ArticlePDF Available

Cyber-Attacks on Medical Implants: A Case Study of Cardiac Pacemaker Vulnerability

Authors:

Abstract and Figures

This paper describes the vulnerability of the medical implants due to cyber-attacks, which can result in unexpected behavior of these devices thus causing severe damage to human safety. Although, it seems hard to believe that someone’s implantable medical device (IMD), e.g. pacemaker or insulin pump can be hacked by an eavesdropper, in reality, researchers have demonstrated that these embedded medical devices can turn into assassination weapons by modifying the operation through remote access. It is therefore important to address these issues to ensure safety and security in medical cyber physical systems. Model based control is implemented in Matlab/Simulink to demonstrate the control of pacemaker device. Moreover, certain attack models are used to visualize the effects of cyber-attacks on cardiac pacemaker.
Content may be subject to copyright.
International Journal of Computing and Digital Systems
ISSN (2210-142X)
Int. J. Com. Dig. Sys. #, No.# (Mon-20..)
E-mail:engrzee@gmail.com
http://journals.uob.edu.bh
Cyber-attacks on medical implants: A case study of Cardiac
Pacemaker vulnerability
Muhammad Muneeb Ur Rehman, Hafiz Zia Ur Rehman and Zeashan Hameed Khan
Department of Mechatronics and Biomedical Engineering, Air University, Islamabad, Pakistan
E-mail address: mnburrahman2@gmail.com, hzia05@gmail.com, engrzee@gmail.com
Received ## Mon. 20##, Revised ## Mon. 20##, Accepted ## Mon. 20##, Published ## Mon. 20##
Abstract: This paper describes the vulnerability of the medical implants due to cyber-attacks, which can result in unexpected behavior
of these devices thus causing severe damage to human safety. Although, it seems hard to believe that someone’s implantable medical
device (IMD), e.g. pacemaker or insulin pump can be hacked by an eavesdropper, in reality, researchers have demonstrated that these
embedded medical devices can turn into assassination weapons by modifying the operation through remote access. It is therefore
important to address these issues to ensure safety and security in medical cyber physical systems. Model based control is implemented
in Matlab/Simulink to demonstrate the control of pacemaker device. Moreover, certain attack models are used to visualize the effects
of cyber-attacks on cardiac pacemaker.
Keywords: Implantable medical device, Cyber-attack, Cardiac pacemaker, Cyber physical system
1. INTRODUCTION
Due to rapid growth of micro and nanotechnology,
miniature devices are getting popular to control human
biological systems e.g. artificial pancreas, pacemaker etc.
A medical cyber physical system (CPS) is a network of
regulator, communication, sensing and actuation of the
embedded components to monitor and control the physical
process of patients [1]. However, as for a typical CPS,
safety and security are equally important aspects and these
complex systems are responsible to control biological
process of a human organ. As future healthcare systems are
heading towards “e-health”, more focus is required to
establish trust as these embedded systems are vulnerable to
cybersecurity threats that can jeopardize patient health and
safety [2].
Implantable cardioverter defibrillators (ICDs) and
pacemakers are examples of IMDs used to control the heart
rhythms by sending electrical impulses to heart for
synchronization [3]. External devices connected remotely
to access the data from ICDs where patient need not to
come to the hospital and physicians are kept informed
about the functioning of pacemaker implants. An artificial
pancreas also functions the same way by continuously
monitoring the blood sugar level and controlling an insulin
pump to inject appropriate amount of insulin to the blood
stream [4, 5]. Due to wireless link connectivity, an intended
attacker can hack into the signal to alter the device
functioning. One such concern was documented by
Department of Homeland Security industrial control
system advisories who highlighted the security breach,
which can be easily accessed in case of Medtronic insulin
pump over-dosage resulting in sudden hypoglycemic
condition mortal for the patient [6].
Although, in the medical history, until present, no
patient died due to cyber-attack on IMDs, experts
demonstrated several times that such devices can be
accessed and reprogrammed remotely by a malicious
intruder, which can be fatal for the safety of the patient
using it. In 2008, a team of researchers revealed for the first
time that implantable cardiac defibrillators (ICD) can be
reprogrammed using a low cost, commercially available
programmer to deny service i.e. making them useless for
the patient [7]. After that, several others have demonstrate
2 Author Name: Paper Title
http://journals.uob.edu.bh
d different scenarios for hacking embedded medical
devices including pacemakers and insulin pumps [8-10].
Securing such safety critical systems for instance, may
require multi-factor biometric template generation for
authentication to device programming and interconnected
adapter nodes for secure access to human interface [11-13].
2. IMPLANTABLE MEDICAL DEVICES (IMDS)
IMDs aim to address various malfunctioning of human
organs in order to ensure correct operation necessary for
the quality of life. Due to wireless connection with the
external world, these devices are potential candidate for
cyber-attacks, which can risk a victim’s life. Nowadays,
there are very few efficient solutions to these attacks, which
could address the issues of reliability, security and power
consumption. There have been efforts to secure the
communication link of medical implants [14]. One such
approach proposes using optical secure communication for
data exchange between IMD and external world with
minimal packet size and energy overheads [15]. Some
examples of IMDs include biosensors, open loop IMDs and
closed loop IMDs.
Figure 1. Biosensor patch based monitoring
Biosensors periodically transmit measurements to the
patch, which then sends the measurement to a peripheral
monitoring segment as shown in Fig. 1.
