Attack-tree-based Threat Modeling of Medical Implants

Siddiqi, Muhammad Ali; Seepers, Robert M.; Hamad, Mohammad; Prevelakis, Vassilis; Strydis, Christos

doi:10.29007/8gxh

Cited by 15 publications

(20 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ZPD schemes primarily address Availability from the CIANA security services [37]: Confidentiality, Integrity, Authentication, Nonrepudiation and Availability. Ensuring the first four services can have an indirect impact on Availability.…”

Section: Fundamental Security Servicesmentioning

confidence: 99%

“…Any ZPD scheme shall ensure that only the entity in close proximity to the patient for a prolonged period of time is allowed to access the IMD. This touch-to-access principle assumes that it is infeasible for the attacker to get in close proximity since the patient would reject physical contact with untrusted entities [34,37].…”

Section: Conformity To Touch-to-access Principlementioning

confidence: 99%

“…The typical operational lifetime of these battery-powered devices is around a decade or so while implanted in the patient's body. Almost all of these devices are equipped with wireless connectivity via a transceiver in order to support and complement their treatment capabilities [37]. They can communicate with an external reader (see Figure 1) for e.g.…”

Section: Introductionmentioning

confidence: 99%

“…Consequently, the IMD will run part of an energy-consuming authentication protocol for analyzing every request, which will drain the battery. As indicated in the IMD-threat-modeling analysis in [37], battery DoS is one of the easiest to mount and highly effective attacks. This is also backed by the majority of the IMD-specificethical-hacking efforts in which the batteries of commercial IMDs were depleted using black-box approaches [12,25].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Towards realistic battery-DoS protection of implantable medical devices

Siddiqi

Strydis

2019

Proceedings of the 16th ACM International Conference on Computing Frontiers

Self Cite

View full text Add to dashboard Cite

Modern Implantable Medical Devices (IMDs) feature wireless connectivity, which makes them vulnerable to security attacks. Particular to IMDs is the battery Denial-of-Service attack whereby attackers aim to fully deplete the battery by occupying the IMD with continuous authentication requests. Zero-Power Defense (ZPD) based on energy harvesting is known to be an excellent protection against these attacks. This paper establishes essential design specifications for employing ZPD techniques in IMDs, offers a critical review of ZPD techniques found in literature and, subsequently, gives crucial recommendations for developing comprehensive ZPD solutions. CCS CONCEPTS• Security and privacy → Embedded systems security; Hardware security implementation; Denial-of-service attacks. KEYWORDSImplantable medical device, IMD, energy harvesting, wireless power transfer, zero-power defense, authentication protocol, denial-ofservice attack, battery DoS ACM Reference Format:

show abstract

Section: Fundamental Security Servicesmentioning

confidence: 99%

Section: Conformity To Touch-to-access Principlementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Towards realistic battery-DoS protection of implantable medical devices

Siddiqi

Strydis

2019

Proceedings of the 16th ACM International Conference on Computing Frontiers

Self Cite

View full text Add to dashboard Cite

show abstract

“…One such attack is the battery-depletion (or battery-DoS) attack where the attacker can force the IMD to continuously run an energy-consuming operation, which ultimately results in power loss and IMD shutdown. As indicated in an exhaustive IMD-threat-modeling analysis in [47], battery DoS is one of the easiest to mount and highly effective attacks. This is also backed by the majority of the ethical-hacking efforts in which the batteries of commercial IMDs were depleted using black-box approaches [16,32].…”

Section: Introductionmentioning

confidence: 99%

Zero-Power Defense Done Right: Shielding IMDs from Battery-Depletion Attacks

Siddiqi

Serdijn

Strydis

2020

J Sign Process Syst

Self Cite

View full text Add to dashboard Cite

The wireless capabilities of modern Implantable Medical Devices (IMDs) make them vulnerable to security attacks. One prominent attack, which has disastrous consequences for the patient's wellbeing, is the battery Denial-of-Service attack whereby the IMD is occupied with continuous authentication requests from an adversary with the aim of depleting its battery. Zero-Power Defense (ZPD), based on energy harvesting, is known to be an excellent protection against these attacks. This paper raises essential design considerations for employing ZPD techniques in commercial IMDs, offers a critical review of ZPD techniques found in literature and, subsequently, gives crucial recommendations for developing comprehensive ZPD solutions. Keywords Implantable medical device • IMD • Energy harvesting • Wireless power transfer • Zero-power defense • Authentication protocol • Denial-of-service attack • Battery DoS • Battery-depletion attack This work is an extended version of [49], which was presented at the 16th ACM International Conference on Computing Frontiers. This paper improves the original article by (1) introducing additional design considerations in Section 4, (2) adding nonharvestingbased-ZPD works in Section 5, (3) discussing the impact of electromagnetic-noise attacks on IMDs in Section 6.2, and (4) proposing the novel concept of a standalone ZPD module along with the taxonomy of ZPD implementations in Section 6.

show abstract

Security and Privacy for Implantable Medical Devices

Burleson¹,

Carrara²

2014

View full text Add to dashboard Cite

Attack-tree-based Threat Modeling of Medical Implants

Cited by 15 publications

References 16 publications

Towards realistic battery-DoS protection of implantable medical devices

Towards realistic battery-DoS protection of implantable medical devices

Zero-Power Defense Done Right: Shielding IMDs from Battery-Depletion Attacks

Security and Privacy for Implantable Medical Devices

Contact Info

Product

Resources

About