Security challenges for medical devices

Sametinger, Johannes; Rozenblit, Jerzy W.; Lysecky, Roman; Ott, Peter

doi:10.1145/2667218

Cited by 130 publications

(61 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To evaluate the CDF-based anomaly detection method, we consider three mimicry malware based on known malware (albeit from different applications) [15] [16]. The File Manipulation malware breaks confidentiality and integrity by intruding into the file system and performing reads/writes on a target file.…”

Section: The Detection Methods Considers Individual Execution Pathsmentioning

confidence: 99%

Hardware-Based Probabilistic Threat Detection and Estimation for Embedded Systems

Carreón

Lysecky

2018

2018 IEEE 36th International Conference on Computer Design (ICCD)

Self Cite

View full text Add to dashboard Cite

With billions of networked connected embedded systems, the security historically provided by the isolation of embedded systems is no longer sufficient. Both proactive security measures that prevent intrusions and reactive measures that detect intrusions are essential. Anomaly-based detection is a common reactive approach employed to detect malware that has evaded proactive defenses by observing anomalous deviations in the system execution. Timing-based anomaly detection detects malware by monitoring the system's internal timing, which offers unique protection against mimicry malware compared to sequence-based anomaly detection. However, previous timing-based anomaly detection methods focus on each operation independently at the granularity of tasks, function calls, system calls, or basic blocks. These approaches neither consider the entire software execution path nor provide a quantitative estimate of the presence of malware. This paper presents a novel model for specifying the normal timing for execution paths in software applications using cumulative distribution functions of timing data in sliding execution windows. We present a probabilistic formulation for estimating the presence of malware for individual operations and sequences of operations within the paths, and we define thresholds to minimize false positives based on training data. Experimental results with a smart connected pacemaker and three sophisticated mimicry malware demonstrate improved performance and accuracy compared to state-of-the-art timing-based malware detection.

show abstract

Section: The Detection Methods Considers Individual Execution Pathsmentioning

confidence: 99%

Hardware-Based Probabilistic Threat Detection and Estimation for Embedded Systems

Carreón

Lysecky

2018

2018 IEEE 36th International Conference on Computer Design (ICCD)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Although much consideration goes into the operational frequency and power supply choices, data security is often overlooked. Implantable medical devices commonly use existing wireless protocols for data transfer, bluetooth, MSK, FSK, OOK, etc, which are unencrypted and can be viewed with standard electrical equipment [155]. This may not be a large concern for animal testing, not withstanding safety pharmacology studies, however, this poses a large security and privacy issue for human implantable devices.…”

Section: Implant Design Challenges and Concernsmentioning

confidence: 99%

“…Furthermore, it is not only the data collection se-curity issue, but the base station to implant data can also be intercepted and compromised. It is common for pacemakers, drug delivery devices, insulin pumps, and other implantable devices to receive external commands, thus the possibility of an external attack, for example cause a electric shock from a pacemaker [155]. Currently, the limited power and range of implantable devices removes much of the the data threat, however, newer longer range devices are prone to attack.…”

Section: Implant Design Challenges and Concernsmentioning

confidence: 99%

“…Currently, the limited power and range of implantable devices removes much of the the data threat, however, newer longer range devices are prone to attack. Encryption is not commonly used on implantable devices due its complexity, power consumption, and slower data rate [155], however, recently memristors have shown promise to be used in implantable encryption schemes [156,157]. Implant designers must be aware of all data security and privacy concerns when designing medical devices.…”

Section: Implant Design Challenges and Concernsmentioning

confidence: 99%

See 1 more Smart Citation

Miniature implantable telemetry system for pressure-volume cardiac monitoring

Fricke

Sobot

2013

2013 IEEE Biomedical Circuits and Systems Conference (BioCAS)

View full text Add to dashboard Cite

“…While a fair amount has been written about applying security-based design, development and implementation methods to safety-critical IoT systems, such as [2] through [6], there is very little in the literature about how one might go about enforcing such measures. There clearly need to be means by which those responsible for creating and deploying safety-critical IoT systems can be motivated to ensure that their systems meet appropriate security and privacy standards.…”

Section: Introductionmentioning

confidence: 99%

Enforcing security, safety and privacy for the Internet of Things

Axelrod

2015

2015 Long Island Systems, Applications and Technology

View full text Add to dashboard Cite

The connecting of physical units, such as thermostats, medical devices and self-driving vehicles, to the Internet is happening very quickly and will most likely continue to increase exponentially for some time to come. Valid concerns about security, safety and privacy do not appear to be hampering this rapid growth of the so-called Internet of Things (IoT).There have been many popular and technical publications by those in software engineering, cyber security and systems safety describing issues and proposing various "fixes." In simple terms, they address the "why" and the "what" of IoT security, safety and privacy, but not the "how."There are many cultural and economic reasons why security and privacy concerns are relegated to lower priorities. Also, when many systems are interconnected, the overall security, safety and privacy of the resulting systems of systems generally have not been fully considered and addressed. In order to arrive at an effective enforcement regime, we will examine the costs of implementing suitable security, safety and privacy and the economic consequences of failing to do so.We evaluated current business, professional and government structures and practices for achieving better IoT security, safety and privacy, and found them lacking. Consequently, we proposed a structure for ensuring that appropriate security, safety and privacy are built into systems from the outset. Within such a structure, enforcement can be achieved by incentives on one hand and penalties on the other. Determining the structures and rules necessary to optimize the mix of penalties and incentives is a major goal of this paper.

show abstract

Security challenges for medical devices

Abstract: Implantable devices, often dependent on software, save countless lives. But how secure are they?

Cited by 130 publications

References 18 publications

Hardware-Based Probabilistic Threat Detection and Estimation for Embedded Systems

Hardware-Based Probabilistic Threat Detection and Estimation for Embedded Systems

Miniature implantable telemetry system for pressure-volume cardiac monitoring

Enforcing security, safety and privacy for the Internet of Things

Contact Info

Product

Resources

About