Figure 2. Open-loop implantable medical device
Open-loop IMDs often combine the monitor and
controller to form a patient interface. Based on the data
from the sensor, the patients are able to monitor their
health status as shown in Fig. 2. Based on the status,
commands are issued so that the open loop IMD can work
as required. The communication between the implant and
the peripheral interface is usually not encrypted.
In closed-loop IMDs, the control is established on the
interconnection between the sensor and thse actuator inside
the body as shown in Fig. 3. While patients do not have
access to monitor them, they do require skilled
configurations from the hospital/clinic. Due to power
consumption considerations, the communication is
typically not encrypted. Typically, the battery cannot be
charged and surgery is required to remove it.
Figure 3. Closed-loop implantable medical device
3. PACEMAKER IMPLANTS
A progressive debility in maximum heart rate (mHR) in
humans and other mammals is a fundamental phase of
aging [16]. The drop in mHR is independent of class, health
and lifestyle, affecting women and men equally from all
traits of life. Notably, mHR deterioration is the major factor
of age-dependent aerobic capacity decline that eventually
restricts functional independence for many older people.
The continuing reduction in mHR with age imitates a
slackening of the intrinsic pacemaker action of the
sinoatrial (S/A) node of the heart, which is the outcome of
electrical transformation of individual pacemaker cells
along with structural remodeling and a blunted β-
adrenergic response.
Continuous cardiac functioning is essential for human
beings. Therefore, patients with abnormal heart rhythms
are advised to get a pacemaker implanted in their body,
which are expected to be robust and fail-safe device with
durable battery life ending up to a decade. Thus, various
problems in the natural conduction system of the heart are
addressed by using an artificial pacemaker, which
constantly observes and corrects the heart rate whenever
required. A pacemaker is an electronic device used to
generate pacing signals for the heart in order to correct
irregular heart beat [17]. Irregular heartbeat (arrhythmia)
can may result in stroke, heart failure and other
complications related to the heart. Pacemaker therapy in
atrial fibrillation is also very effective [3]. Pacemaker
implants are placed under the skin near left or right
Int. J. Com. Dig. Sys. #, No.#, ..-.. (Mon-20..) 3
http://journals.uob.edu.bh
collarbone through surgical procedure. Insulated leads are
inserted in the heart chambers through cephalic or
subclavian veins, which supply electrical impulses from
the implantable pulse generator (IPG) to the heart as
shown in Fig. 4. Moreover, it also senses the cardiac
depolarization [18]. Pacemaker is in fact, a real time
computer controlled system with predefined tasks
precedence. A low-power, robust microcontroller
interfaced with required memory space is chosen as the
core component of this intelligent machine [19].
Figure 4. Cardiac pacemaker implant with pacing leads
Figure 5. Inside block diagram of cardiac pacemaker [19]
Effectively, a cardiac pacemaker is composed of an
implantable pulse generator (IPG) connected to leads
(cathode/anode). The IPG is further composed of a battery,
analog/digital circuitry and sensing/actuation connectors
as shown in Fig. 5. A pacemaker can have unipolar or
bipolar electrode configuration in case one or two leads are
connected to the heart muscles. Several sensing and
control algorithms for pacemakers have been proposed in
the literature. For example, a wavelet based ECG detector
for implantable cardiac pacemaker is discussed in [20]
while a novel PID controller with adaptive correction
factor for heart rate control is presented in [21].
Modern pacemakers durability allows them to be used
for pacing as well as for other cardiac diagnostic
applications. Low energy electrical pulses generated by
pacemaker can speed up a slow heart rhythm, thus helping
to maintain a constant heart rate by harmonizing electrical
signaling between the upper and lower chambers as well
as between the ventricles of the heart.
A. Schematic of Pacemaker
Typically, a microcontroller based pacemaker design
involves related circuitry to sense and actuate the heart
muscle activity through electronics [17]. The basic
functionality of this electronics is to generate appropriate
pacing pulses based on the input from the electrodes. A
schematic of cardiac pacemaker is shown in Fig. 5.
B. Telemetry link
Pacemakers can transmit and receive information
through a wireless telemetry connection. The baud rate of
this two-way communication is around 300 bps. Using this
link, important data for example pulse amplitude and
duration, lead current, lead impedance and battery
condition can be assessed in real time [22]. An external
programmer is supplied to modify any of the
programmable parameters using encoded instruction set
and to retrieve diagnostic data.
The telemetry link provides an essential interface for
data exchange; however, it also results in the vulnerability
of the overall system. It is recommended to incorporate
encryption and password protection in the link to avoid
information breach by a malicious extruder.
4. CYBER ATTACK TYPES AND MECHANISMS
As discussed above, due to lack of security
mechanisms, wireless-enabled IMDs are susceptible to
different security threats [15]. In general, the target of
adversary attack aims to impact on confidentiality, integrity
and availability of the IMDs [13]. It is important to analyze
the medical CPS for resilience by modeling and simulating
cyber-attacks. Following attack models are described as the
possible threats to the medical CPS [23].
A. Basic Attack Models
In this type of attack, an attacker may use physical
alteration in order to disrupt signals of a medical CPS [24].
The original or the intended signal is us and vs is the
attacked signal. We assume that the attacker employs high-
energy radiation/electromagnetic signals directed to the
system’s sensors or communication devices. The attack
duration is assumed to be during the period [τstart, τend].
