Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M...
Transcript of Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M...
![Page 1: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/1.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Presenter: Kevin FuYoshi Kohno & William Maisel
http://www.secure-medicine.org/
CMOS Workshop, February 18, 2009
Implantable Medical Devices: Security Privacy
for Pervasive, Wireless Healthcare
![Page 2: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/2.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Many Collaborators
•William H. Maisel, MD, MPH-Director, Pacemaker and Defibrillator Service, Beth Israel Deaconess Medical Center
-Assistant Professor, Harvard Medical School
•Tadayoshi Kohno-Assistant Professor, CSE, University of Washington
•Students-Shane Clark, Benessa Defend, Tamara Denning, Dan Halperin, Tom Heydt-Benjamin, Andres Molina, Will Morgan, Ben Ransford, Mastooreh Salajegheh
2
![Page 3: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/3.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
IMD Security & Privacy is Hard Background
Unintentional medical malfunctions Intentional medical malfunctions Pacemaker & Implantable Cardioverter Defibrillator (ICD)
Security analysis of a pacemaker/ICD Violate patient privacy Induce a fatal heart rhythm
Defensive methods Protect the battery, proper use of cryptography
The Future
3
![Page 4: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/4.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Unintentional Malfunctions
in Medical Care
![Page 5: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/5.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Unintentional Accidents
5
IEEE
Com
pute
r 199
3
![Page 6: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/6.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Is a malicious intentional malfunction
a risk of real concern?
![Page 7: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/7.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Bad People Do Exist
7
![Page 8: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/8.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Background:Pacemaker &
Defibrillator 101
![Page 9: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/9.jpg)
9
Photos from: Medtronic
![Page 10: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/10.jpg)
9
Photos from: Medtronic
![Page 11: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/11.jpg)
9
Networking + Wireless !
Photos from: Medtronic
![Page 12: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/12.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science 10
Pacemakers: Regulate heartbeat
![Page 13: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/13.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science 10
Pacemakers: Regulate heartbeat
![Page 14: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/14.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science 10
> Energy spent on radio & computing, etc.
overhead!
< Energyfor pacing!
Pacemakers: Regulate heartbeat
![Page 15: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/15.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
ICDs: Resynchronize the heart
Heart
Implantable Cardioverter Defibrillator (ICD)
Related to pacemaker Large shock: resync heart Monitors heart waveforms
11
![Page 16: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/16.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Our Tested Pacemaker + ICD
Physical characteristics:~5-year batteryWaveform memoryRadio interface w/ programmer
Therapies:*Steady pacing shocks≤35 J defibrillation shocks* detail in [Webster, 1995]
12
![Page 17: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/17.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Device Programmer
Implantation Scenario
1. Doctor sets patient info2. Surgically implants3. Tests defibrillation4. Ongoing monitoring
Photos: Medtronic; Video: or-live.com13
![Page 18: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/18.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Implantation Scenario
1. Doctor sets patient info2. Surgically implants3. Tests defibrillation4. Ongoing monitoring
Photos: Medtronic; Video: or-live.com13
![Page 19: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/19.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Implantation Scenario
1. Doctor sets patient info2. Surgically implants3. Tests defibrillation4. Ongoing monitoring
Home monitor
Photos: Medtronic; Video: or-live.com13
![Page 20: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/20.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Adversaries Do Not Play by the Rules
![Page 21: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/21.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
802.11 WiFi Sniper Yagi
15
![Page 22: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/22.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Uninvited Radio Suitcases
http://eecue.com/log_archive/eecue-log-594-BlueBag___Mobile_Covert_Bluetooth_Attack_and_Infection_Device.html
16
![Page 23: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/23.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Our Security Analysisof a Pacemaker + ICD
![Page 24: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/24.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Computer Security
• Computer Security (Informal Definition):
Study of how to design systems that behave as intended in the presence of determined, malicious third parties
• Security is different from reliability
‣The malicious third party controls the probability distribution of malfunctions
‣Security researchers focus on understanding, modeling, anticipating, and defending against these malicious third parties
[This description drawn from the work of Prof. Yoshi Kohno with permission]18
![Page 25: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/25.jpg)
Build Your Own Clinic
~10 cm(un-optimized)
![Page 26: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/26.jpg)
Method: Eavesdrop Private Info
![Page 27: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/27.jpg)
Method: Eavesdrop Private InfoDiagnosis
![Page 28: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/28.jpg)
Method: Eavesdrop Private InfoDiagnosis
Hospital
![Page 29: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/29.jpg)
Method: Eavesdrop Private InfoDiagnosisImplanting
physician
Hospital
![Page 30: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/30.jpg)
Method: Eavesdrop Private InfoDiagnosisImplanting
physician
Hospital
Also:Device statePatient nameDate of birthMake & modelSerial no.... and more
![Page 31: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/31.jpg)
Method: Sniff Vital Signs
0 500 1000 1500 2000 2500 3000−1
−0.5
0
0.5
1
ICD emits reconstructiblevital signs
Issue: Vital signs can say plenty.
