CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Network security: PRIVATE communication in a PUBLIC world
Network security: PRIVATE communication in a PUBLIC world
Universally Composable Commitments
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks
Proceedings of the 7th International Workshop on Security Protocols
Implantable medical devices as agents and part of multiagent systems
AAMAS '06 Proceedings of the fifth international joint conference on Autonomous agents and multiagent systems
Security and Privacy for Implantable Medical Devices
IEEE Pervasive Computing
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data
SIAM Journal on Computing
Absence makes the heart grow fonder: new directions for implantable medical device security
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Inside risks: Reducing risks of implantable medical devices
Communications of the ACM - One Laptop Per Child: Vision vs. Reality
Proximity-based access control for implantable medical devices
Proceedings of the 16th ACM conference on Computer and communications security
Understanding Cryptography: A Textbook for Students and Practitioners
Understanding Cryptography: A Textbook for Students and Practitioners
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Physiological value-based efficient usable security solutions for body sensor networks
ACM Transactions on Sensor Networks (TOSN)
PSKA: usable and secure key agreement scheme for body area networks
IEEE Transactions on Information Technology in Biomedicine
They can hear your heartbeats: non-invasive security for implantable medical devices
Proceedings of the ACM SIGCOMM 2011 conference
WISA'11 Proceedings of the 12th international conference on Information Security Applications
Using the Timing Information of Heartbeats as an Entity Identifier to Secure Body Sensor Network
IEEE Transactions on Information Technology in Biomedicine
A novel biometrics method to secure wireless body area sensor networks for telemedicine and m-health
IEEE Communications Magazine
Distance Hijacking Attacks on Distance Bounding Protocols
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
On physical-layer identification of wireless devices
ACM Computing Surveys (CSUR)
Balancing security and utility in medical devices?
Proceedings of the 50th Annual Design Automation Conference
Hi-index | 0.00 |
We present Heart-to-Heart (H2H), a system to authenticate external medical device controllers and programmers to Implantable Medical Devices (IMDs). IMDs, which include pacemakers and cardiac defibrillators, are therapeutic medical devices partially or wholly embedded in the human body. They often have built-in radio communication to facilitate non-invasive reprogramming and data readout. Many IMDs, though, lack well designed authentication protocols, exposing patients to over-the-air attack and physical harm. H2H makes use of ECG (heartbeat data) as an authentication mechanism, ensuring access only by a medical instrument in physical contact with an IMD-bearing patient. Based on statistical analysis of real-world data, we propose and analyze new techniques for extracting time-varying randomness from ECG signals for use in H2H. We introduce a novel cryptographic device pairing protocol that uses this randomness to protect against attacks by active adversaries, while meeting the practical challenges of lightweight implementation and noise tolerance in ECG readings. Finally, we describe an end-to-end implementation in an ARM-Cortex M-3 microcontroller that demonstrates the practicality of H2H in current IMD hardware. Previous schemes have had goals much like those of H2H, but with serious limitations making them unfit for deployment---such as naively designed cryptographic pairing protocols (some of them recently broken). In addition to its novel analysis and use of ECG entropy, H2H is the first physiologically-based IMD device pairing protocol with a rigorous adversarial model and protocol analysis.