1) Denial of service (DoS) attack model: Also known
as the interruption attack model, DoS service attack results
4 Author Name: Paper Title
http://journals.uob.edu.bh
in no data communication during the period of attack. It is
represented as:
elseu
v
s
endstart
s
0
(1)
2) Man in the middle (MIM) attack model: This attack
refers to the action of a human evasdropper in the loop.
The intended signal us is transformed to the manipulated
signal um controlled by the eavesdropper during the attack
duration. It is represented as:
elseu
u
v
s
endstartm
s
(2)
3) Down-sampling attack model: This attack type
reduces the sampling rate of the intended signal. This
means that the quality of control (QoC) will be
considerably reduced due to this attack.
lows
low
downs
low
uv
elseu
rateu
u
0mod
(3)
B. Control parameter attack
In this type of cyber-attack, the invader directly get
access to the system controller in order to modify the
control parameters. Altering the control parameters to
arbitrary values induces an incorrect operation of the
device.
In this discussion, we assume that an attacker is able to
break into the system and is able to get access of the
control parameters directly thus bypassing the details of
the cybersecurity break-in to the system. Therefore, in the
control parameter attack, the attacker is able to destabilize
the system by amending the control parameters as follows:
elseu
atk
v
par
endstartpar
par
(4)
Where,
par
u
and
par
v
are the intended and the
modified parameters respectively. Moreover, atkpar denotes
the modified parameter value. The vulnerable control
parameters of the device will be changed by the attacker’s
supplied parameter because of this attack.
C. Coordinated Attack
In an attempt to design robust medical CPS, such safety
critical systems are equipped with redundant physical
components to withstand basic cyber-attacks. Thus,
attackers plan to execute a coordinated attack that is a
combination of two or more basic attack mechanisms in
order to sabotage the correct operation of an embedded
medical implant. As an example, we consider a coordinated
attack comprising of man-in-the-middle attack coordinated
with a control parameter attack.
elseuu
atku
vv
pars
endstartparm
pars ,
,
,
(5)
5. SIMULATION RESULTS
The system model is simulated in Matlab/Simulink to
demonstrate the impact of cyber-attack on the performance
of cardiac pacemaker control. The closed loop control of
heart rate is achieved by a pacemaker sub-system using a
feedback loop [21]. The complete system is shown in Fig.
6 where R(s) is the desired heart rate and Y(s) is the actual
heart rate. The sensing of heart rate is taken as ideal with
no delay or lag. Thus, its transfer function H(s) is assumed
as unity. It is important to note that the set-point heart rate
varies in human w.r.t age.
Figure 6. Block diagram of cardiac pacemaker
A. Control design for Pacemaker
The heart transfer function included in the cardio-
vascular system is taken as a second order under-damped
model as follows [25]:
(6)
The pacemaker dynamics are represented as a first
order lag model as follows:
8
8
)(
s
sGp
(7)
The desirable range is between 60-100 beats per minutes
(bpm). If the heart rate is slower than 60 bpm, it is known
as bradycardia, while if it is higher than 100 bpm, it is
characterized as tachycardia. Both these abnormalities
require appropriate correction. We have designed three
different control schemes i.e. Proportional Integral
derivative (PID), Pole Placement Control (PPC) and
Linear Quadratic Regulator (LQR) to demonstrate the
tracking behavior of pacemaker on heart rate. The time
response behavior of these controllers are tested to see if
the desired heart rate is higher or lower than the nominal
heart rate of 72 bpm.
1) PID Controller
Int. J. Com. Dig. Sys. #, No.#, ..-.. (Mon-20..) 5
http://journals.uob.edu.bh
A base line PID controller is applied for heart rate
tracking control. The PID compensator is simulated in
Simulink as follows:
s
N
N
D
s
IPsGPID 1
1
1
)(
(8)
Following gains are used: Proportional (P) = 1.792, Integral
(I) = 0.231, Derivative (D) = 0.302 and the filter coefficient
(N) =1727.04.
Figure 7. Control performance with PID Controller
Figure 8. Performance comparison of PID and ISA-PID controllers
As seen from the step response, the performance
of the PID controller even after gains tuning is not good.
We next try to add an ISA-PID controller for both reference
tracking and disturbance rejection. A pre-filter F(s)
involves the PID gains from the original controller and a
set-point weight b as follows:
ip
ip
KsK
KsbK
sF
)(
(9)
The performance comparison of both PID and ISA-
PID controllers is shown in Fig. 8. It is evident that ISA-
PID offers reduced overshoot and quick convergence with
improved set-point tracking.
2) Pole placement Controller
Pole placement controller permits the designer to place
the closed loop dynamics as required. Out of three closed
loop poles, dominant pair is placed such that the rise time
(tr) is less than 0.15 sec, settling time (ts) is less than 0.5
sec, the overshoot is less than 5% while steady state error
is zero. These requirements are met with poles placed at [-
10.5±10.71i, -20]. The controller gains to shift these poles
to the desired locations are found to be Kc = [12.2 478
450].
Figure 9. Control performance with Pole Placement Controller
1) LQR Controller
Linear quadratic control is used as an optimal
controller for pacemaker heart rate tracking by minimizing
the following quadratic cost function:
dtRuuQxxJ TT )(
(10)
The weighting matrices ‘Q’ and ‘R’ are adjusted to penalize
the state variables and the control signals. For higher values
of these matrices, these signals are more penalized. After
multiple iterations, the closed loop system is best seen with
rise time of 0.22 sec and overshoot of 3.67% using these Q
and R weighting matrices as shown in Eq. 9.
