Conference PaperPDF Available

A review of security challenges, attacks and resolutions for wireless medical devices



Content may be subject to copyright.
A Review of Security Challenges, Attacks and
Resolutions for Wireless Medical Devices
Heena Rathore, Amr Mohamed, Abdulla Al-Ali, Xiaojiang Du, Mohsen Guizani
Dept. of Computer Science and Engineering Department, Qatar University, 2713, Doha, Qatar
Dept. of Computer and Information Sciences, Temple University, Philadelphia, PA, USA
Dept. of Electrical and Computer Engineering, University of Idaho, Moscow, Idaho, USA
Abstract—Evolution of implantable medical devices for human
beings has provided a radical new way for treating chronic
diseases such as diabetes, cardiac arrhythmia, cochlear, gastric
diseases etc. Implantable medical devices have provided a break-
through in network transformation by enabling and accessing the
technology on demand. However, with the advancement of these
devices with respect to wireless communication and ability for
outside caregiver to communicate wirelessly have increased its
potential to impact the security, and breach in privacy of human
beings. There are several vulnerable threats in wireless medical
devices such as information harvesting, tracking the patient, im-
personation, relaying attacks and denial of service attack. These
threats violate confidentiality, integrity, availability properties of
these devices. For securing implantable medical devices diverse
solutions have been proposed ranging from machine learning
techniques to hardware technologies. The present survey paper
focusses on the challenges, threats and solutions pertaining to the
privacy and safety issues of medical devices.
Keywords: Security, privacy, wireless medical device.
Recently, with the advent of the internet of things, automa-
tion, management and monitoring of devices have become
painless and simple. Intelligent health care has gained impor-
tance in the recent past since it allows continuous monitoring
of patients away from hospitals and doctors. Nevertheless,
every year many doctors and patients enhance their personal
satisfaction through a surgical methodology that includes em-
bedded medical devices. These medical devices are currently a
pervasive part of cutting edge medicinal care. The therapeutic
improvement as far as Implantable Medical Devices (IMDs)
have brought is the powerful change in the quality of life of
the patient. Nevertheless, with the expanded life expectancy in
today’s life, the requirement for new medicines, implants, and
long-term pharmaceutical utilization has increased manifold.
These devices have extended the capacity of doctors to analyse
and treat diseases away from the patients, making extraordi-
nary commitments to the well-being and providing personal
satisfaction to patients.
IMDs are placed inside the human bodies to analyse,
monitor and respond to treat various medical conditions. These
devices range from neuro-stimulators for brain stimulator,
gastric stimulators for stomach, cardiac defibrillators for the
heart, cochlear implant for hearing, drug delivery system such
as insulin for diabetic patients, artificial eye lenses for cataracts
etc [3]. The United States remains the biggest market in
medical devices with a market size of around $148 billion,
and it is anticipated to reach medical devices sales to $185.9
billion by the year 2019 [1].
Fig. 1: Threat Model: Adversary can either disrupt the system or
hinder wireless communication
IMDs are designed in a manner to communicate wirelessly
with the outside caregiver to have access to the patient’s
data remotely. However, the information contained in the
devices can be openly accessed by adversary through internal
and communication means endangering the health of the
patients [4], [5]. As seen in Figure 1, an adversary can
attack the system components or wireless channel between
the patient wearing IMD and the caregiver. Researchers have
developed various solutions to implement the security of
medical devices ranging from shared key authentication to
wearable gadgets that handle encryption and approval. For all
intents and purposes, all such plans require standardization to
make far reaching selection conceivable, yet no standardization
association exists so far. Nonetheless, it is also mandatory to
have privacy preserving capabilities in the medical devices
since these devices contain sensitive medical information of
patients. Moreover, during emerging situations, techniques
are required that can assist the doctor or unauthenticated
caregivers to ease, secure and quicken the medical process
for healthy well-being of patients. The objective of the paper
is to present a review of various attacks and strategies used in
overcoming the attacks in IMD. Diverse solutions are present
for securing IMD which reflects how profoundly different
fields can be utilized to resolve security issues in IMD.
The remainder of the paper is organized as follows: Sec-
tion II entails the motivation for the current topic. Section III
978-1-5090-4372-9/17/$31.00 ©2017 IEEE 1495
presents the constraints that are faced in using IMDs. Security
requirements for these devices are presented in Section IV.
Section V and VI detail the types of attacks on these devices
followed by the diverse set of solutions implemented in these
devices to secure them. Section VII concludes the paper.
Technology innovation in health care have added new
innovative services that augment the limitations of providing
one-to-one healthcare through clinical and hospital doctors.
By associating a defibrillator or insulin pump to wireless,
specialists can monitor the basic individual and physiological
information about their patients remotely and in real time.
While this might be advantageous as far as observing an indi-
vidual’s human health is concerned, it leaves these life-saving
devices to life-taking ones that can disrupt their functionality,
and threaten the life of many patients, which calls for strictly
protecting these devices. On the other hand, in emergency
situations, these medicinal devices should be sufficiently open
that any suitable restorative expert can recover the data loss.
However, same openness leaves the gadget and the patient
more susceptible to the outside attacker. In late 90’s, Therac-
25 accident caused due to manufacturing or software error
reported six deaths in a row [6]. The first failure happened with
the usage of cardiac defibrillator when a 21-year-old died due
to short circuiting [7]. Moreover, insulin pumps also reported
attacks such as eavesdropping wireless communication or
controlling other medicinal gadgets to modify the expected
treatment [17]. Similarly, gastric simulators if introduced with
defective electrical signals by an adversary gives significantly
fewer symptoms for gastric emptiness making the device
functionality counter productive. Thus, IMDs should ensure
security since the patient’s life is firmly bound to the working
of IMDs. A more holistic approach which can not only detect
but also responds and recovers from the threat vulnerability
is needed. There is a need to adjust the necessities of patient
and doctors while dealing with the advantages and downsides
of this upcoming technology. The present paper presents the
survey of IMD’s security challenges, attacks and resolutions.
Although, diverse set of solutions have been proposed for
IMDs security, there are internal level and communication
level issues as discussed in the next section.
IMDs, on one hand, has provided a radical new way of
communication between patients and doctors while on the
other hand face diverse constraints for providing communica-
tion and monitoring services. The constraints on IMDs can be
categorised under two levels viz. internal and communication:
Internal Level Constraints: During the initial setup of
IMDs inside the body, utmost care is required to make
the IMD settle inside the system. These devices should
not only be smaller in size but should be efficient in its
operation. Cases were reported where the IMDs were re-
jected which in turn caused inflammation and pain in the
body. Also, IMD is built with a non rechargeable battery,
which can live up to 10 years. The security protocols such
as cryptographic solutions, machine learning approaches
and hashing require enormous processing which drains
the battery quickly. Moreover, if the battery is exhausted,
the whole IMD needs to be replaced which has its
own disadvantages. IMDs may likewise wish to keep
audit records of all exchanges with outside gadgets or
internal processing. These exchange logs could possibly
flood the device’s locally available memory, especially
under Denial of Service(DoS) attack or when an intruder
unequivocally tries to debilitate device memory.
Communication Level Constraints: The communication
transmission cause enormous amount of radiations and
power consumption which in turn is injurious to the
health of the patients. Moreover, many techniques ad-
dressing communication security rely on the fact that the
wireless channel of the legitimate user is stronger and in
many cases not as faded as the illegitimate user [22], [24].
