Securing Implantable Medical Devices Using Ultrasound Waves

None, None; None, None; None, None; None, None; None, None

Securing Implantable Medical Devices Using Ultrasound Waves

Journal Article (2021)

Author(s)

Muhammad Ali Siddiqi (Erasmus MC, TU Delft - Electrical Engineering, Mathematics and Computer Science, TU Delft - Electrical Engineering, Mathematics and Computer Science, TU Delft - Electrical Engineering, Mathematics and Computer Science)

Robert H.S.H. Beurskens (Erasmus MC)

Pieter Kruizinga (Erasmus MC)

Chris I. De Zeeuw (Erasmus MC)

Christos Strydis (TU Delft - Electrical Engineering, Mathematics and Computer Science, TU Delft - Electrical Engineering, Mathematics and Computer Science, Erasmus MC, TU Delft - Electrical Engineering, Mathematics and Computer Science)

Research Group

Computer Engineering

Ultrasound IMD Implantable medical device Authentication protocol Battery-depletion attack Body-coupled communication Denial-of-service attack Zero-power defense

DOI related publication

https://doi.org/10.1109/ACCESS.2021.3083576 Final published version

To reference this document use

https://resolver.tudelft.nl/uuid:53c3105f-2d81-46ad-9825-f4d2bed783c1

More Info

expand_more

Publication Year

2021

Language

English

Research Group

Computer Engineering

Journal title

IEEE Access

Volume number

9

Article number

9440455

Pages (from-to)

80170-80182

Downloads counter

201

Collections

Institutional Repository

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

Modern Implantable Medical Devices (IMDs) are vulnerable to security attacks because of their wireless connectivity to the outside world. One of the main security challenges is establishing trust between the IMD and an external reader/programmer in order to facilitate secure communication. Numerous device-pairing schemes have been proposed to address this specific challenge. However, they alone cannot protect against a battery-depletion attack in which the adversary is able to keep the IMD occupied with continuous authentication requests until the battery empties. As a result, energy harvesting has been employed as an ancillary mechanism for implementing Zero-Power Defense (ZPD) functionality in order to protect against such a low-cost attack. In this paper, we propose SecureEcho, a device-pairing scheme based on MHz-range ultrasound that establishes trust between the IMD and an external reader. In addition, SecureEcho achieves ZPD without requiring any energy harvesting, which significantly reduces the design complexity. We also provide a proof-of-concept implementation and a first ever security evaluation of the ultrasound channel, which proves that it is infeasible for the attacker to eavesdrop or insert messages even from a range of a few millimeters.

Files

Securing_Implantable_Medical_D... (pdf)

(pdf | 3.52 Mb)