5
5
210,
1000
0100
0010
RQ
(11)
6 Author Name: Paper Title
http://journals.uob.edu.bh
From Fig. 7, 8, 9, it is clear that although the base line PID
controller shows faster response, there is more than 5%
overshoot in the response and the steady state error is non-
zero. However, the PPC and LQR control results are quite
similar in terms of transient and steady state characteristics
with PPC showing a faster response as compared to LQR.
Figure 10. Control performance with LQR Controller
B. Cyber attack simulation on Pacemaker
We aim to generate different scenarios of cyber-attack
for the vulnerability analysis of our closed loop pacemaker.
We considered only the base line PID controller to simply
the analysis. The case study describes a patient with age
related bradycardia whose heart rate drops below 60 bpm.
His cardiologist advised for the pacemaker implant, which
enables a normal heart rate of 72 bpm. The man-in-the-
middle (MIM) attack during 8 to 14 sec alters the correct
reference value for the pacemaker control and the heart rate
drops back to 52 bpm during this period.
Figure 11. Pacemaker under man-in-the-middle attack during 8≤ t ≤14
In the second scenario, a coordinated attack is
simulated in which the reference heart rate is altered by
MIM attack as well as the control parameter change (by
reducing the derivative gain (Kd) up to 90% of its nominal
value) resulting in pronounced overshoot in the response.
The simulated cyber-attack is successful in disabling the
pacemaker during attack period and generating
bradycardia.
Figure 12. Pacemaker under coordinated attack combining MIM and
Control parmeter attack during 8≤ t ≤14
These two scenarios depict the vulnerability of the
pacemaker devices to cyber-attack. These vulnerability
effects are more evident in the presence of coordinated
attacks. Thus, in addition to the electromagnetic
interference (EMI) effects, cardiac implants may fail to
provide therapy when it is needed or delivering therapy
when it is not needed (resulting in tachycardia/bradycardia)
due to cyber-attacks.
6. CONCLUSION
In the present work, different control techniques are
analyzed to design Heart Rate controller for the embedded
control of pacemaker. Initially, a baseline PID controller is
tuned to satisfy different performance parameters. The PID
controller response is improved by using ISA-PID so that a
better tracking response with disturbance rejection can be
obtained. Moreover, in order to compare the performance,
an optimal LQR and state feedback pole placement
controller (PPC) are also simulated. It is observed that the
response of pole placement controller is better among all
other designs. Next, analysis is done to simulate cyber-
attack on the closed loop system. Two cyber-attacks,
namely MIM and Coordinated attack are simulated to see
the performance. Results have shown that the cyber-attacks
are capable of deteriorating the response of pacemaker by
injecting a variation in set point tracking or by varying any
of the control parameter of the closed-loop system. In
future, extensive simulation models will be developed to
understand the effect of cyber-attacks as well as adaptive
strategies to detect and counter such cyber-attacks on
medical devices.
Int. J. Com. Dig. Sys. #, No.#, ..-.. (Mon-20..) 7
http://journals.uob.edu.bh
REFERENCES
[1] P. Bogdan, S. Jain, and R. Marculescu, "Pacemaker Control of
Heart Rate Variability: A CPS Perspective," ACM Transactions on
Embedded Computing Systems, 05/01 2013.
[2] I. Skierka, The governance of safety and security risks in connected
healthcare, 2018.
[3] S. Park, P. J. Wang, P. C. Zei, H. H. Hsia, M. Turakhia, M. Perez,
et al., "Pacemaker Therapy in Atrial Fibrillation," jcvm, vol. 1, pp.
1-5, 12/04 2013.
[4] S. H. Khan, A. H. Khan, and Z. H. Khan, "Artificial Pancreas
Coupled Vital Signs Monitoring for Improved Patient Safety,"
Arabian Journal for Science and Engineering, vol. 38, pp. 3093-
3102, 2013/11/01 2013.
[5] S. Ata and Z. H. Khan, "Model based control of artificial pancreas
under meal disturbances," in 2017 International Symposium on
Recent Advances in Electrical Engineering (RAEE), 2017, pp. 1-6.
[6] L. h. Newman. (2018, 25th Dec). A New Pacemaker Hack Puts
Malware Directly on the Device. Available:
https://www.wired.com/story/pacemaker-hack-malware-black-hat/
[7] D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B.
Defend, W. Morgan, et al., "Pacemakers and Implantable Cardiac
Defibrillators: Software Radio Attacks and Zero-Power Defenses,"
in 2008 IEEE Symposium on Security and Privacy (sp 2008), 2008,
pp. 129-142.
[8] W. Burleson, S. Clark, B. Ransford, and K. Fu, Design Challenges
for Secure Implantable Medical Devices, 2012.
[9] C. Li, A. Raghunathan, and N. K. Jha, "Hijacking an insulin pump:
Security attacks and defenses for a diabetes therapy system," in
2011 IEEE 13th International Conference on e-Health Networking,
Applications and Services, 2011, pp. 150-156.
[10] E. Marin, D. Singelée, F. Garcia, T. Chothia, R. Willems, and B.
Preneel, On the (in)security of the latest generation implantable
cardiac defibrillators and how to secure them, 2016.
[11] S. H. Khan, M. Ali Akbar, F. Shahzad, M. Farooq, and Z. Khan,
"Secure biometric template generation for multi-factor
authentication," Pattern Recognition, vol. 48, pp. 458-472,
2015/02/01/ 2015.