However, for IMDs, the wireless channel for the body is
intrinsically faded through the patient body and because
of using low transmission power to maximize the devices
lifetime. Therefore, traditional security techniques do not
work efficiently.
The goals of security services in IMD are aimed to protect
the information of the patient and also the resources of the
device. IMDs should aim at following properties [11]:
Confidentiality: IMDs should conceal information sent to
and from IMDs from illegitimate users.
Integrity: The data being processed and sent to and from
IMDs should be encrypted or should have a stronger
authentication mechanism that preserves the data from
being altered or corrupted by illegitimate personnel.
Availability: The main objective of installing an IMD
inside the body is to have regular and remote access of
a patient to doctor. The doctor and the patient should be
able to access and perform operations on the device as
and when required.
Access control: IMDs should be able to deny the permis-
sion of any unauthorised users.
Authentication: Just approved users ought to be permitted
to adjust an IMD. Doctors or device makers ought to
place limits on the settings accessible to patients to keep
them away from inadvertently or deliberately hurting.
Authorization: It is an act of granting access rights to the
user which can range from personal authorization to role
based and IMD selection [12].
Accountability: It is the act of being explained and
justifiable. IMDs keep review logs to track for potential
breakdowns on the device.
Freshness: Operations being performed should be fresh
and non-redundant. While maintaining exchange logs
and in adverse DoS attack condition an intruder can
unequivocally try to debilitate device memory by sending
similar operations.
Robustness: The devices should be capable of handling
situations such as emergency circumstances or any other
abnormal situation.
Consequently, while designing a security management system
for the medical device, all the above security properties should
be attained for a concrete solution.
Cyber-attacks on IMDs is a genuine and developing risk.
These attacks can point at obstructing the secrecy and val-
idation of the information by tampering the administration
trustworthiness or it can modify and exhaust network acces-
sibility. Moreover, the outcomes of the attacks can be deadly
for patients as these sudden changes can affect the life of
the patient. The intent of the attacks is to understand the
patient’s data in order to affect the patient’s health or to
suppress the quality of the device with negative intent from
competitive manufacturer’s site. The attacks vulnerabilities
incorporate unsecured wireless channels, deficient verification
or authentication mechanism, weak audit mechanisms and
negligible memory capacity. This section gives the details of
the types of attacks seen in IMD’s. Broadly, we can classify
the attacks in IMD in two groups viz internal attack and
communication attacks as shown in Figure 2.
Fig. 2: Attacks in Implantable Medical Devices
A. Internal Attacks
Internal attacks are introduced during medical device de-
ployment and while understanding real world parameters.
Here, malevolent attackers have the ability to hack pacemakers
and insulin pumps to close down doctor’s facility systems and
steal patients data. The malevolent manufacturer employee,
patient, physician or hospital administrator can get hold of
the internal system of IMD and introduce attacks such as
calibration failure, battery failure, hardware/connection failure,
modification of dosage/ data or through malware software:
Calibration attacks focus on altering the collected data to
mislead the diagnostic process of a medical patient [16].
Battery failure attacks happen when the processor and
the radio utilized as part of processing consumes a great
deal of energy while sending, handling and accepting
information. Malevolent attackers can make the device’s
memory deficient by introducing processing tasks in the
device in order to make the device counter productive.
An attacker can alter the device’s software program to
carry out harmful actions to add viruses to the device.
For instance, the attacker can intentionally overdose the
insulin amount by either single shot or chronic shot in
case of diabetic patients as described in [17].
Moreover, there are hardware/connection failure which
can be caused by factors such as natural disasters, mali-
cious and negligent third parties or legitimate actions of
third parties whose business interests conflict.
B. Communication Attacks
The communication channel between IMD and caregiver
gives a way for unauthorised people to access the medical
device. The sensitivity of data being transmitted and utilization
of unencrypted wireless channel, inadequate authentication
and access control mechanisms give rise to the communication
attacks. Communication attacks can either allow the attackers
to capture the medical device in order to trap and tunnel
the data to some other device or to deplete the resources of
the device. The communication channel can be unencrypted
and is susceptible to eavesdropping [18], replay [19] and
injection attacks [20]. Moreover, resource depletion attack
tries to deplete the resources of medical devices either by
exhausting the battery by requesting power consuming tasks
to them such as DoS or forced authentication attack.
The malicious entity can eavesdrop the communication
occurring between the gadgets and the caregiver [18]. This
listening can permit an attacker to learn about the gadgets
associated with the patient, the capacities of the gadget or the
directions and settings given to the gadget and patient health
data. Through this data, an attacker can surmise point by point
data about the present status of the patient’s afflictions and
track the patient. Also, Man-In-The-Middle (MITM) attack
occurs when the external intruder embeds itself between the
device and caregiver passing information between them and
making them trust that they are transmitting information to
each other. The external intruder disables the communication
between the two entities by allowing the information from the
medical device to pass into it. This permits an intruder to ac-
cess patient information in an unapproved way by knowing the
status of the patient’s health. The external intruder can further
expand this attack by launching DoS attack. For instance, the
intruder between the IMD and the caregiver can essentially
discard the patient’s information, prompting the device to
persistently send repeated transmissions. Replaying an old
message exchanged between the device and the caregiver
can trick the beneficiary into trusting the authenticity of the
attacker. Once the association is set up, the attacker can have
unapproved access to the patient information and thereby
corrupt it.
IMDs have a diverse set of vulnerabilities that make them
prone to undependable software, limited battery or hardware
dysfunctional. These threat vulnerabilities affect the safety and
well being of the patients who are using it. Efforts to alleviate
data security dangers should be adjusted with fewer impacts on
device execution, including constrained battery life. There are
set of security solutions proposed for wireless medical devices
as described in this section.
A. Access Control Mechanisms
1) Biometric Approaches: Biometric authentication relies
on measurable physiological and individual characteristics that
can be verified. These approaches are genuine since it takes
into account the behavioural and biological characteristics to
verify and identify the individuals. The process compares and
searches for the characteristics against a number of samples
stored within the system. Screening, scanning, feature extrac-
tion and association are some of the specific tasks used in such
approaches. In order to prevent unauthorised access to IMDs a
biometric based two level secure access control was proposed
in [21]. Initially, it employs patient’s basic information i.e.
type of fingerprint, iris color and height followed by obtaining
the iris images. The reference image is chosen among the
images captured (i.e. clearest image) which is then converted
to iris code. Thereafter, discriminative bit set is acquired
from multiple iris codes for each iris. For the verification
of iris, hamming distance is used. The process is effective
and employs light weight computation and little overhead to
the device. However, storing the biometrics in the system is
similar to deploying any master key in the system. The work
presented by [23] uses ECG signals to authenticate the IMD
and the caregiver. It is based on the assumption that the IMD
user and the caregiver is near to each other. Both the parties
extract the least significant four bits from a consecutive set
of intra pulse timing intervals present in the ECG signals.
Later, it uses Neyman-Pearson hypothesis testing algorithm
for calculating the error distribution for authorizing near and
low error genuine users. The approach is able to protect
from MITM attack since IMD reveals the data only after
authenticating the caregiver. However, the scheme consumes a
lot of battery when the authentication fails since the IMD waits
for an extra cycle until it receives a genuine authentication.
