1 / 19

They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices

They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices. Introduction. Implantable Medical Devices ( IMDs ) are vulnerable to exploitation (last paper) Unauthorized data retrieval Malicious commands Millions of IMDs are currently deployed This is a big problem.

ornice
Télécharger la présentation

They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. They Can Hear Your Heartbeats:Non-Invasive Security for Implantable Medical Devices

  2. Introduction • Implantable Medical Devices (IMDs) are vulnerable to exploitation (last paper) • Unauthorized data retrieval • Malicious commands • Millions of IMDs are currently deployed • This is a big problem

  3. Implantable Medical Devices (IMDs) • Surgically Implanted into a patient’s body • Facilitates Medical Treatment • i.e. pacemakers, defibrillators, insulin pumps. • Communicates Wirelessly • Sends vital sign information • Receives commands • Battery Powered http://wwwp.medtronic.com/newsroom/content/1150828881634.low_resolution.jpg

  4. http://groups.csail.mit.edu/netmit/IMDShield/images/WIMD.png

  5. More IMD Properties • Does not transmit unless… • It is responding to an IMD programmer • It detects a life-threatening condition • Does not share channels with other IMDs

  6. IMD Programmer • Wirelessly configure IMDs • query IMD for data • send commands to IMD • Requires no credentials • Good: settings can be changed in an emergency without hassle • Bad: anyone can use it • Communicates Wirelessly • Sends vital sign information • Receives commands http://henkboxma.com/casestudy/2090.gif

  7. Commands Confidential Patient data

  8. Unauthorized Commands Confidential Patient data

  9. Problems with using crypto • Inalterability • IMDs last for up to 10 years • IMD replacement requires surgery • IMD hardware is inadequate • Safety • Immediate access • False negatives • Maintainability • Bugs/Recalls

  10. Solution: The Shield • Does not alter IMD • Protects against Passive and Active Adversaries • Does not inconvenience patient • Does not reduce safety of IMD

  11. The shield passes legitimate Commands along to the IMD Encrypted Channels

  12. The shield blocks unauthorized commands

  13. Assumptions • IMDs and Programmers are honest • The shield is a wearable device such as a necklace • There is a secure channel between IMD and the programmer

  14. http://groups.csail.mit.edu/netmit/IMDShield/images/IMDShield.pnghttp://groups.csail.mit.edu/netmit/IMDShield/images/IMDShield.png

  15. Jamming • Jams Eavesdroppers during IMDs transmissions • Does this only when it knows the IMD will transmit • Jams the IMD during programmer transmissions • If a signal is detected while the shield is transmitting, it automatically starts jamming

  16. http://groups.csail.mit.edu/netmit/IMDShield/images/FULLDUPLEX.pnghttp://groups.csail.mit.edu/netmit/IMDShield/images/FULLDUPLEX.png

  17. http://groups.csail.mit.edu/netmit/IMDShield/images/ResultsAC1.pnghttp://groups.csail.mit.edu/netmit/IMDShield/images/ResultsAC1.png

  18. http://groups.csail.mit.edu/netmit/IMDShield/images/ResultsAC2.pnghttp://groups.csail.mit.edu/netmit/IMDShield/images/ResultsAC2.png

  19. The End.

More Related