[12] A. Khalid, P. Kirisci, Z. H. Khan, Z. Ghrairi, K.-D. Thoben, and J.
Pannek, "Security framework for industrial collaborative robotic
cyber-physical systems," Computers in Industry, vol. 97, pp. 132-
145, 2018/05/01/ 2018.
[13] E. Hamadaqa, A. Abadleh, A. Mars, and W. Adi, "Highly Secured
Implantable Medical Devices," in 2018 International Conference on
Innovations in Information Technology (IIT), 2018, pp. 7-12.
[14] L. Bu, M. G. Karpovsky, and M. A. Kinsy, "Bulwark: Securing
implantable medical devices communication channels," Computers
& Security, vol. 86, pp. 498-511, 2019.
[15] A. Mosenia and N. K. Jha, "OpSecure: A Secure Unidirectional
Optical Channel for Implantable Medical Devices," IEEE
Transactions on Multi-Scale Computing Systems, vol. PP, pp. 1-1,
11/08 2017.
[16] C. Peters, E. Sharpe, and C. Proenza, "Cardiac Pacemaker Activity
and Aging," Annual Review of Physiology, vol. 82, 02/10 2020.
[17] M. Sayahkarajy, E. Supriyanto, M. H. Satria, and H. Samion,
"Design of a microcontroller-based artificial pacemaker: An
internal pacing device," in 2017 International Conference on
Robotics, Automation and Sciences (ICORAS), 2017, pp. 1-5.
[18] D. Fitzpatrick, "Chapter 6 - Pacemakers and Implantable
Cardioverter Defibrillators," in Implantable Electronic Medical
Devices, D. Fitzpatrick, Ed., ed Oxford: Academic Press, 2015, pp.
75-97.
[19] S. D. Chede and K. D. Kulat, "Design Overview Of Processor
Based Implantable Pacemaker," JCP, vol. 3, pp. 49-57, 2008.
[20] Y. Min, H. Kim, Y. Kang, G. Kim, J. Park, and S. Kim, "Design of
Wavelet-Based ECG Detector for Implantable Cardiac
Pacemakers," IEEE Transactions on Biomedical Circuits and
Systems, vol. 7, pp. 426-436, 2013.
[21] K. R. A. Govind and R. A. Sekhar, "Design of a novel PID
controller for cardiac pacemaker," in 2014 International Conference
on Advances in Green Energy (ICAGE), 2014, pp. 82-87.
[22] G. Brooker, "Chapter Fourteen - Pacemakers," in Handbook of
Biomechatronics, J. Segil, Ed., ed: Academic Press, 2019, pp. 567-
589.
[23] N. Rashid, J. Wan, G. Quiros, A. Canedo, and M. A. Al Faruque,
"Modeling and simulation of cyberattacks for resilient cyber-
physical systems," in 2017 13th IEEE Conference on Automation
Science and Engineering (CASE), 2017, pp. 988-993.
[24] J. Wan, A. Canedo, and M. A. A. Faruque, "Security-aware
functional modeling of cyber-physical systems," in IEEE 20th
Conference on Emerging Technologies & Factory Automation
(ETFA), 2015.
[25] A. D. S.C Biswas, P.Guha, "Mathematical Model of Cardiovascular
System by Transfer function Method," Calcutta Medical Journal,
2010.
Muhammad Muneeb Ur Rehman is
pursuing his M.S in Mechatronics
Engineering from Air University,
Islamabad, Pakistan. Previously, he
obtained his Bachelor of Mechatronics
Engineering from the same university
in 2019. His interests include modeling
and simulation, design of robots and
mechatronic systems, control design etc. He is a student member
of IEEE.
Hafiz Zia Ur Rehman is working as
an Assistant Professor in the
department of Mechatronics and
Biomedical Engineering, Air
University, Islamabad, Pakistan. He
obtained his Ph.D. in mechatronics
engineering from Hanyang University,
South Korea in 2019. His research
interests include medical image
processing, computer vision and adaptive filtering. He is a
member of Pakistan Engineering Council (PEC).
Zeashan Hameed Khan is working in
the department of Mechatronics and
Biomedical Engineering, Air
University, Islamabad, Pakistan as an
Associate Professor. He obtained his
Ph.D. in control systems from
University of Grenoble, France in
2010. His research interests include
robust control, networked control
systems, cyber physical systems and
biomedical control. He has written more than 50 papers including
journal papers, conference papers and book chapters. He is a
member of IEEE and PEC.
... As an example, the data of over 61 million users worldwide who were using Fitbit and Apple devices [76] was exposed recently. Wearable medical devices, such as cardiac implants [77], [78], implantable insulin delivery pumps [79], [80], and neurological implants [81], [82], are also vulnerable to targeted attacks. As a result, there is a growing impetus to enhance traditional encryption algorithms and explore new ways of encryption that aim to bolster the overall security and reliability of wearable devices and safeguard the sensitive data and health information of users. ...