2) Distance Based Approaches: Distance based access con-
trol approaches grant access to external agents through the
concept of touch and close proximity [2]. In this process,
the access is authorized by the patient being aware regarding
the information being accessed. The work presented in [22]
uses zero-power notification, zero-power authentication, and
sensible key exchange for providing authorization to the med-
ical devices. The approach works on the principle of detecting
sound emitted by the medical device through a piezoelectric
circuit element implanted in the human body. This method
attempts to avoid the use of cryptographic solutions that
puts a strain on the battery life of the medical device. In
the proposed method, the caregivers attempt to connect to
the device via a radio frequency. The piezoelectric element
in the device generates signals that can only be detected
by caregivers through a microphone. This can acoustically
identify the device and a key is shared with this method, to
get access to the patient’s information. The main advantage of
this method is that it does not consume any battery power in
the medical device. The major disadvantage of this approach
is that the piezoelectric element must be implanted only 1 cm
under the skin. Therefore, it has to be installed separately from
the medical device that is implanted deep in the patient’s body.
Another approach proposed in [13] uses Ultrasound based
distance bounding detection based on the speed of sound using
Diffie-Hellman (DH) key agreement protocol. This protocol is
used to generate the private key in order to initiate the sharing
of encrypted information of the medical device. The advantage
of this system is that only the caregivers in close proximity
can establish a connection with the device. However, the radio
signals can be used by an attacker from a distance to induce
a current in the audio receiver. This will deceive the device
to generate the key which can then be used to access the
information of the patient without being in close proximity.
The work proposed in [24] uses in-vivo Near Field Com-
munication (NFC) approach to access the patient information
in the medical device. This method authenticates access to the
medical practitioners by utilizing a NFC-enabled smart phone.
In this method, in-vivo NFC tag is inserted in human body
which can communicate with the medical practitioner through
the use of smart phone. In this case, the smart phone can then
be used to share information using mobile network or WiFi
connection. The advantage of using such method is that in-
vivo-NFC tags do not use battery power from the implanted
medical device. Instead, the power is provided by the smart
phone while accessing the information of the patient. But,
it is almost impossible to share information in the event of
the lost or damaged smart phone. According to the authors,
the key is generated only once, during the initial surgical
implantation, which is shared with the smart phone. In the
event of damaged or lost smart phone, the key cannot be
regenerated and information cannot be shared with any other
device. Due to this limitation, the proposed protocol may be
deemed useless and impractical.
3) Key Management Protocols: Symmetric [14], [19] and
public key methodologies [15] can be used to encrypt and
authenticate the data which can limit the attacks of IMD. A
symmetric key is a tool in which information is only shared
between the trusted devices and personnel, and is secured from
all other external agents. The asymmetric key, on the other
hand, has a public signature in which two keys are used. One
is made public and the other one is kept secret. Generally,
symmetric cryptographic technique is preferred as it is not a
very demanding technique in terms of computing and power
consumption. Asymmetric tools on the other hand, often result
in complex circuits, high data exchange, and communication,
between the medical device and the caregivers, before allowing
access. This results in heavy use of computing power which in
turn increases the power consumption of the medical device,
reducing its reliability. A proposed solution to this problem
was to attach an external wearable device that will do the
heavy computing for the asymmetric cryptographic tool before
allowing the access to the medical device. But, a drawback to
this solution is that in the event of the damage or loss of
the external device, there will be no other way to access the
medical device.
The work presented by [25] uses physiological ECG signals
for granting access to the doctors or users. Here, ECG signal
sensor is worn in the hand of the patient which is measured by
the IMD and the caregiver simultaneously. Keys are exchanged
between the two parties having the ECG signals. Even of the
unique authentication process, the technique adds wait time
which decreases the reliability.
B. Audit Mechanisms
Audit logs are maintained in the IMDs for keeping the
record of patient’s history and the conduct of the device
over a particular time frame. The logs give data required
for sufficient patient care and also upgrades to the patient
treatment if conveyed through the IMD. However, the limited
storage memory of IMDs (1MB) where 75% is utilised in
medical functions would overflow the audit logs, which makes
the medical device prone to attacks. Overwriting the previous
non-relevant data may be an extended audit mechanism that
can be deployed in the system. Also, alarming and alerting
the provider upon completion of memory storage can be
considered as another possible approach [8]. RFID Guardian
is an external device which can be utilized for accessing and
monitoring the data and events that have been occurred. Be-
sides that, it also authenticates the registered devices, handles
keys and blocks unregistered entities. The biggest issue of
using RFID Guardian is that if the attacker is able to access
the Guardian, it will have the entire control over RFID tags [9].
C. Anomaly Detection Techniques
The work presented by [10] utilizes supervised machine
learning algorithm viz support vector machine(SVM) for treat-
ing resource depletion attack. The scheme models patient IMD
access pattern which are used to train the SVM. The access
pattern information comprises of five fields viz reader action
(identification, obtaining patient data, changing the patient
name, changing therapies etc.), time interval, location, time
and date of utilization. This information is fed into linear
and non-linear SVM for learning and classification between
bogus and genuine reader. It utilizes the patient cell phone for
authentication and verification. Linear SVM and non-linear
SVM obtains a classification accuracy for resource depletion
attack of 90% and 97% respectively. Although the system is
quite accurate, running SVM on the medical device consumes
a lot of energy which would affect the medical process.
D. External Hardware Methodologies
For dealing with the security issues, external devices are
used such as cloaker, IMDGaurd and IMD Shield as described
in this section.
1) Cloaker: A communication cloaker as devised by [26]
is an extra electronic gadget that is worn by the patient to
act as an outsider between IMD’s correspondences with the
caregiver. The cloaker ensures the security of the IMD for the
time that it is worn and gives open access to the outside world
when not worn. The IMD overlooks all other authentications
for the length of the time the clocker is worn. In emergency
situations, patients can remove the cloaker so that the IMD
reacts to all authentications. The cloaker offers a master key
to be shared with IMD which can channel all the information
between them. There are two methodologies by which the
IMD can distinguish the nearness of the cloaker. Firstly, the
IMD pings the cloaker so that the cloaker responds by giving
confirmation to it. Besides that, the IMD sends intermittent
keep-alive messages and redesigns its state agreeing to the
reaction from the cloaker. In both cases, the IMD considers
an emergency mode when it gets no reaction from the cloaker
after a holding up period. The security of the cloaker frame-
work depends upon the patient’s wearing the cloaker gadget in
any environment where unapproved interchanges may happen.
In the event that the patient overlooks or picks not to wear the
cloaker gadget, the security elements of the framework will be
ineffectual. Since the gadget secures against remote assaults
that might happen, the demonstration of wearing the gadget
may bring about mental trouble to the patient.
