Synthesizing stealthy reprogramming attacks on cardiac devices

Paoletti, Nicola; Jiang, Zhihao; Islam, Ariful; Abbas, Houssam; Mangharam, Rahul; Lin, Shan; Gruber, Zachary; Smolka, Scott A.

doi:10.1145/3302509.3311044

Cited by 9 publications

(11 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The adopted method is for detection of an anomaly for processing correlation variable for detection of cyber-attack with CSTR model. In [23] evaluated the control system for measuring data for cyber-attack for control signal commanded for spoofing attack. The closed-loop system provides spoofing attacks for testbed with the implementation process.…”

Section: Related Workmentioning

confidence: 99%

Lightweight Cyber Security for Decision Support in Information Security Risk Assessment

Rahmani¹,

Rana²,

Hossan³

et al. 2022

EJECE

View full text Add to dashboard Cite

Cyber-Security in the Internet of Things (IoT) is a major concern for information exploitation which hinder the growth of information system. To address security levels and issues, security risk assessment is considered an effective tool for system security, products, process, and readiness. Effective system vulnerabilities guidance is involved in the prioritization of security risk assessment. At present, the differential equation provides a significant tool for risk assessment. However, for second-order derivatives, the error rate is higher which impacts on overall risk assessment model. To overcome those limitations, this paper presented Decision Support Light Weight Risk Assessment Model (DSLiRAM). The proposed DSLiRAM is the domain-specific framework for security assessment. The proposed DSLiRAM is adopted in four stages for the specification of practices applied for cybersecurity and organizational characteristics. The proposed DSLiRAM includes a fuzzy differential equation with a second-order derivative. To minimize error rate Taylor series expansion is integrated with Fredholm for risk assessment. The proposed DSLiRAM is examined in three scenarios, RT server, BPCS, and HMI. Analysis of results stated that the proposed DSLiRAM significantly predicts risk and prevents the attack.

show abstract

Section: Related Workmentioning

confidence: 99%

Lightweight Cyber Security for Decision Support in Information Security Risk Assessment

Rahmani¹,

Rana²,

Hossan³

et al. 2022

EJECE

View full text Add to dashboard Cite

show abstract

“…Adversarial attacks in health informatics can also cause serious damages, even deaths. For example, adversarial attacks to the machine learning algorithms in implantable cardioverter defibrillators could lead to unnecessary painful shocks, damaging the cardiac tissue, and even worse therapy interruptions and sudden cardiac death [62].…”

Section: B Adversarial Attacks In Health Informaticsmentioning

confidence: 99%

“…13, and the corresponding defense strategies. For example, Paoletti et al [62] performed parameter tampering attacks on Boston Scientific implantable cardioverter defibrillators, which use a discrimination tree to detect tachycardia episodes and then initiate the appropriate therapy. They slightly modified the parameters of the discrimination tree to achieve both attack effectiveness and stealthiness.…”

Section: Conclusion and Future Researchmentioning

confidence: 99%

Adversarial Attacks and Defenses in Physiological Computing: A Systematic Review

Wu¹,

Fu²,

Zhang³

et al. 2021

Preprint

View full text Add to dashboard Cite

Physiological computing uses human physiological data as system inputs in real time. It includes, or significantly overlaps with, brain-computer interfaces, affective computing, adaptive automation, health informatics, and physiological signal based biometrics. Physiological computing increases the communication bandwidth from the user to the computer, but is also subject to various types of adversarial attacks, in which the attacker deliberately manipulates the training and/or test examples to hijack the machine learning algorithm output, leading to possibly user confusion, frustration, injury, or even death. However, the vulnerability of physiological computing systems has not been paid enough attention to, and there does not exist a comprehensive review on adversarial attacks to it. This paper fills this gap, by providing a systematic review on the main research areas of physiological computing, different types of adversarial attacks and their applications to physiological computing, and the corresponding defense strategies. We hope this review will attract more research interests on the vulnerability of physiological computing systems, and more importantly, defense strategies to make them more secure.

show abstract

“…), and user activities as a result of the unencrypted communication between the device and app. Palotti et al presented a formal approach to perform an effective and stealthy reprogramming attacks on ICDs [117]. Researchers focused on the ICD software that implements discrimination algorithm along with multiple discrimination criteria (discriminators) for the detection and classification of arrhythmia episodes based on the analysis of intracardiac signals features.…”

Section: Attacks Via Communication Channelmentioning

confidence: 99%

A Survey on Security and Privacy Issues in Modern Healthcare Systems: Attacks and Defenses

Newaz,

Sikder,

Rahman

et al. 2020

Preprint

View full text Add to dashboard Cite

The recent advancements in computing systems and wireless communications have made healthcare systems more efficient than before. Modern healthcare devices can monitor and manage different health conditions of the patients automatically without any manual intervention from the medical professionals. Additionally, the use of implantable medical devices (IMDs), body area networks (BANs), and Internet of Things (IoT) technologies in healthcare systems improve the overall patient monitoring and treatment process. However, these systems are complex in software and hardware, and optimizing between security, privacy, and treatment is crucial for healthcare systems as any security or privacy violation can lead to severe effects on patients' treatments and overall health conditions. Indeed, the healthcare domain is increasingly facing security challenges and threats due to numerous design flaws and the lack of proper security measures in healthcare devices and applications. In this paper, we explore various security and privacy threats to healthcare systems and discuss the consequences of these threats. We present a detailed survey of different potential attacks and discuss their impacts. Furthermore, we review the existing security measures proposed for healthcare systems and discuss their limitations. Finally, we conclude the paper with future research directions toward securing healthcare systems against common vulnerabilities. CCS Concepts: • General and reference → Surveys and overviews; • Security and privacy → Systems security; • Applied computing → Health care information systems.

show abstract

Synthesizing stealthy reprogramming attacks on cardiac devices

Cited by 9 publications

References 21 publications

Lightweight Cyber Security for Decision Support in Information Security Risk Assessment

Lightweight Cyber Security for Decision Support in Information Security Risk Assessment

Adversarial Attacks and Defenses in Physiological Computing: A Systematic Review

A Survey on Security and Privacy Issues in Modern Healthcare Systems: Attacks and Defenses

Contact Info

Product

Resources

About