Thomas S. Heydt-Benjamin scite author profile

Abstract-Our study analyzes the security and privacy properties of an implantable cardioverter defibrillator (ICD). Introduced to the U.S. market in 2003, this model of ICD includes pacemaker technology and is designed to communicate wirelessly with a nearby external programmer in the 175 kHz frequency range. After partially reverse-engineering the ICD's communications protocol with an oscilloscope and a software radio, we implemented several software radio-based attacks that could compromise patient safety and patient privacy. Motivated by our desire to improve patient safety, and mindful of conventional trade-offs between security and power consumption for resourceconstrained devices, we introduce three new zero-power defenses based on RF power harvesting. Two of these defenses are humancentric, bringing patients into the loop with respect to the security and privacy of their implantable medical devices (IMDs). Our contributions provide a scientific baseline for understanding the potential security and privacy risks of current and future IMDs, and introduce human-perceptible and zero-power mitigation techniques that address those risks. To the best of our knowledge, this paper is the first in our community to use general-purpose software radios to analyze and attack previously unknown radio communications protocols.

show abstract

Security and Privacy for Implantable Medical Devices

Halperin

Kohno

Heydt-Benjamin

et al. 2008

IEEE Pervasive Comput.

366

207

View full text Add to dashboard Cite

Proximity-based access control for implantable medical devices

et al. 2009

View full text Add to dashboard Cite

We propose a proximity-based access control scheme for implantable medical devices (IMDs). Our scheme is based on ultrasonic distancebounding and enables an implanted medical device to grant access to its resources only to those devices that are in its close proximity. We demonstrate the feasibility of our approach through tests in an emulated patient environment. We show that, although implanted, IMDs can successfully verify the proximity of other devices with high accuracy. We propose a set of protocols that support our scheme, analyze their security in detail and discuss possible extensions. We make new observations about the security of implementations of ultrasonic distance-bounding protocols. Finally, we discuss the integration of our scheme with existing IMD devices and with their existing security measures.

show abstract

Privacy for Public Transportation

Heydt-Benjamin

Chae

Defend

et al. 2006

View full text Add to dashboard Cite

Vulnerabilities in First-Generation RFID-enabled Credit Cards

Heydt-Benjamin

Bailey²,

et al. 2007

View full text Add to dashboard Cite

Abstract. RFID-enabled credit cards are widely deployed in the United States and other countries, but no public study has thoroughly analyzed the mechanisms that provide both security and privacy. Using samples from a variety of RFID-enabled credit cards, our study observes that (1) the cardholder's name and often credit card number and expiration are leaked in plaintext to unauthenticated readers, (2) our homemade device costing around $150 effectively clones one type of skimmed cards thus providing a proof-of-concept implementation for the RF replay attack, (3) information revealed by the RFID transmission cross contaminates the security of RFID and non-RFID payment contexts, and (4) RFIDenabled credit cards are susceptible in various degrees to a range of other traditional RFID attacks such as skimming and relaying.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.