2) IMDGaurd: IMDGuard [27], a security mechanism for
implantable heart gadgets, which are embedded to screen or
treat cardiovascular therapeutic conditions. These are gener-
ally used in implantable cardioverter-defibrillator, pacemaker,
and ECG (electrocardiogram) sensor. IMDGuard utilises the
Guardian, a wearable gadget, to facilitate associations between
the IMD and the caregiver in a manner that gives the security
in a customary condition, and securely permits access in the
emergency situation. The patient’s specific ECG signals are
used for key sharing between the IMD and the Guardian. ECG
key extraction methodology does not require any additional
pre-conveyed software with the goal that it is difficult to
rekey the IMD when the Guardian is lost or broken. Also, it
makes the attackers not able to produce fake guardians aside
from physical contacts with the patient. Later, besides the skin
contact, it was found that video recording the face of a person
for a period of time can not only reveal movement and color
of the patient but also the heart pulse. Moreover, IMDGaurd
is also prone to MITM attack as shown in [28].
3) IMDShield: IMD Shield is another externally worn gad-
get used for IMD’s security [29]. It utilizes full duplex radio
device which acts as a jammer and a receiver. It comprises of a
jamming antenna and a receiver antenna. The jamming antenna
transmits an arbitrary flag to keep away eavesdroppers from
interpreting the IMD’s transmissions. The receiving antenna
receives the IMD’s signal and deciphers it with the help of
transmit and a receive chain. However, IMD Shield commands
do not remain confidential if the commands are sent from
the caregiver to the IMDs. Also, jamming interferes with
other radio frequency devices and do not comply with FDA
TABLE I: Comparison of Various IMD Security Mechanisms
Mechanism Overcome
Advantages Disadvantages
Biometric Based
Relies on unique biological char-
acteristics for authentication. Ex-
amples: Retina scan, iris recogni-
tion [21], heart signals [23], finger-
printing, facial recognition etc.
MITM [23]
ity, integrity,
Secure, unique and pri-
vate authentication, light
weight, little overhead to
the device [21]
Lack of standardization,
not able to accommodate
changes to the biometric
overtime, sample collec-
tion phase is influenced by
environmental conditions,
user training.
Estimate the distance between the
IMD and caregiver by measuring
the sent and received transmission
in proximity through piezoelectric
element [22], Diffie Hellam pro-
tocol [13], near field communica-
tion [24].
wireless replay
ity, integrity,
Do not complicate interac-
tions of medical staff.
Weak authentication since
the attacker can make
physical contact with the
patient by approaching
Key Management
Symmetric [14], public key [15]
and physiological [25] signals are
used for the generation of keys
Denial of
replay, MITM
Unique and private infor-
mation. Symmetric tech-
niques are less power con-
suming as compared to
other key exchange
Decreased reliability and
extra waiting time for the
Audit Mecha-
nisms [8], [9]
Audit logs are maintained to
store the patient’s information and
IMD’s track record.
Threats against
non repudiation.
Accountability Malevolent activities can
be easily identified and
traced without any com-
Exhaust limited memory
of IMD
Anomaly Detec-
tion [10]
Classify between the normal and
abnormal activities.
Internal attacks,
depletion and
ity, integrity,
High accuracy Drains battery
External Device
gies [30], [33]
Externally worn device utilizing
electrocardiagram [27], full duplex
radio device [29], share a master
key to authenticate IMD and the
caregiver [26].
Device Capture,
Fast response time, prior-
itizing the safety of pa-
tients, no equipment or
software alterations
Adversary can contact the
patient and extract the key.
Battery consuming tasks.
4) MedMon: MedMon [30] is an external device which
snoops all radio frequency wireless communications to/from
medical devices and utilizes multi-layered abnormality iden-
tification to distinguish possibly malignant exchanges. After
detection of malignant interaction, MedMon takes appropriate
reaction mechanism such as informing the client or block the
packets from reaching to the medical device. It prompts to
zero power overheads on these gadgets. However, it does not
provide any secured communication channel since the channel
of communication is typically not confidential.
5) Channel Estimation: The work presented in [33] uses
wearable external device to act as a middle man protector
between IMD and the adversary. Initially, the IMDs sends pilot
signals to empower external device to assess and approximate
the channel. By utilizing this information, the external device
performs data equalization and allows the pilot signals to reach
the adversary (assuming adversary cannot be nearer to the
IMD in comparison to the external device). Thus, adversary
captures weaker signals and approximate incorrect channel
estimation. Device capture and tunnelling attacks can be
avoided through such mechanism. The technique decreases the
processing complexity of IMDs and also helps in estimating
channel conditions which in turn improves the communi-
cation performance. However, prior authentication with the
wearable device is required and factors such as dispersion
in time and frequency will affect the channel estimation.
Jamming is another major threat vulnerability which exhausts
the resources of the system by sending numerous requests
simultaneously. Some of the major contributions to lessen
jamming are through frequency hopping and direct sequence
spread spectrum techniques which are studied for cardiac
pressure sensing system in [31]. These approaches can protect
the devices from eavesdropping and impersonation attack but
do not support medical devices due to limited hardware design
and band regulations [32].
Table I shows the comparative analyses of the techniques
discussed in this section.
In order to provide usable and adoptable secure solutions
for wireless medical devices, additional contributions are re-
quired: (1) Accurate, real time and energy efficient techniques
to secure medical devices; (2) Efficient, usable and privacy
preserving technique for concealing the patient’s health record.
For a secure and dependable wireless medical device, follow-
ing research questions are still open:
The requirement to implement a specific level of pro-
tection conceivably disabling the service when the level
can’t be ensured.
To assess if the security arrangements in wireless medical
device ensure protection and privacy in specific temporal
or spatial zone. This might be accomplished by consider-
ing, for instance, the number of clients, their movement,
their worries about security, and additionally the spatio-
temporal imperatives of the administration
Design a legitimate eavesdropper that detects malicious
network traffic leveraging machine learning techniques
Adjust and recover from the abnormal activity by chang-
ing the configuration and providing the counter mecha-
nism after detecting the threat vulnerability.
This publication was made possible by NPRP grant #8-408-
2-172 from the Qatar National Research Fund (a member of
Qatar Foundation). The statements made herein are solely the
responsibility of the authors.
[1] Medtech Switzerland, 2017, “The U.S. Market for Medical Devices:
Opportunities and Challenges for Swiss Companies”
[2] AlTawy, R. and Youssef, A.M, “Security Tradeoffs in Cyber Physical
Systems: A Case Study Survey on Implantable Medical Devices”. IEEE
Access, 4, pp.959-979, 2016.
[3] 24/7 Wallst Street, “The Eleven Most Implanted Medical Devices In
America”, 2011, [accessed on 17 January, 2017]
[4] Camara, C., Peris-Lopez, P. and Tapiador, J.E. “Security and privacy is-
sues in implantable medical devices: A comprehensive survey”. Journal
of biomedical informatics, 55, pp.272-289, 2015.
[5] Clark, S.S. and Fu, K., October. “Recent results in computer security for
medical devices”. In International Conference on Wireless Mobile Com-
munication and Healthcare (pp. 111-118). Springer Berlin Heidelberg,
[6] Leveson, N.G. and Turner, C.S. “An investigation of the Therac-25
accidents”. Computer, 26(7), pp.18-41, 1993.
[7] Hauser, R.G. and Maron, B.J., “Lessons from the failure and recall of
an implantable cardioverter-defibrillator”. Circulation, 112(13), pp.2040-
2042, 2005.
[8] Gupta, S. “Implantable medical devices-cyber risks and mitigation
approaches”. In Proceedings of the Cybersecurity in Cyber-Physical
Workshop, The National Institute of Standards and Technology (NIST),
US, 2012.
