An Authentication Protocol for Implantable Medical Devices
M.F. Łoin (TU Delft - Electrical Engineering, Mathematics and Computer Science)
C Dörr – Mentor (TU Delft - Cyber Security)
Christos Strydis – Graduation committee member (TU Delft - Bio-Electronics)
JCA Van Der Lubbe – Coach (TU Delft - Cyber Security)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Proper security mechanism are a crucial part of safe usage of Implantable Medical Devices. Multiple researchers presented various solutions to address this problem, basing them on different underlying principles. Within the scope of this thesis we perform a security analysis of the chosen authentication protocols. What is more, we present a new attack on a scheme based on physiological signal processing using a fuzzy vault cryptographic primitive. We exploit the fact that the signal generated by the heart beats does not change sufficiently in the frequency domain. Therefore it is possible that the adversary reuses signal recorded at some earlier point of time to authenticate to the implant in real time. We show in an experimental way that it is able to break the scheme with probability reaching 75%. Finally, we propose a novel lightweight authentication protocol based on hash chains. To ensure the applicability of our work, we have decided to use only energy efficient solutions, that is hash functions and block ciphers. In contrast to existing work, we have extended the threat model and considered the implant reader distrusted. We present a set of energy measurements to provide advantages of different elements to be used during implementation of our solution.