Article
Full-text available
Chaos-based encryption is a promising approach to secure communication due to its complexity and unpredictability. However, various challenges lie in the design and implementation of efficient, low-power, attack-resistant chaos-based encryption schemes with high encryption and decryption rates. In addition, Machine learning (ML) has emerged as a promising tool for enhancing the growing security and efficiency concerns and maximizing the potential of emerging computing platforms across diverse domains. With the rapid advancements in technology and the increasing complexity of computing systems, ML offers a unique approach to addressing security challenges and optimizing performance. This paper presents a comprehensive study on the application of ML techniques to secure chaotic communication for wearable devices, with an emphasis on chaos-based encryption. The theoretical foundations of ML for secure chaotic communication are discussed, including the use of ML algorithms for signal synchronization, noise reduction, and encryption. Various ML algorithms, such as deep neural networks, support vector machines, decision trees, and ensemble learning methods, are explored for designing chaos-based encryption algorithms. This paper places a greater emphasis on methodological aspects, metrics, and performance evaluation of machine learning algorithms. In addition, the paper presents an in-depth investigation into state-of-the-art ML-assisted defense and attacks on chaos-based encryption schemes, covering their theoretical foundations and practical implementations. Furthermore, a review of the potential advantages and limitations associated with the utilization of ML techniques in secure communication systems and encryption is provided. The study extends to exploring the diverse range of applications that can benefit from ML-assisted encryption, such as secure communication in the Internet of Things (IoTs), cloud computing, and wireless networks. Overall, we provide insights into the applications of ML for secure chaotic communication in wearable devices, its challenges, and opportunities, offering a foundation for further research and development and facilitating advancements in the field of secure chaotic communication.
... By reducing medical costs and encouraging healthy habits, IoT devices have become more popular due to the growing demand from people worldwide. Given the importance of monitoring individuals' health to prevent potential consequences, IoT technologies can play a crucial role in detection, especially in situations where continuous monitoring is necessary to prevent putting a larger group of people at risk [8,9]. ...
Article
Full-text available
Wearable devices are starting to gain popularity, which means that a large portion of the population is starting to acquire these products. This kind of technology comes with a lot of advantages, as it simplifies different tasks people do daily. However, as they recollect sensitive data, they are starting to be targets for cybercriminals. The number of attacks on wearable devices forces manufacturers to improve the security of these devices to protect them. Many vulnerabilities have appeared in communication protocols, specifically Bluetooth. We focus on understanding the Bluetooth protocol and what countermeasures have been applied during their updated versions to solve the most common security problems. We have performed a passive attack on six different smartwatches to discover their vulnerabilities during the pairing process. Furthermore, we have developed a proposal of requirements needed for maximum security of wearable devices, as well as the minimum requirements needed to have a secure pairing process between two devices via Bluetooth.
... As health and personal information become remotely obtainable, the risk of violating the privacy of patients' data and their electronic health records increases substantially. Also, these devices can be reconfigured or turned off [2], which may contribute to severe consequences for the patient's health. As most network intrusion detection systems (NIDS) cannot fully provide the necessary protection for IoT networks because of the ever increasing pace of new attack types and methods [3], novel ways to detect potential anomalies must be sought. ...
Article
Full-text available
Given the Internet of Things rapid expansion and widespread adoption, it is of great concern to establish secure interaction between devices without worsening the quality of their performance. Using machine learning techniques has been shown to improve detecting anomalous behavior in these types of networks, but their implementation leads to poor performance and compromised privacy. To better address these shortcomings, federated learning is being introduced. It enables devices to collaboratively train and evaluate a shared model while keeping personal data on-site (e.g., smart homes, intensive care units, hospitals, etc.), thus minimizing the possibility of an attack and fostering real-time distribution of models and learning. The paper investigates the performance of federated learning in comparison to deep learning, with respect to network intrusion detection in ambient assisted living environments. The results demonstrate comparable performances of federated learning with deep learning, while achieving improved data privacy and security.
... Cyberattacks demonstrated against pacemakers and insulin pumps are an important parallel to the prospect of a targeted attack against crew members [29], [30]. In these demonstrated attacks, medical devices that are life-critical have been compromised and made to malfunction. ...
Conference Paper
Full-text available
Space system cybersecurity is of paramount concern to the rapidly growing space sector. Human spaceflight programs are also increasing in number, ranging from space tourism to high-criticality missions. The safety of such missions is often studied, but the unique cybersecurity considerations of human spaceflight and the potential cyber risks to safety is never openly discussed. This paper describes cyber risks inherent to human spaceflight and highlights the need for further study and protocol to improve the safety of future missions. Additionally, cyber risk mitigation measures are proposed that could directly reduce the human spaceflight safety risks induced by cyber threats.
Article
Wearable and implantable medical devices (IMDs) are increasingly deployed to diagnose, monitor, and provide therapy for critical medical conditions. Such medical devices are safety-critical cyber-physical systems (CPSs). These systems support wireless features introducing potential security vulnerabilities. Although these devices undergo rigorous safety certification processes, runtime security attacks are inevitable. Based on published literature, IMDs such as pacemakers and insulin infusion systems can be remotely controlled to inject deadly electric shocks and excess insulin, posing a threat to a patient’s life. While prior works based on formal methods have been proposed to detect potential attack vectors using different forms of static analysis, these have limitations in preventing attacks at runtime. This paper discusses a formal framework for detecting cyber-physical attacks on a pacemaker by monitoring its security policies at runtime. We propose a wearable device that senses the Electrocardiogram (ECG) and Photoplethysmogram (PPG) of the body to detect attacks in a pacemaker. To facilitate the design of this device, we map the security policies of a pacemaker w.r.t ECG and PPG, paving the way for designing formal verification monitors for pacemakers for the first time using multiple physiological signals. The proposed monitoring framework allows the synthesis of parallel monitors from a given set of desired security policies, where all the monitors execute concurrently and generate an alarm to the user in the case of policy violation. Our implementation and the performance evaluation results demonstrate the technical feasibility of designing such a wearable device for attack detection in pacemakers. This device is separate from the pacemaker, ensuring no need for re-certification of pacemakers. Our approach is amenable to the application of security patches when new attack vectors are detected, making the approach ideal for runtime monitoring of medical CPSs.