[9] Rieback, M.R., Crispo, B. and Tanenbaum, A.S. “RFID Guardian:
A battery-powered mobile device for RFID privacy management”. In
Australasian Conference on Information Security and Privacy (pp. 184-
194). Springer Berlin Heidelberg, 2005.
[10] Hei, X., Du, X., Wu, J. and Hu, F. “Defending resource depletion
attacks on implantable medical devices”. In Global Telecommunications
Conference (GLOBECOM 2010), 2010 IEEE (pp. 1-5). IEEE, 2010.
[11] Rathore, H., 2016. “Mapping biological systems to network systems”.
[12] Halperin, D., Heydt-Benjamin, T.S., Fu, K., Kohno, T. and Maisel, W.H.
“Security and privacy for implantable medical devices”. IEEE pervasive
computing, 7(1), pp.30-39, 2008.
[13] Rasmussen, K.B., Castelluccia, C., Heydt-Benjamin, T.S. and Capkun,
S. “Proximity-based access control for implantable medical devices”. In
Proceedings of the 16th ACM conference on Computer and communi-
cations security (pp. 410-419). ACM, 2009.
[14] Halperin, D., Heydt-Benjamin, T.S., Ransford, B., Clark, S.S., Defend,
B., Morgan, W., Fu, K., Kohno, T. and Maisel, W.H. “Pacemakers and
implantable cardiac defibrillators: Software radio attacks and zero-power
defenses”. In IEEE Symposium on Security and Privacy (sp 2008) (pp.
129-142). IEEE, 2008.
[15] Singh, K. and Muthukkumarasamy, V., “Authenticated key establishment
protocols for a home health care system”. In Intelligent Sensors, Sen-
sor Networks and Information, 2007. ISSNIP 2007. 3rd International
Conference on (pp. 353-358). IEEE, 2007.
[16] Yan, R., Xu, T. and Potkonjak, M. “Semantic attacks on wireless medical
devices”. In SENSORS, 2014 IEEE (pp. 482-485). IEEE, 2014.
[17] Hei, X., Du, X., Lin, S., Lee, I. and Sokolsky, O. “Patient infusion pattern
based access control schemes for wireless insulin pump system”. IEEE
Transactions on Parallel and Distributed Systems, 26(11), pp.3108-3121,
[18] Venkatasubramanian, K.K., Gupta, S.K.S., Jetley, R.P. and Jones, P.L.
“Interoperable medical devices”. IEEE Pulse, 1(2), pp.16-27, 2010.
[19] Hosseini-Khayat, S., “A lightweight security protocol for ultra-low
power ASIC implementation for wireless implantable medical devices”.
In Medical Information and Communication Technology (ISMICT), 2011
5th International Symposium on (pp. 6-9). IEEE, 2011.
[20] Rushanan, M., Rubin, A.D., Kune, D.F. and Swanson, C.M. “SoK:
Security and privacy in implantable medical devices and body area
networks”. In Security and Privacy (SP), 2014 IEEE Symposium on
(pp. 524-539). IEEE, 2014.
[21] Hei, X. and Du, X., “Biometric-based two-level secure access control
for implantable medical devices during emergencies”. In INFOCOM,
2011 Proceedings IEEE (pp. 346-350). IEEE, 2011.
[22] Halperin, D., Heydt-Benjamin, T.S., Ransford, B., Clark, S.S., Defend,
B., Morgan, W., Fu, K., Kohno, T. and Maisel, W.H. “Pacemakers and
implantable cardiac defibrillators: Software radio attacks and zero-power
defenses”. In Security and Privacy, 2008. SP 2008. IEEE Symposium
on (pp. 129-142). IEEE, 2008.
[23] Rostami, M., Juels, A. and Koushanfar, F. “Heart-to-heart (H2H): au-
thentication for implanted medical devices”. In Proceedings of the 2013
ACM SIGSAC conference on Computer and communications security
(pp. 1099-1112). ACM, 2013.
[24] Kim, B., Yu, J. and Kim, H. “In-vivo nfc: Remote monitoring of
implanted medical devices with improved privacy”. In Proceedings of
the 10th ACM Conference on Embedded Network Sensor Systems (pp.
327-328). ACM, 2012.
[25] Zheng, G., Fang, G., Shankaran, R., Orgun, M.A. and Dutkiewicz, E.
“An ECG-based secret data sharing scheme supporting emergency treat-
ment of implantable medical devices”. In Wireless Personal Multimedia
Communications (WPMC), 2014 International Symposium on (pp. 624-
628). IEEE, 2014.
[26] Denning, T., Fu, K. and Kohno, T. “Absence Makes the Heart Grow
Fonder: New Directions for Implantable Medical Device Security”. In
HotSec, 2008.
[27] Xu, F., Qin, Z., Tan, C.C., Wang, B. and Li, Q. “IMDGuard: Securing
implantable medical devices with the external wearable guardian”. In
INFOCOM, 2011 Proceedings IEEE (pp. 1862-1870). IEEE, 2011.
[28] Rostami, M., Burleson, W., Juels, A. and Koushanfar, F. “Balancing se-
curity and utility in medical devices?”. In Design Automation Conference
(DAC), 2013 50th ACM/EDAC/IEEE (pp. 1-6). IEEE, 2013.
[29] Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D. and Fu, K. “They
can hear your heartbeats: non-invasive security for implantable medical
devices”. ACM SIGCOMM Computer Communication Review, 41(4),
pp.2-13, 2011.
[30] Zhang, M., Raghunathan, A. and Jha, N.K. “MedMon: Securing medical
devices through wireless monitoring and anomaly detection”. IEEE
Transactions on Biomedical circuits and Systems, 7(6), pp.871-881,
[31] Chow, E.Y., Chlebowski, A.L., Chakraborty, S., Chappell, W.J. and
Irazoqui, P.P. “Fully wireless implantable cardiovascular pressure mon-
itor integrated with a medical stent”. IEEE Transactions on Biomedical
Engineering, 57(6), pp.1487-1496, 2010.
[32] Ankarali, Z.E., Abbasi, Q.H., Demir, A.F., Serpedin, E., Qaraqe, K. and
Arslan, H. “A comparative review on the wireless implantable medical
devices privacy and security”. In Wireless Mobile Communication and
Healthcare (Mobihealth), 2014 EAI 4th International Conference on (pp.
246-249). IEEE, 2014.
[33] Ankaral, Z.E., Demir, A.F., Qaraqe, M., Abbasi, Q.H., Serpedin, E.,
Arslan, H. and Gitlin, R.D. “Physical layer security for wireless im-
plantable medical devices”. In Computer Aided Modelling and Design of
Communication Links and Networks (CAMAD), IEEE 20th International
Workshop on (pp. 144-147). IEEE, 2015.
