Muhammad Ali Siddiqi scite author profile

Muhammad Ali Siddiqi

5Publications

52Citation Statements Received

211Citation Statements Given

How they've been cited

How they cite others

134

211

Affiliations

Erasmus MC, Lahore University of Management Sciences, Delft University of Technology

Publications

Order By: Most citations

Attack-tree-based Threat Modeling of Medical Implants

Siddiqi¹,

Seepers²,

Hamad³

et al.

View full text Add to dashboard Cite

Modern Implantable Medical Devices (IMDs) are low-power embedded systems with life-critical functionalities. Almost all of these devices are equipped with wireless- communication capabilities in order to aid in diagnosis, in updating the functional settings and firmware and so on, without any surgical procedure to perform these tasks manually. There is, thus, a rising trend towards increased connectivity of these devices. The down- side of this trend is, however, a proportional increase in the attack surface that can be exploited by a malicious entity. In effect, threat modeling of IMDs becomes ever more important. This is reflected by an increase in the number of vulnerabilities being found consistently in the IMDs available in market. This paper proposes a threat-modeling analysis based on attack trees to evaluate the security of these devices. As an example, three recent lightweight IMD security protocols from literature are analyzed using this approach to demonstrate its effectiveness in suggesting security improvements.

show abstract

Towards realistic battery-DoS protection of implantable medical devices

Siddiqi

Strydis

2019

View full text Add to dashboard Cite

Modern Implantable Medical Devices (IMDs) feature wireless connectivity, which makes them vulnerable to security attacks. Particular to IMDs is the battery Denial-of-Service attack whereby attackers aim to fully deplete the battery by occupying the IMD with continuous authentication requests. Zero-Power Defense (ZPD) based on energy harvesting is known to be an excellent protection against these attacks. This paper establishes essential design specifications for employing ZPD techniques in IMDs, offers a critical review of ZPD techniques found in literature and, subsequently, gives crucial recommendations for developing comprehensive ZPD solutions. CCS CONCEPTS• Security and privacy → Embedded systems security; Hardware security implementation; Denial-of-service attacks. KEYWORDSImplantable medical device, IMD, energy harvesting, wireless power transfer, zero-power defense, authentication protocol, denial-ofservice attack, battery DoS ACM Reference Format:

show abstract

IMDfence: Architecting a Secure Protocol for Implantable Medical Devices

2020

View full text Add to dashboard Cite

Over the past decade, focus on the security and privacy aspects of implantable medical devices (IMDs) has intensified, driven by the multitude of cybersecurity vulnerabilities found in various existing devices. However, due to their strict computational, energy and physical constraints, conventional security protocols are not directly applicable to IMDs. Custom-tailored schemes have been proposed instead which, however, fail to cover the full spectrum of security features that modern IMDs and their ecosystems so critically require. In this paper we propose IMDfence, a security protocol for IMD ecosystems that provides a comprehensive yet practical security portfolio, which includes availability, non-repudiation, access control, entity authentication, remote monitoring and system scalability. The protocol also allows emergency access that results in the graceful degradation of offered services without compromising security and patient safety. The performance of the security protocol as well as its feasibility and impact on modern IMDs are extensively analyzed and evaluated. We find that IMDfence achieves the above security requirements at a mere less than 7% increase in total IMD energy consumption, and less than 14 ms and 9 kB increase in system delay and memory footprint, respectively.

show abstract

Zero-Power Defense Done Right: Shielding IMDs from Battery-Depletion Attacks

Siddiqi

Serdijn

Strydis

2020

J Sign Process Syst

View full text Add to dashboard Cite

The wireless capabilities of modern Implantable Medical Devices (IMDs) make them vulnerable to security attacks. One prominent attack, which has disastrous consequences for the patient's wellbeing, is the battery Denial-of-Service attack whereby the IMD is occupied with continuous authentication requests from an adversary with the aim of depleting its battery. Zero-Power Defense (ZPD), based on energy harvesting, is known to be an excellent protection against these attacks. This paper raises essential design considerations for employing ZPD techniques in commercial IMDs, offers a critical review of ZPD techniques found in literature and, subsequently, gives crucial recommendations for developing comprehensive ZPD solutions. Keywords Implantable medical device • IMD • Energy harvesting • Wireless power transfer • Zero-power defense • Authentication protocol • Denial-of-service attack • Battery DoS • Battery-depletion attack This work is an extended version of [49], which was presented at the 16th ACM International Conference on Computing Frontiers. This paper improves the original article by (1) introducing additional design considerations in Section 4, (2) adding nonharvestingbased-ZPD works in Section 5, (3) discussing the impact of electromagnetic-noise attacks on IMDs in Section 6.2, and (4) proposing the novel concept of a standalone ZPD module along with the taxonomy of ZPD implementations in Section 6.

show abstract

Securing Implantable Medical Devices Using Ultrasound Waves

et al. 2021

View full text Add to dashboard Cite

Modern Implantable Medical Devices (IMDs) are vulnerable to security attacks because of their wireless connectivity to the outside world. One of the main security challenges is establishing trust between the IMD and an external reader/programmer in order to facilitate secure communication. Numerous device-pairing schemes have been proposed to address this specific challenge. However, they alone cannot protect against a battery-depletion attack in which the adversary is able to keep the IMD occupied with continuous authentication requests until the battery empties. As a result, energy harvesting has been employed as an ancillary mechanism for implementing Zero-Power Defense (ZPD) functionality in order to protect against such a low-cost attack. In this paper, we propose SecureEcho, a device-pairing scheme based on MHz-range ultrasound that establishes trust between the IMD and an external reader. In addition, SecureEcho achieves ZPD without requiring any energy harvesting, which significantly reduces the design complexity. We also provide a proof-of-concept implementation and a first ever security evaluation of the ultrasound channel, which proves that it is infeasible for the attacker to eavesdrop or insert messages even from a range of a few millimeters.INDEX TERMS Authentication protocol, battery-depletion attack, body-coupled communication, denialof-service attack, IMD, implantable medical device, ultrasound, zero-power defense This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.