Eavesdropping setup
![Page 32: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/32.jpg)
Replay Traffic
~10 cm
Photo: Medtronic
![Page 33: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/33.jpg)
Method: Drain Energy
✦ Implant designed for infrequent radio use
✦ Radio decreases battery lifetime
![Page 34: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/34.jpg)
Method: Drain Energy
✦ Implant designed for infrequent radio use
✦ Radio decreases battery lifetime
“Are you awake?Are you awake?”
![Page 35: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/35.jpg)
Method: Drain Energy
✦ Implant designed for infrequent radio use
✦ Radio decreases battery lifetime
“Are you awake?Are you awake?”
“Now I am!”
![Page 36: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/36.jpg)
Replay: Turn Off Therapies
✦ “Stop detecting fibrillation.”
✦ Device programmer would warn here
Issue: Can quietly change device state.
![Page 37: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/37.jpg)
Replay: Affect Patient’s Physiology
✦ Induce fibrillation which implant ignores
✦ Again, at close range
✦ In other kinds of implant:
✦ Flood patient with drugs
✦ Overstimulate nerves, ...
Issue: Puts patient safety at risk.Photo: or-live.com
![Page 38: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/38.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Defensive Direction: Zero-Power
(No time today. Google for “pacemaker zero-power”)
![Page 39: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/39.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Prototype Defenses
Focus on sleep deprivation In zero power (harvested RF energy)Challenge-response authenticationPatient notification mechanismSensible key exchange
Human is in the loop
27
![Page 40: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/40.jpg)
Prototype defenses against some of the
attacks.
Main idea: defend without using battery.
![Page 41: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/41.jpg)
B.Y.O.P.✦ WISP = RFID + computation [Ubicomp ’06]
✦ WISPer = WISP + our code
✦ “Maximalist” crypto [RFIDSEC ’07]
✦ Prototype: 913 MHz RFID band
Goal: External party pays for power.
![Page 42: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/42.jpg)
Patient notification
ICD
![Page 43: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/43.jpg)
Patient notification
ICD
Auth
![Page 44: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/44.jpg)
Patient notification
ICD
AuthGo ahead!
BZZZZZZZZZZZZZZZZZZZZZZZZ
![Page 45: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/45.jpg)
WISPer as Gatekeeper
✦ Authenticate against WISPer
✦ WISPer to ICD: “OK to use radio”
✦ Acoustic patient notification
✦ How to deter enemies? (Open question!)
External party
WISPer
Implant
1
2
3
![Page 46: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/46.jpg)
Sensible key exchange• Session setup
ICD
Programming head
1 cm Key material Modulate~4 kHz acoustic
wave
Tissue
![Page 47: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/47.jpg)
Energy harvesting through tissue is possible.
Testing WISPer: Simulated Torso
1 cm bacon
6 cm chuck
WISPer
![Page 48: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/48.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
How WISPer Could Work Auxiliary device (possibly integrated) Audible or tactile patient alert Patient detects activity: am I in a clinic? Fail open: sensible, tactile key exchange
34
![Page 49: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/49.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
IMDs+Wireless+Internet:The Future
(Condensed version of the future. Ask Kevin for details.)
![Page 50: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/50.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Future Home Care
36
Yet some remarkable changes are on the horizon, said Dr. Larry Wolff, a UC Davis Medical School professor who
specializes in implanting defibrillators. "I believe over time we could make programming changes on the telephone,"
he said, although that's not possible now.
Sacramento Bee, May 17, 2008
![Page 51: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/51.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science 37
Future Healthcare Infrastructure
http
://w
ww
.thei
3p.o
rg/r
epos
itory
/whi
tepa
per-
prot
ectin
g_gl
obal
_med
ical
![Page 52: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/52.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Going the Distance
“Eventually, Vanu’s [software radio]
technology could be used to create a phone.”
38
![Page 53: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/53.jpg)
Future Threats: Viruses?
• Software updates?
• SQL injection?
• Buffer overflows?
• Radio as infection vector?
• Computer viruses, full circle?
Image credit: Health & Development Initiative, India 39
![Page 54: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/54.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Medical Device Trends
Further computerization of care Longer range communication Tight integration with the Internet Cooperation among devices
Issue: All of these bring risks.
40
![Page 55: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/55.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Summary of IMD Sec. & Priv.
41
Risks today: Unintentional interference Radio interference Threats: Metal detectors, accidents, misidentification
Future risks: Intentional interference Threats from wireless and Internet connectivity Malware: Human-computer-immunodeficiency (HCI) virus? Tough problems: Software updates, remote monitoring, ...
![Page 56: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/56.jpg)
Challenging Technology Landscape!
Safety (open access)
Security (closed access)
Auditability
IMD Response Time
Battery Life
Storage Constraints
Patient Usability
Psychological Effects
High Impact
![Page 57: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/57.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Wireless + Internet Can Improve Healthcare
But not without fully understanding security and privacy
Insulin pump Artificial pancreas Neurostimulators
Obesity controlArtificial vision Programmable Vasectomy
![Page 58: Implantable Medical Devices: Security Privacykevinfu/talks/Fu-CMOS... · U NIVERSITY OF M ASSACHUSETTS A MHERST ¥ Department of Computer Science Many Collaborators •William H.](https://reader034.fdocuments.us/reader034/viewer/2022052103/603da95008c36914c24a2f1a/html5/thumbnails/58.jpg)
UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
Extra slides Google us for more information.
44