Download Lecture 4 part B

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
Document related concepts

Switched-mode power supply wikipedia , lookup

Mains electricity wikipedia , lookup

Power over Ethernet wikipedia , lookup

Power engineering wikipedia , lookup

Immunity-aware programming wikipedia , lookup

Electronic engineering wikipedia , lookup

Telecommunications engineering wikipedia , lookup

Transcript 
Special Topics in Security and
Privacy of Medical Information
Sujata Garera
Reminders

Project part 1 submission

Assignment 2 is online
Last lecture: Recap

Medical Telemetry Infrastructure




Devices capturing vital signs
Communication to a controller device
(wirelessly)
Controller device communicates over the
internet to a doctors office for example
What are some of the goals that should be kept
in mind when setting such a system up ?
1
Last lecture Recap:
Work by Halperin et al.

Security and privacy properties of an
implantable cardioverter defibrillator (ICD)



Includes pacemaker technology
Communicates wirelessly with external
programmer device in 175Khz frequency range
What was the adversarial model they
considered ?
Last lecture Recap: Results of
study
Recap: Reverse engineering
transmissions
Commercial
Programmer
Reverse Engineer
2
Recap:Reverse engineering
transmissions

Reverse engineering the physical layer


Encoding convert data bits into radio symbols
Modulation process of varying one waveform
in relation to other waveform
Recap: Reverse engineering
transmissions

Reverse engineering transmissions

Observed that ICD and programmer used
different modulation schemes but same
encoding scheme



Programmer used 2-FSK
ICD used DBPSK
ICD and Programmer used NRZI
Recap: Reverse engineering
transmissions

Reverse engineering the physical layer

Non-Return to Zero Inverted with bit stuffing


Zero bits are represented with no change in symbol over one
symbol period
One bits are represented by a change of symbol state
3
Recap: Eavesdropping

Transaction timeline of conversation
between ICD programmer and ICD
Through Eavesdropping were able to obtain PII and telemetry
Information
How were they able to identify if the data being sent is
actually telemetry information ?
Active attacks with Software
Programmer

Replay attacks

Transmit only attacks over 175 KHz band

Start with ICD in known state
Replay the transmissions in a loop

Observe ICD state after transmissions


One second to 37.7 seconds
Active attacks

Replay attacks

Triggering ICD identification

Replay 1.5 second auto identification trace recorded from
programmer


Disclosed several details about ICD such as model and serial
number
Disclosing patient data

After identification programmer asks ICD for rest of
information stored on it including patient data

GNU Radio used to replay 26 second capture containing autoidentification and interrogation command
 ICD disclosed same information as with programmer
4
Active attacks

Replay attacks

Disclosing cardiac data



Magnetic field can induce telemetry transmissions
Replaying the initial part of the interrogatory
command can also induce such transmissions from
the ICD
Changing patient name

Used GNU radio to replay the trace for changing a
patient name
Active attacks

Replay attacks

Setting the ICD’s clock

Changing therapies



Attack succeeded after 10 replays
Therapies are ICD responses to cardiac events
GNU Radio used to turn of therapies

Without therapies ICD does not respond to potentially
dangerous cardiac conditions
Active attacks

Replay attacks

Inducing fibrillation


ICD has a test mode in which it can induce ventricular
fibrillation
Introduced a 100 ohm resistor between the ICDs defibrillation
ports to measure the voltage during a command shock



1 Joule shock sent using programmer
Peak voltage observed is 138.4 V
Replayed command with software radio

30 replay attempts succeeded in causing similar voltage spikes
5
Zero power defenses

What factors must one consider when
incorporating security features in an ICD ?
Zero power defenses


Effective approach should either prevent or deter
attacks by malicious outsiders with custom
equipment as well as insiders with commercial
programmers
Security and privacy should draw no power from
the battery life



Prevent DOS on power
Security sensitive events should be effortlessly
detectable by the patient
Security mechanisms should not introduce failure
modes
Detection

Zero power notification for patients

Alerts patients to potentially malicious activities both
by insiders using commercial programmers and by
outsiders using custom attack hardware

Wirelessly drives a piezo element that can audibly warn a
patient of security sensitive events
6
Detection

Zero power notification for patients

How can you evaluate the effectiveness of
their prototype ?
Detection

Zero power notification for patients

Placed prototype in an environment designed to
simulate a human
Prevention

Zero power authentication
7
Prevention

Zero power authentication

Key management


Large scale deployment of shared key material may
pose risk of compromise by unauthorized party
Revocation of privileges
Zero power sensible key
exchange
Future directions

Medical device design



Investigate prevention detection and audit
mechanisms
Develop methods that balance security and
privacy with safety and effectiveness
Develop a set of design principles for secure
design of IMDs and other medical devices
8
This lecture

Based on


“Pacemakers and Implantable Cardiac
Defibrillators: Software Radio attacks and
Zero Power Defenses” by Halperin et al.
available on website.
“Security and Privacy for Implantable
Medical Devices”
9
Related documents
Computers in the Medical Society
Computers in the Medical Society
Perioperative Considerations of Pacemakers
Perioperative Considerations of Pacemakers
slides - People
slides - People
primary prevention patients similar to secondary
primary prevention patients similar to secondary
Atrial Fibrillation and Sudden Death: Are they linked?
Atrial Fibrillation and Sudden Death: Are they linked?
Wearable Cardioverter Defibrillators
Wearable Cardioverter Defibrillators
TELEMONITORING OF PACEMAKER / ICD PATIENTS
TELEMONITORING OF PACEMAKER / ICD PATIENTS
Implantable Cardioverter Defibrillator ICD Compliance
Implantable Cardioverter Defibrillator ICD Compliance
OXFORD
OXFORD
Icd 10 adenoca unknown primary
Icd 10 adenoca unknown primary
An Initiative Approach to Determine STATE RAILWAY OF THAILAND
An Initiative Approach to Determine STATE RAILWAY OF THAILAND
Punctua ICD - Boston Scientific
Punctua ICD - Boston Scientific