... In Table 1, we show these reviews and, for each work, we indicate: its publication year, the approach followed (MD-focused or Infrastructure-focused), if it covers different security key aspects in healthcare (requirements, architecture, attacks, and mechanisms), whether it presents a threat taxonomy or uses a threat modelling framework (STRIDE [98] or MITRE ATT&CK [147]), and if it deals with safety and privacy issues. We made this classification to provide, in the best possible [111] 2010 ------- [10] 2010 ----- [2] 2012 ---- [35] 2014 ------ [124] 2014 --- [159] 2014 --- [19] 2015 ---- [73] 2015 ---- [129] 2015 ------- [63] 2015 ------ [8] 2016 ----- [29] 2016 -------- [118] 2017 ------ [76] 2017 ------- [28] 2017 ---- [87] 2017 ---- [114] 2018 ------- [40] 2018 ------- [22] 2018 ----- [34] 2018 ------- [106] 2019 ------- [48] 2019 ---- [119] 2019 --- [157] 2019 ---- [3] 2019 ----- [9] 2019 ------ [107] 2019 -------- [17] 2020 ------- [158] 2020 -------- [52] 2020 ----- [128] 2020 ---- [108] 2021 -- [93] 2021 -------- [139] 2021 ------- [84] 2021 ------- [112] 2022 ---- [71] 2022 ----- [42] 2022 way, the relevant aspects addressed for our survey. In Table 1, the symbol " " denotes that the issues are covered and the "-" that the issue is not covered by the article. ...
... With respect to security attacks, the majority of works [22,34,35,106,118,124,159] referred to attacks addressed to medical devices (IMD, IWMD, and IoMT), mainly classifying them in three types referring to the layer attacked: application layer (malware attack, software attacks), network layer (man-in-the-middle attack, eavesdropping, denial of service-DoS-attack, spoofing attack) and perception layer (physical attack, RFID sniffing/spoofing). Kumar [76] performed a review of cyber-attacks in the healthcare industry and emphasised the importance of protecting this environment indicating real examples of vulnerabilities found in medical devices. ...
... In this context, Altawy and Youssef [8] introduced the Cyber Physical Systems (physical systems where their operation requires advanced connectivity and computation) identifying threats, security properties and explaining IMDs as a use case in this scenario. Rathore et al. [118] proposed different security mechanisms to prevent and react against these attacks, divided them into categories, such as biometric-based approaches, distance-based approaches, key management protocols, audit mechanisms, anomaly detection, and external device methodologies. On the other hand, Nanayakkara et al. [106] performed a statistic study about the different security mechanisms named in the literature and obtained that identification, authentication and authorization mechanisms are the ones that appear the most in the works published. ...
Currently, healthcare is critical environment in our society which attracts attention to malicious activities and has caused an important number of damaging attacks. In parallel, the recent advancements in technologies, computing systems, and wireless communications are changing healthcare environment by adding different improvements and complexity to it. This article reviews the current state of the literature and provides a holistic view of cybersecurity in healthcare. With this purpose in mind, the article enumerates the main stakeholders and architecture implemented in the healthcare environment, as well as the main security issues (threats, attacks, etc.) produced in healthcare. In this context, this work maps the threats collected with a widely used knowledge-based framework, MITRE ATT&CK, building a contribution not seen so far. This article also enumerates the security mechanisms created to protect healthcare, identifying the principal research lines addressed in the literature, and listing the available public security-focused datasets used in machine learning to provide security in the medical domain. To conclude, the research challenges that need to be addressed for future research works in this area are presented.
... H. Rathore, et al. in [9] discussed challenges, security threats related to the safety and privacy of medical equipment, and solutions, including anomaly detection based on ML. ...
... The memory space of the medical equipment being reduced does not allow keeping track of the exchanges made via log files. In terms of communication, medical equipment can only support short-range communications due to their energy limitations [9]. Due to scale, computing capacities, and energy constraints, most wearable devices can only preprocess the sensed data. ...
... Process that leads to additional battery consumption of a medical device, which leads to battery failure [9]. ...
Full-text available
Internet of Medical Things (IoMT) represents an application of the Internet of Things, where health professionals perform remote analysis of physiological data collected using sensors that are associated with patients, allowing real-time and permanent monitoring of the patient's health condition and the detection of possible diseases at an early stage. However, the use of wireless communication for data transfer exposes this data to cyberattacks, and the sensitive and private nature of this data may represent a prime interest for attackers. The use of traditional security methods on equipment that is limited in terms of storage and computing capacity is ineffective. In this context, we have performed a comprehensive survey to investigate the use of the intrusion detection system based on machine learning (ML) for IoMT security. We presented the generic three-layer architecture of IoMT, the security requirement of IoMT security. We review the various threats that can affect IoMT security and identify the advantage, disadvantages, methods, and datasets used in each solution based on ML. Then we provide some challenges and limitations of applying ML on each layer of IoMT, which can serve as direction for future study.
... Advanced health care systems are essential for enduring nursing, giving them a major health care knowledge [24][25][26] and transforming health care data into an important source of health care knowledge [26,27]. We spoke about the study on managing health information in the preceding segment. ...
... Advanced health care systems are essential for enduring nursing, giving them a major health care knowledge [24][25][26] and transforming health care data into an important source of health care knowledge [26,27]. We spoke about the study on managing health information in the preceding segment. ...
Full-text available
Cyber-physical systems (CPSs) are the intelligent systems that offer an interaction among computational, software, and networking resources in a continuous and dynamic fashion. Future systems are likely to be created and developed using CPSs, which have been recognized as a significant area of research. The electric power grid, energy systems, body area networks, modern vehicles, smart homes, cooperative robotics, and smart transportation are the examples for CPS. The security aspects of CPSs can be enhanced with blockchain (BC) technology. For instance, with the combination of CPSs and blockchain, a peer-to-peer energy market is made possible where machines may automatically buy and sell energy based on parameters specified by the user. In this chapter, we summarize recent developments in the creation and applications of CPS, the state-of-the-art and pertinent concepts, numerous CPS applications that have employed blockchain, relevant solutions, and open challenging issues.
... Because of medical equipment's limited memory space, it is impossible to keep track of the exchanges made via log files. Regarding communication, medical equipment can only support short-range communication due to energy limitations (9). Due to scale, computing capacities, and energy constraints, most wearable devices can only preprocess the sensed data. ...
... This medical device stimulates the smooth muscles of the lower stomach equipment to help control chronic nausea and vomiting associated with Gastroparesis. This equipment uses wireless communication that suffers from a lack of encryption, authentication, validation mechanism, and Hardware/Software error (80), making it vulnerable to different attack types, including eavesdropping, information disclosure, tampering, jamming, and resource depletion (9). Therefore, it must be considered when the researchers conceive an IDS for multiple medical devices. ...
... For instance, smartwatches can monitor different body mechanisms like heart rate and electrocardiogram (ECG), smartphones can track the physical activities and sleep apnea, and implanted glucose monitor can automatically control sugar level by injecting insulin to a patient. Moreover, the development of low power wearable biosensors [1], implantable medical devices (IMDs) [2], ultra-low-power body area networks [3], Internet of Things (IoT) technologies [4], and Existing Solutions Rushanan et al. [21] Ellouze et al. [16] Zhang et al. [2] Altawy et al. [17] Rathore et al. [18] Camara et al. [19] Kim et al. [20] Alemdar et al. [22] David et al. [23] Sametin. et al. [24] Pantelop. ...
... Existing surveys: Existing surveys are mostly focused on security and privacy problems, major vulnerabilities, and solutions related to the privacy and safety issues of IMDs [2,[16][17][18][19][20][21]. Among these surveys, Rushanan et al. extensively reviewed security and privacy problems corresponding to telemetry interfaces and software programs, security frameworks, and standard practices that aimed at improving the security of IMDs [21]. ...
