and Medical Devicesweb.eecs.umich.edu/~kevinfu/talks/Fu-FDA-slides.pdfEmbedded Medical Software 21...
24
Computer Science Department of Computer Science University of Massachusetts at Amherst, USA http://prisms.cs.umass.edu/ October 27, 2006 Kevin Fu [email protected] Computer System Security and Medical Devices 1
Transcript of and Medical Devicesweb.eecs.umich.edu/~kevinfu/talks/Fu-FDA-slides.pdfEmbedded Medical Software 21...
Computer Science
Department of Computer ScienceUniversity of Massachusetts at Amherst, USA
http://prisms.cs.umass.edu/
October 27, 2006
Kevin [email protected]
Computer System Securityand Medical Devices
1
Computer Science
What’s special about security?
2
Kevin Fu, Computer System SecurityComputer Science
Correctness is easy.Security is hard.
3
Kevin Fu, Computer System SecurityComputer Science
Research in System Security
‣Design, build, measure secure systems
‣Analyze existing systems
4
RFID Security & Privacy
5
Kevin Fu, Computer System SecurityComputer Science
RFID tags
• Originally simple UPC replacement
• Now are miniature, low-power computers
• Applications‣ e-commerce
‣ public transportation
‣ anti-counterfeiting medicine
‣ medical applications
6
Kevin Fu, Computer System SecurityComputer Science
500 Eurosin wallet
Serial numbers:597387,389473…
Wigmodel #4456
(cheap polyester)
30 items of lingerie
Das Kapital andCommunist-party
handbook
Replacement hipmedical part #459382
RFID tags will be everywhere…
Credit: Ari Juels
7
Credit: MGH
8
Hospital Bracelet?
9
Kevin Fu, Computer System SecurityComputer Science
Prevent tag duplication
• Don’t copy my car key!
• How to prevent reverse-engineering?
• Side channel analysis?
10
Kevin Fu, Computer System SecurityComputer Science
Secure RFID
11
Kevin Fu, Computer System SecurityComputer Science
Contactless Credit Cards Insecure?
12
Kevin Fu, Computer System SecurityComputer Science
Privacy for Public Transit
13
Secure Software Updates
14
15
Kevin Fu, Computer System SecurityComputer Science
Survey of Update Security
16
http://www.cs.umass.edu/~kevinfu/secureupdates/
17
Automotive Updateshttp://www.soultek.com/clean_energy/hybrid_cars/toyota_prius_hybrid_car_shut_down_or_stall_problems.htm
18
Updates in Voting Machines
http://www.nytimes.com/2006/05/12/us/12vote.html?ex=1305086400&en=1b3554af6e2d524a&ei=5088&partner=rssnyt&emc=rss
19
Implanted medical devices use updates too
What stops a computer viruses from infecting implants?
A common wireless command on an ICD induces
ventricular fibrillation. How is it authenticated?
20
Embedded Medical Software
21
Kevin Fu, Computer System SecurityComputer Science
Discussion• Technical
‣ What are the threat models for wirelessly reprogrammable medical implants?
‣ How to balance safety, privacy, security?
• Philosophical
‣ What is the role of FDA for future implanted medical devices?
‣ Biggest challenges for next-generation implanted devices?
22
Kevin Fu, Computer System SecurityComputer Science
System Security at UMass AmherstFa
culty
and
affil
iate
sG
radu
ate
Stud
ents
www.rfid-cusp.org
23
Computer Science
Computer Science atUMass/Amherst
http://www.cs.umass.edu
43 faculty, ~230 graduate students, ~300 undergraduate students
24
