Security Issues and Defense Methods for Wireless Medical Devices

Abstract

This dissertation evaluates the design of several defense schemes for wireless medical devices to address security issues. These schemes are designed to enable efficient and effective access control of wireless medical devices in both non-emergency and emergency situations. In recent years, the range of available wireless medical devices has increased and includes cardiac pacemakers, insulin pump, defibrillators, cochlear implants, neurostimulators, and various drug delivery systems. Unfortunately, most existing wireless medical devices lack sufficient security mechanisms to protect patients from malicious attacks. Thus, with the rise in use of medical implants, security becomes a critical issue as attacks on wireless medical devices may harm patients. Security on wireless medical devices is a relatively new field, which has not been thoroughly researched yet. The authors of a lot of articles have proposed token based, certification based and proximity based schemes to address the issue. However, most of the current solutions have many limitations and cannot be widely applied. Therefore, better solutions are needed. In order to address this issue, we design a novel and multiple-layer access control framework for wireless medical devices. In a low layer level, we utilize bi-channel technology and multi-factor authentication to defend against various attacks at wireless medical devices. Our system utilizes near field communication (NFC) to do device pairing and uses the medical device's wireless radio to perform remote programming. This approach defends against most attacks because our NFC pairing scheme guarantees that the successful communication range between the programmer and wireless medical devices is less than 6cm. When the patient is in a crowded area such as on public transportation, a different person's mobile devices and the patient's medical devices may be located less than 6cm apart; we use the patient's cell phone to detect such an environment. To avoid attacks in crowded areas, we design a scheme to detect such a situation using the patient's cell phone. User involvement is used on non-implantable medical devices (IMDs) and a patient access pattern based access control (PAPAC) scheme is used on IMDs. We also design a response time based scheme to defend against fake patient attacks. Our analyses and experiments show that the protection schemes are efficient and effective. In a high layer level, we design patient infusion pattern based access control (PIPAC) scheme for wireless medical devices. Specifically, insulin pumps are most widely applied wireless medical devices. The pump parameters and doses can be adjusted by anyone with an easily obtained USB device. The hacker can deliver a lethal dose without knowing the device's serial number in advance. To address this issue, we propose a PIPAC for wireless insulin pumps. This scheme employs a supervised learning approach to learn normal patient infusion patterns in terms of the dosage amount, rate, and time of infusion, which are automatically recorded in insulin pump logs. The generated regression models are used to dynamically configure a safe infusion range for abnormal infusion identification. Our proposed algorithms are evaluated with real insulin pump logs used by several patients for up to 6 months. The experimental results demonstrate that our scheme can reliably detect a single overdose attack with a success rate up to 98\% and defend against a chronic overdose attack with a very high success rate. For IMDs in non-emergency case, the PAPAC scheme we design utilizes the patient's IMD access pattern to address resource depletion (RD) attacks. It is a novel support vector machine (SVM) based scheme. This SVM based scheme is very effective at defending against RD attacks. Our experimental results show that the average detection rate is above 90\%. For IMDs in emergency cases, we design a novel biometrics based two-level secure access control scheme that utilizes a patient's biometrics to prevent unauthorized access to the IMD. The scheme consists of two levels: level-one employs a patient's some basic biometrics and is lightweight; level-two uses a patient's customized iris data to achieve effective authentication. The experimental results show that our IMD access control scheme is very effective and has small overhead in terms of battery, CPU and memory. Thus, it is suitable for IMDs. Both the false acceptance rate (FAR) and false rejection rate (FRR) are close to zero with a suitable threshold. Protecting wireless medical devices is a very challenging task due to their extremely limited resource constraints. It is necessary to balance the overhead of security schemes and security requirements. In this dissertation, we will first discuss security vulnerabilities in wireless medical device systems. Then we will present our framework using smart phones and other technologies, such as near field communication based access control. Further, we will describe the detailed design of this framework. Finally, extensive experiments show that our schemes can achieve good performance with small overhead.