd Leonhardt Rhenium Alloys, Inc. N. Ridgeville,

Molybdenum-Rhenium Implantable Medical Devices Todd Leonhardt Rhenium Alloys, Inc. N. Ridgeville, Ohio USA Udayan Patel ICON Interventional Systems, Inc. Atlanta, GA USA 9 th International Conference on Tungsten, Refractory & Hardmaterials

844 views • 27 slides
Recent Developm ents in Medical Device Softw are Overview of Mobile Medical Apps and

Recent Developm ents in Medical Device Softw are Overview of Mobile Medical Apps and

Recent Developm ents in Medical Device Softw are Overview of Mobile Medical Apps and Medical Device Data System s February 14, 2016 John Grimes, Ph.D. U.S. Food and Drug Administration Center for Devices and Radiological Health Office

727 views • 47 slides
The Convergence of The Convergence of Software in the Medical Software in the Medical Device

The Convergence of The Convergence of Software in the Medical Software in the Medical Device

The Convergence of The Convergence of Software in the Medical Software in the Medical Device Industry Device Industry Joseph Azary 203-944-9320 Info@azarytech.com FDA Regulations & Quality Requirements Clinical Sterilization FDA

872 views • 68 slides
How Business Management Platforms Improve Medical Device Manufacturing Operations Medical

How Business Management Platforms Improve Medical Device Manufacturing Operations Medical

How Business Management Platforms Improve Medical Device Manufacturing Operations Medical Devices Rose Wolfe Medical Device in The Connected World Account Manager Conference Keynote Presentation TOPICS MD Business MD ERP Management

257 views • 14 slides
rpliA Implantable Medical Devices Cyber Risks and Mitigation Approaches NIST Cyber Physical

rpliA Implantable Medical Devices Cyber Risks and Mitigation Approaches NIST Cyber Physical

rpliA Implantable Medical Devices Cyber Risks and Mitigation Approaches NIST Cyber Physical Systems Workshop April 23-24, 2012 Dr. Sarbari Gupta, CISSP, CISA sarbari@electrosoft-inc.com; 703-437-9451 ext 12 Agenda Overview of IMDs

553 views • 28 slides
RFID Privacy: from Transportation Payment Systems to Implantable Medical Devices Wayne Burleson

RFID Privacy: from Transportation Payment Systems to Implantable Medical Devices Wayne Burleson

RFID Privacy: from Transportation Payment Systems to Implantable Medical Devices Wayne Burleson University of Massachusetts Amherst burleson@ecs.umass.edu AMD Research Boston wayne.burleson@amd.com This material is based upon work supported

663 views • 63 slides
Secure Implantable Medical Devices Wayne Burleson Shane Clark, Ben Ransford, Kevin Fu,

Secure Implantable Medical Devices Wayne Burleson Shane Clark, Ben Ransford, Kevin Fu,

Design Challenges for Secure Implantable Medical Devices Wayne Burleson Shane Clark, Ben Ransford, Kevin Fu, Department of Computer Science Department of Electrical and Computer Engineering University of Massachusetts Amherst

1.01k views • 34 slides
Sam Stewart 1 , MMath, AStat Mohammed Abdolell 2 , MSc, PStat Michael Leblanc 3 , PhD 1 IDPhD

Sam Stewart 1 , MMath, AStat Mohammed Abdolell 2 , MSc, PStat Michael Leblanc 3 , PhD 1 IDPhD

Customizing the rpart library for multivariate gaussian outcomes: the longRPart library Sam Stewart 1 , MMath, AStat Mohammed Abdolell 2 , MSc, PStat Michael Leblanc 3 , PhD 1 IDPhD Candidate (Health Informatics), Faculty of Comp Sci Statistical

796 views • 30 slides
Preventable Diseases Burden of Vaccine-Preventable Diseases Each Year 200,000

Preventable Diseases Burden of Vaccine-Preventable Diseases Each Year 200,000

Call-to-Action: Recognizing the Burden of Vaccine- Preventable Diseases Burden of Vaccine-Preventable Diseases Each Year 200,000 hospitalizations due to influenza As many as 36,000 deaths 29,100 cases of invasive pneumococcal disease

1.06k views • 48 slides
and Familiarization Learning & Memory Dr. Clark-Foos Habituation the ability to ignore

and Familiarization Learning & Memory Dr. Clark-Foos Habituation the ability to ignore

Habituation, Sensitization, and Familiarization Learning & Memory Dr. Clark-Foos Habituation the ability to ignore irrelevant, repetitive stimuli What else are you habituated to right now ? My first experience with snow Where does

441 views • 28 slides
Changing Behavior: Improving Pneumococcal Vaccination Rates A collaborative health-improvement

Changing Behavior: Improving Pneumococcal Vaccination Rates A collaborative health-improvement

Data-Driven Quality Improvement Changing Behavior: Improving Pneumococcal Vaccination Rates A collaborative health-improvement model Data-Driven Educational Model n Clinical performance dashboard (CPD): baseline and trimester reports of each

332 views • 12 slides
COVID Panel Discussion Moderator Sadia Ansari MD Education and Research Lead Physician

COVID Panel Discussion Moderator Sadia Ansari MD Education and Research Lead Physician

COVID Panel Discussion Moderator Sadia Ansari MD Education and Research Lead Physician Childrens Wisconsin Urgent Care Medical Director, Childrens Mercy Blue Valley Clinical Assistant Professor Childrens Mercy Hospital Aim imy

599 views • 47 slides
ICT Implants: The invasive future of identity? Dr Mark Gasson Department of Cybernetics

ICT Implants: The invasive future of identity? Dr Mark Gasson Department of Cybernetics

ICT Implants: The invasive future of identity? Dr Mark Gasson Department of Cybernetics University of Reading, UK Objectives . . . - An overview of the state-of- the-art - Establish a scientific basis for some futuristic claims - Generate

480 views • 27 slides
Talking to Toddlers: Drawing on Mothers Perceptions of Using Wearable and Mobile Technology in

Talking to Toddlers: Drawing on Mothers Perceptions of Using Wearable and Mobile Technology in

Talking to Toddlers: Drawing on Mothers Perceptions of Using Wearable and Mobile Technology in the Home Dawn CHOO a,b,c,1 , Shani DETTMAN a,b,c , Richard DOWELL a,b,c and Robert COWAN a,b,c a The HEARing Cooperative Research Centre, Melbourne

218 views • 7 slides
A Structured Language Approach to Teach Language and Literacy to Hearing and Visually Impaired

A Structured Language Approach to Teach Language and Literacy to Hearing and Visually Impaired

A Structured Language Approach to Teach Language and Literacy to Hearing and Visually Impaired Pupils with Autism Enid Wolf-Schein Rhonda Bachmann Christine Polys Ruth Rogge Purpose of Presentation This paper describes how Structured

515 views • 30 slides

More recommend