Security and Privacy Issues in Wireless Medical Devices
description
Transcript of Security and Privacy Issues in Wireless Medical Devices
Security and Privacy Issues in
Wireless Medical Devices
Hossen MustafaCSCE 824
04/17/13
Wireless Medical Devices
Wireless Medical Devices
Wireless Medical Infrastructure
Research Areas
1. Wireless security and privacy
2. Medical database security
3. Secure medical systems
Wireless Security and Privacy Implantable medical device, e.g., pacemaker
No security in transmission between pacemaker and programmer.
As a result, vulnerable to eavesdropping attack spoofing attack battery drain attack
Wireless Security and Privacy Proposed solution:
The shield acts as a jammer to protect IMD wireless transmissions, known as “Friendly Jamming”
An upcoming publication shows that “Friendly Jamming” cannot provide full protection…
Wireless Security and Privacy Insulin pumps can be remotely
programmed to inject lethal dose shut down
Nike+iPod sports kit is vulnerable to Eavesdropping attack which can hamper location
privacy of the user Spoofing attack which can lead to invalid and
inconsistent health data Onyx fingertip pulse oximeter is vulnerable to
Man-in-the-Middle attack Jamming Attack
Wireless Security and Privacy Researchers have proposed
Cryptographic solutions Friendly jamming to protect legacy devices RSS-based jamming detection Detecting spoofed packet using correlation
Research Areas
1. Wireless security and privacy
2. Medical database security
3. Secure medical systems
Medical Database Security Medical database has different requirements
compared to traditional database Health Insurance Portability and Accountability
Act (HIPAA) includes strict privacy and security requirements: Privacy and Data Confidentiality Security Disposal Media re-use Accountability Backup and Storage
Hippocratic Database (HDB) ‘Most’ compliant with HIPPA It includes
Active Enforcement Compliance Auditing Optimal k-anonymization Sovereign Information Integration Privacy-Preserving Data Mining
Privacy Protocol for Linking Distributed Medical Data
Such queries are called private fuzzy queries The protocol ensures authorized data
exchange Disadvantage:
High overhead Does not work in case of unique attributes
1. E(attribute <sex, hair color, eyecolor>)
2. For each
match, encrypt
with public
key and add to
response
3. R = E(records)
4. Decrypt record with
patient private
key
Privacy Management in Dynamic Groups Sensitive health data are often co-managed
by different groups of medical employees Three forms of group dynamics are
challenging to privacy Dynamic Group Members Diverse Life Span of Teams Different Levels of Information Sensitivity
Research Areas
1. Wireless security and privacy
2. Medical database security
3. Secure medical systems
Secure Medical Systems PKI that Rings
Public Key Infrastructure (PKI)-based authentication mechanism using cellular networks
Workflow1. The patient calls authentication service (AS)2. A challenge is sent to the patient’s cell phone,
encrypted with the patient’s public key3. The patient decrypts the challenge4. The patient prepares response which includes
hospitals ID and sends it to AS5. AS sends records to the hospital
Secure Medical Systems A Home Healthcare System in the Cloud
Empowers depressed patients over their treatment process
Works in three steps Personal monitoring devices monitor and collect
patients data Data are uploaded and stored in the cloud Data is shared with patient’s health record provider
on demand Uses cryptographic technique to ensure
security and privacy
Smartphone! Smartphone poses a new set of potential
problems: Apps are available for health monitoring using
phone sensors, e.g., accelerometer Apps are being integrated with health monitoring
sensors Apps are being used to keep track of medical
records, e.g., blood pressure Most apps use local storage in the
Smartphone for data with NO encryption Many apps provides server space for keeping
health records but does not follow HIPPA guidelines
Requirements for Medical Data Confidentiality Fine-grained Access Control Integrity Availability Performance Logging, Audit Trails, and Provenance Support for Long Retention and Secure
Migration Backup Cost
More Requirements… Secure transmission protocol, specially for
wireless transmission Enforcement of security requirements for
upcoming medical devices Find solutions for legacy (vulnerable) medical
device Bring smartphones under the guidelines of
HIPPA
Thank You