Full-text available
Recent advancements in computing systems and wireless communications have made healthcare systems more efficient than before. Modern healthcare devices can monitor and manage different health conditions of patients automatically without any manual intervention from medical professionals. Additionally, the use of implantable medical devices, body area networks, and Internet of Things technologies in healthcare systems improve the overall patient monitoring and treatment process. However, these systems are complex in software and hardware, and optimizing between security, privacy, and treatment is crucial for healthcare systems because any security or privacy violation can lead to severe effects on patients’ treatments and overall health conditions. Indeed, the healthcare domain is increasingly facing security challenges and threats due to numerous design flaws and the lack of proper security measures in healthcare devices and applications. In this article, we explore various security and privacy threats to healthcare systems and discuss the consequences of these threats. We present a detailed survey of different potential attacks and discuss their impacts. Furthermore, we review the existing security measures proposed for healthcare systems and discuss their limitations. Finally, we conclude the article with future research directions toward securing healthcare systems against common vulnerabilities.
... Somasundaram et al. [11] comprehensively studied security challenges in implantable medical devices, underlining the potential risks of unauthorized access and manipulation of therapeutic interventions within the smart healthcare system. Rathore et al. [12] further discussed the security aspects of implantable devices, emphasizing the importance of device integrity, data protection, and the need for multi-faceted security strategies that align with evolving threat landscapes within the context of IoT communication security and protection in smart healthcare systems. ...
Full-text available
Biomedical Microelectromechanical Systems (BioMEMS) serve as a crucial catalyst in enhancing IoT communication security and safeguarding smart healthcare systems. Situated at the nexus of advanced technology and healthcare, BioMEMS are instrumental in pioneering personalized diagnostics, monitoring, and therapeutic applications. Nonetheless, this integration brings forth a complex array of security and privacy challenges intrinsic to IoT communications within smart healthcare ecosystems, demanding comprehensive scrutiny. In this manuscript, we embark on an extensive analysis of the intricate security terrain associated with IoT communications in the realm of BioMEMS, addressing a spectrum of vulnerabilities that spans cyber threats, data manipulation, and interception of communications. The integration of real-world case studies serves to illuminate the direct repercussions of security breaches within smart healthcare systems, highlighting the imperative to safeguard both patient safety and the integrity of medical data. We delve into a suite of security solutions, encompassing rigorous authentication processes, data encryption, designs resistant to attacks, and continuous monitoring mechanisms, all tailored to fortify BioMEMS in the face of ever-evolving threats within smart healthcare environments. Furthermore, the paper underscores the vital role of ethical and regulatory considerations, emphasizing the need to uphold patient autonomy, ensure the confidentiality of data, and maintain equitable access to healthcare in the context of IoT communication security. Looking forward, we explore the impending landscape of BioMEMS security as it intertwines with emerging technologies such as AI-driven diagnostics, quantum computing, and genomic integration, anticipating potential challenges and strategizing for the future. In doing so, this paper highlights the paramount importance of adopting an integrated approach that seamlessly blends technological innovation, ethical foresight, and collaborative ingenuity, thereby steering BioMEMS towards a secure and resilient future within smart healthcare systems, in the ambit of IoT communication security and protection.
... Ce sont des données sensibles à plusieurs titres. Elles participent au soin des patients, bien sûr elles ne doivent pas être modifiées sous peine de nuire à la santé du patient [Rat+17] et sont confidentielles. Par exemple, elles peuvent être source de discrimination comme dans les situations suivantes : ...
Aujourd’hui les données sont de plus en plus externalisées et réutilisées que ce soit dans la santé ou de façon plus générale. L’intérêt de ces techniques est de réduire les coûts associés aux infrastructures informatiques, mais également de permettre un accès simplifié aux données tout en laissant la possibilité de les traiter grâce à des algorithmes de Big data. En effet, des algorithmes de machine learning appliqués sur ces données permettent d’aider le professionnel dans sa prise de décision. Il est néanmoins primordial de rappeler que les données personnelles donc en particulier celle appartenant au secteur de la santé sont des données sensibles. En conséquence de quoi, des réglementations nationales ou internationales imposent leur sécurisation. Cela passe par le fait d’assurer leur confidentialité au travers d’algorithmes de chiffrement ainsi que leur intégrité et traçabilité grâce au tatouage numérique. D’autre part, il est nécessaire de comprendre que les volumes de données utilisées sont très important. Ceci impose que les données et en particulier celle issues de l’imagerie sont compressées afin de réduire les coûts de stockage. C’est pourquoi dans cette thèse, nous nous intéresserons aux trois problématiques associées aux données que sont leur sécurisation, traitement et compression. L’objectif sera alors d’associer ces trois propriétés afin de fournir une solution globale permettant de traiter de façon sécurisée des données compressées. Au cours de ces trois années de thèse, nous avons commencé par nous intéresser aux algorithmes de sécurisation de données qui permettent de les traiter. Ces algorithmes plus connus sous le nom de cryptosystèmes homomorphes existent sous plusieurs formes. Le chiffrement additivement homomorphe permet un nombre limité de traitement, mais est relativement peu coûteuse. Le fully homomorphe augmente les possibilités de traitements au détriment des performances.Notre première solution propose d’allier un cryptosystème additivement homomorphe avec un système de concaténation qui permet une compression dans le domaine chiffré. Elle permet d’effectuer un traitement matriciel sécurisé des données. Cette solution s’inscrit dans le projet Followknee dans lequel l’objectif est de traiter de façon sécurisée des données issues d’une prothèse connectée sur un smartphone. Par la suite, nous avons entrepris d’observer l’influence de la compression sur la précision des modèles de machine learning. L’objectif de cette partie étant de voir s’il est possible de ne décompresser que partiellement des données et ainsi gagner en termes de coûts calculatoires avant de les utiliser dans de tels modèles. Suite à quoi,nous avons essayé de décompresser partiellement et de façon sécurisée des données grâce à des cryptosystèmes fully homomorphes. Ceci représente la première étape d’une chaîne de traitement plus complexe permettant de compresser des données puis de les chiffrer avant de les externaliser vers un cloud.Une fois externalisées, ces données pourront être partiellement décompressées afin d’être utilisées de façon sécurisée au travers d’algorithmes de traitement. Pour finir, nous avons étudié la possibilité d’utiliser un cryptosystème additivement homomorphe en combinaison de calcul multipartite afin de sécuriser l’apprentissage d’un réseau de neurones artificiels.