Chapter
As the presence of Fintech in financial services industry is growing, its impact on various stakeholders is hard to ignore. Two of the most important stakeholders are the financial institutions, particularly banks, and the users of the financial services—the customers. Traditional financial institutions are reinventing their products and services by collaborating with the Fintech companies. In return, customers are getting more innovative, accessible, quality products and services at a competitive rate. This chapter attempts to find out the impact of this disruptive technology on the providers of financial services by using secondary data. The present study is equally exploratory and descriptive in nature. Results help explore the level of Fintech adoption among the Islamic banks from the MENA region. The findings of the study reveal that the adoption of Fintech in MENA region by Islamic banks is still at the nascent stage.
Chapter
COVID-19 has created massive havoc to the global operations and business processes and the uncertain economic conditions have made the world think about the abrupt solutions to tackle the problem efficiently. Islamic fintech has provided the world with innovative solutions to overcome the devastating impact of this pandemic. Against this backdrop, this study aims to investigate the effective solutions provided by Islamic fintech in the post-COVID period. The study mainly opted for the qualitative framework to carry out its research and provide workable solutions to the world offered by Islamic fintech in the post-COVID era. Various technological innovations compatible with Islamic finance have initiated a great deal of competition with its long-lasting and sustainable impact on the growth of the economies. The COVID period, which is still going on, is marked by substantial growth and development followed by the fintech innovations to address the demands of the customers. This study is expected to play a key role in promoting the Islamic fintech solutions to overcome the economic hazards created by the coronavirus pandemic.KeywordsCOVID-19Economic downfallIslamic fintechRecovery stagesResponse to COVID-19
Chapter
Wireless connectivity is now playing a critical role in healthcare systems for medical equipment. Numerous benefits are entitled to remote health control, care, and detection of critical cases. Even so, any downside to the protection of these devices against cyber-attacks could cause huge problems, such as exploitation of personal data, mistreatment, and even mortality. Medical devices save lives, but these devices also utilize these advancements to connect to the healthcare network as cellular technology continues its rapid growth. As a part of interconnectivity, due to security flaws with the hardware and applications used to manage patient information and run the system, networks face multiple security vulnerabilities. Security of medical equipment is a growing concern within the healthcare sector. An increasing number of medical instruments and services contain sensitive health-related information that needs to be protected in terms of accuracy, affordability, and secrecy. In the health care domain, managing protection, anonymity, welfare, and usefulness is a requirement in which body area networks (BANs) and IMDs have made it much easier to handle and treat a disease constantly and efficiently. This paper analyzes the limitations generated by technical and end-user demands and theoretical approaches to minimize wireless hazards. In terms of efficiency, mobility, and knowledge processing, the advantages of wireless medical services are incredible. By addressing vulnerabilities and reducing the expense of traumatic accidents, these advantages may be achieved. We also indicate some of the possible theoretical solutions as a countermeasure for security and privacy.KeywordsWireless medical devicesImplantable medical devices (IMD)Health careSecurityPrivacyInternet of things (IoT)
Article
Full-text available
A progressive decline in maximum heart rate (mHR) is a fundamental aspect of aging in humans and other mammals. This decrease in mHR is independent of gender, fitness, and lifestyle, affecting in equal measure women and men, athletes and couch potatoes, spinach eaters and fast food enthusiasts. Importantly, the decline in mHR is the major determinant of the age-dependent decline in aerobic capacity that ultimately limits functional independence for many older individuals. The gradual reduction in mHR with age reflects a slowing of the intrinsic pacemaker activity of the sinoatrial node of the heart, which results from electrical remodeling of individual pacemaker cells along with structural remodeling and a blunted β-adrenergic response. In this review, we summarize current evidence about the tissue, cellular, and molecular mechanisms that underlie the reduction in pacemaker activity with age and highlight key areas for future work. Expected final online publication date for the Annual Review of Physiology, Volume 82 is February 10, 2020. Please see http://www.annualreviews.org/page/journal/pubdates for revised estimates.
Conference Paper
Full-text available
As healthcare is increasingly digitized and interconnected, medical systems are exposed to cybersecurity threats that can endanger patient health and safety. This paper examines how the convergence of safety and security risks in connected healthcare challenges the governance of medical systems safety in Europe. The analysis shows that the management of safety and security risks of medical systems requires the extension of existing governance mechanisms, including regulation, standards, and industry best practices, to combine both safety and cybersecurity in healthcare. It puts forward policy and industry recommendations for the improvement of medical systems cybersecurity in Europe, including pre-market certification and post-market monitoring and surveillance mechanisms, effective information sharing, vulnerability handling, and patch management. The paper draws comparisons with medical device cybersecurity guidelines in the United States, and with technical controls, standards, and best practices in the domain of industrial control systems security.
