TWO TIER SECURITY SOLUTION FOR IMPLANTABLE MEDICAL DEVICES

Abstract

IMDs of current genre are complex embedded systems with networking capabilities newlinethat aid in wireless communication amongst IMDs and with other external devices. Due to newlinetheir unique placement in human body and resource constraints like low power availability, newlinecomputation and storage capacity, achieving security and privacy for wireless newlinecommunication is difficult. Security for medical devices has gained attention in the recent newlineyears following some well-publicized attacks on Implantable Medical Devices, like newlinepacemakers and insulin pumps. This has resulted in solutions being proposed for securing newlinethese devices, which are usually device specific and useful only for secure communication newlinewith external devices. Multiple IMDs may be implanted in a single patient therefore we newlineargue that securing individual devices will not serve the purpose as these devices will be newlineintegrated sooner or later for advance therapeutic implications. Security solution rather newlinethan being device specific should be patient specific to cater to the security needs of IMDs newlineof a patient. We provide a simple solution to detect active attacks on IMDs and then we provide an emergency aware access control framework for IMDs and also provide a Buddy newlineSystem for secure communication with external devices. Finally, we provide an application newlinelayer security solution which not only allows secure communication between IMDs and newlineexternal devices but also between interoperable IMDs for a single patient. We consider newlineextreme resource constraints of IMD and explore the tradeoffs among different newlinecryptographic primitives for use in IMDs to carefully design a lightweight protocol newlineoptimized for IMDs for mutual authentication and secure communication between the IMD newlineand the proxy device. We also design a secure publish-subscribe communication protocol newlinebetween the proxy device and external devices. Finally, we provide a proof-of-concept newlinefor the proposed two-tier security solution. newline