Wireless connectivity is now playing a critical role in healthcare systems for medical equipment. Numerous benefits are entitled to remote health control, care, and detection of critical cases. Even so, any downside to the protection of these devices against cyber-attacks could cause huge problems, such as exploitation of personal data, mistreatment, and even mortality. Medical devices save lives, but these devices also utilize these advancements to connect to the healthcare network as cellular technology continues its rapid growth. As a part of interconnectivity, due to security flaws with the hardware and applications used to manage patient information and run the system, networks face multiple security vulnerabilities. Security of medical equipment is a growing concern within the healthcare sector. An increasing number of medical instruments and services contain sensitive health-related information that needs to be protected in terms of accuracy, affordability, and secrecy. In the health care domain, managing protection, anonymity, welfare, and usefulness is a requirement in which body area networks (BANs) and IMDs have made it much easier to handle and treat a disease constantly and efficiently. This paper analyzes the limitations generated by technical and end-user demands and theoretical approaches to minimize wireless hazards. In terms of efficiency, mobility, and knowledge processing, the advantages of wireless medical services are incredible. By addressing vulnerabilities and reducing the expense of traumatic accidents, these advantages may be achieved. We also indicate some of the possible theoretical solutions as a countermeasure for security and privacy.KeywordsWireless medical devicesImplantable medical devices (IMD)Health careSecurityPrivacyInternet of things (IoT)
Full-text available
The new culture of networked systems that offer everywhere accessible services has given rise to various types of security tradeoffs. In fact, with the evolution of physical systems that keep getting integrated with cyber frameworks, cyber threats have far more critical effects as they get reflected on the physical environment. As a result, the issue of security of cyber physical systems requires a special holistic treatment. In this paper, we study the tradeoff between security, safety, and availability in such systems and demonstrate these concepts on implantable medical devices as a case study. We discuss the challenges and constraints associated with securing such systems and focus on the tradeoff between security measures required for blocking unauthorized access to the device and the safety of the patient in emergency situations where such measures must be dropped to allow access. We analyze the up to date proposed solutions and discuss their strengths and limitations.
Full-text available
The security issue of wireless Implantable Medical Devices (IMD) is an emerging area of research. The unique challenge here is that an IMD should be accessed by doctors with no authorization for emergency treatments while it still has to be protected from adversaries. In this paper, we propose a novel ECG-based Secret Data Sharing (ESDS) scheme in order to protect the IMD data privacy against eavesdropping and other active attacks from adversaries. The scheme establishes a secure wireless channel wherein the secret is encrypted with a random ECG bit string generated from real-time ECG signals. This secret can only be revealed by an IMD programmer which has the ability of measuring real-time ECG signals synchronously with the IMD. Since there is no pre-deployment of credentials, the IMD can be accessed by doctors without prior authorization. Performance analysis based on the real ECG data shows that the encrypted secret cannot be revealed by non-real-time or other patients' ECG signals; thus, it achieves our design goal of providing robust security.
Conference Paper
Full-text available
Nowadays wireless communication is playing a vital role in implantable medical devices (IMDs) on health-care applications. It has many advantages in remote health monitoring, treatment and prediction for critical cases. However, any drawback in security of these devices against malicious attacks may lead to serious problems, such as theft of private information, wrong treatment and even death. In this paper, a comparative review of the current literature on IMD security research is provided to have a better understanding of the state of the art and the gaps in this direction.
Conference Paper
Full-text available
Wireless communications are increasingly important in health-care applications, particularly in those that use implantable medical devices (IMDs). Such systems have many advantages in providing remote healthcare in terms of monitoring , treatment and prediction for critical cases. However, the existence of malicious adversaries, referred to as nodes, which attempt to control implanted devices, constitutes a critical risk for patients. Such adversaries may perform dangerous attacks by sending malicious commands to the IMD, and any weakness in the device authentication mechanism may result in serious problems including death. In this paper we present a physical layer (PHY) authentication technique for IMDs that does not use existing methods of cryptology. In addition to ensuring authentication, the proposed technique also provides advantages in terms of decreasing processing complexity of IMDs and enhances overall communications performance.
Full-text available
Bioengineering is a field in expansion. New technologies are appearing to provide a more efficient treatment of diseases or human deficiencies. Implantable Medical Devices (IMDs) constitute one example, these being devices with more computing, decision making and communication capabilities. Several research works in the computer security field have identified serious security and privacy risks in IMDs that could compromise the implant and even the health of the patient who carries it. This article surveys the main security goals for the next generation of IMDs and analyzes the most relevant protection mechanisms proposed so far. On the one hand, the security proposals must have into consideration the inherent constraints of these small and implanted devices: energy, storage and computing power. On the other hand, proposed solutions must achieve an adequate balance between the safety of the patient and the security level offered, with the battery lifetime being another critical parameter in the design phase. Copyright © 2015. Published by Elsevier Inc.
The book presents the challenges inherent in the paradigm shift of network systems from static to highly dynamic distributed systems - it proposes solutions that the symbiotic nature of biological systems can provide into altering networking systems to adapt to these changes. The author discuss how biological systems - which have the inherent capabilities of evolving, self-organizing, self-repairing and flourishing with time - are inspiring researchers to take opportunities from the biology domain and map them with the problems faced in network domain. The book revolves around the central idea of bio-inspired systems -- it begins by exploring why biology and computer network research are such a natural match. This is followed by presenting a broad overview of biologically inspired research in network systems -- it is classified by the biological field that inspired each topic and by the area of networking in which that topic lies. Each case elucidates how biological concepts have been most successfully applied in various domains. Nevertheless, it also presents a case study discussing the security aspects of wireless sensor networks and how biological solution stand out in comparison to optimized solutions. Furthermore, it also discusses novel biological solutions for solving problems in diverse engineering domains such as mechanical, electrical, civil, aerospace, energy and agriculture. The readers will not only get proper understanding of the bio inspired systems but also better insight for developing novel bio inspired solutions.
Security of medical embedded systems is of vital importance. Wireless medical devices used in wireless health applications employ large number of sensors and are in particular susceptible to security attacks. They are often not physically secured and are usually used in hostile environments. We have developed theoretical and statistical framework for creating semantic attacks where data is altered in such a way that the consequences include incorrect medical diagnosis and treatment. Our approach maps a semantic attack to an instance of optimization problem where medical damage is maximized under constraints of the probability of detection and root cause tracing. We use a popular medical shoe to demonstrate that low energy and low cost of embedded medical devices increases the probability of successful attacks. We have proposed two types of semantic attacks, respectively pressure-based attack, and time-based attack under two scenarios, a shoe with 99 pressure sensors and a shoe with 20 pressure sensors. We test the effects of the attacks and compare them. Our results indicate that it is surprisingly easy to attack several essential medical metrics and to alter corresponding medical diagnosis.
Conference Paper
The computer security community has recently begun research on the security and privacy issues associated with implantable medical devices and identified both existing flaws and new techniques to improve future devices. This paper surveys some of the recent work from the security community and highlights three of the major factors affecting security and privacy solutions for implantable medical devices: fundamental tensions, software risks, and human factors. We also present two challenges from the security community with which the biomedical community may be able to help: access to medical devices and methods for in vitro experimentation. © 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering.
Conference Paper
Balancing security, privacy, safety, and utility is a necessity in the health care domain, in which implantable medical devices (IMDs) and body area networks (BANs) have made it possible to continuously and automatically manage and treat a number of health conditions. In this work, we survey publications aimed at improving security and privacy in IMDs and health-related BANs, providing clear definitions and a comprehensive overview of the problem space. We analyze common themes, categorize relevant results, and identify trends and directions for future research. We present a visual illustration of this analysis that shows the progression of IMD/BAN research and highlights emerging threats. We identify three broad research categories aimed at ensuring the security and privacy of the telemetry interface, software, and sensor interface layers and discuss challenges researchers face with respect to ensuring reproducibility of results. We find that while the security of the telemetry interface has received much attention in academia, the threat of software exploitation and the sensor interface layer deserve further attention. In addition, we observe that while the use of physiological values as a source of entropy for cryptographic keys holds some promise, a more rigorous assessment of the security and practicality of these schemes is required.