Conference Paper
Full-text available
Implantable Medical Devices (IMDs) typically use proprietary protocols with no or limited security to wirelessly communicate with a device programmer. These protocols enable doctors to carry out critical functions, such as changing the IMD's therapy or collecting telemetry data, without having to perform surgery on the patient. In this paper, we fully reverse-engineer the proprietary communication protocol between a device programmer and the latest generation of a widely used Implantable Cardioverter Defibrillator (ICD) which communicate over a long-range RF channel (from two to five meters). For this we follow a black-box reverse-engineering approach and use inexpensive Commercial Off-The-Shelf (COTS) equipment. We demonstrate that reverse-engineering is feasible by a weak adversary who has limited resources and capabilities without physical access to the devices. Our analysis of the proprietary protocol results in the identification of several protocol and implementation weaknesses. Unlike previous studies, which found no security measures, this article discovers the first known attempt to obfuscate the data that is transmitted over the air. Furthermore, we conduct privacy and Denial-of-Service (DoS) attacks and give evidence of other attacks that can compromise the patient's safety. All these attacks can be performed without needing to be in close proximity to the patient. We validate that our findings apply to (at least) 10 types of ICDs that are currently on the market. Finally, we propose several practical short- and long-term countermeasures to mitigate or prevent existing vulnerabilities.
Article
Implantable medical devices (IMDs) have been used to manage a broad range of diseases and ailments. They are convenient for patients due to their small sizes, unobtrusiveness and portability using wireless monitors or controllers. However, the wireless communication between these devices and their controllers often lacks security features or mechanisms. This lack of security makes the use of these devices a fertile ground for passive and active attacks. Unlike other cyber attacks which target victims’ information or property, attacks on medical devices can threaten a victim's life. Currently, there are very few efficient solutions to these attacks which balance security, reliability, and power consumption. Therefore, in this work, we propose a robust approach for guarding against existing and potential communication-based attacks on IMDs while keeping the added hardware and power consumption low. In addition, we introduce a secure and efficient protocol for authorizing third-party medical teams to access the IMDs in the case of an emergency.
Conference Paper
This work is targeting a solid security improvement in the wireless communication between existing and possibly future implantable medical devices (IMDs) and Programmer Monitor Device (PMD). A public medical server acting as a trusted Authority is introduced. A dedicated Pacemaker Proxy Device (PPD) is proposed to serve as a security mediator between PMD and IMD taking care of all medical security, liability and responsibility issues. The key idea is based on embedding low-complexity and resilient digital physical identities based on a new concept in the system devices to prohibit physical substitution/cloning attacks. A biometric identity extracted from the patient’s ECG (electrocardiogram) is supporting the security system by adding rather hard-to-clone patient personal health profile. A machine learning algorithm is deployed to extract such biometric identity (key). The initial results of the proposed approach showed practical accuracy in extracting the biometric identity approaching 95%. The whole resulting system ensures solid, resilient and high level of protection for future smart medical environment.
Article
The paper introduces a security framework for the application of human-robot collaboration in a futuristic industrial cyber-physical system (CPS) context of industry 4.0. The basic elements and functional requirements of a secure collaborative robotic cyber-physical system are explained and then the cyber-attack modes are discussed in the context of collaborative CPS whereas a defense mechanism strategy is proposed for such a complex system. The cyber-attacks are categorized according to the extent on controllability and the possible effects on the performance and efficiency of such CPS. The paper also describes the severity and categorization of such cyber-attacks and the causal effect on the human worker safety during human-robot collaboration. Attacks in three dimensions of availability, authentication and confidentiality are proposed as the basis of a consolidated mitigation plan. We propose a security framework based on a two-pronged strategy where the impact of this methodology is demonstrated on a teleoperation benchmark (NeCS-Car). The mitigation strategy includes enhanced data security at important interconnected adaptor nodes and development of an intelligent module that employs a concept similar to system health monitoring and reconfiguration.
Conference Paper
In this paper, a model based feedback control system equivalent to the functioning of a natural pancreas in human body is designed to monitor and control its blood glucose level (BGL). For a diabetic patient, an insulin dose is required to maintain the glycemic control. The idea of an artificial pancreas consists of a glucagon pump and an insulin infusion, through which glucagon/insulin is entered into the patient's body, based on the most recent blood glucose level (BGL) as sensed by the continuous blood glucose monitoring. Initially, the system response is tested by applying a step input and then a PID controller is tuned for keeping glucose level within the safe ranges. Multiple classical and advanced controllers have been tested to figure out the best result. Optimal performance requirements are achieved with an MPC controller and glucose level tracking is performed under unknown but realistic exogenous meal disturbance. The simulation results show that the patient safety can be enhanced through implementing a real-time MPC strategy.
Article
Implantable medical devices (IMDs) are opening up new opportunities for holistic healthcare by enabling continuous monitoring and treatment of various medical conditions, leading to an ever-improving quality of life for patients. Integration of radio frequency (RF) modules in IMDs has provided wireless connectivity and facilitated access to on-device data and postdeployment tuning of essential therapy. However, this has also made IMDs susceptible to various security attacks. Several lightweight encryption mechanisms have been developed to prevent well-known attacks, e.g., integrity attacks that send malicious commands to the device, on IMDs. However, lack of a secure key exchange protocol (that enables the exchange of the encryption key while maintaining its confidentiality) and the immaturity of already-in-use wakeup protocols (that are used to turn on the RF module before an authorized data transmission) are two fundamental challenges that must be addressed to ensure the security of wireless-enabled IMDs. In this paper, we introduce OpSecure, an optical secure communication channel between an IMD and an external device, e.g., a smartphone. OpSecure enables an intrinsically user-perceptible unidirectional data transmission, suitable for physically-secure communication with minimal size and energy overheads.