Towards realistic battery-DoS protection of implantable medical devices

Siddiqi, Muhammad Ali; Strydis, Christos

doi:10.1145/3310273.3321555

Cited by 12 publications

(14 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…11. For such a low harvestedenergy requirement (E auth ), it has been demonstrated before in [49] that real-time performance is possible in the IMD with or without hardware acceleration. Total IMD energy consumption per type of activity is also shown Fig.…”

Section: B Availability -Dos Protectionmentioning

confidence: 99%

“…Neurostimulators typically consume more power than cardiac devices [53] and, therefore, often come with rechargeable batteries which would pose no challenge for IMDfence. Cardiac implants, on the other hand, are not rechargeable due to their critical nature [49], and represent more pessimistic devices to assess IMDfence against. Thus, for our evaluation here, we consider a communication session between a pacemaker and a commercial bedside reader (Merlin@home TM ) [22].…”

Section: Imd Lifetimementioning

confidence: 99%

“…et al: IMDfence: Architecting a Secure Protocol for Implantable Medical Devices energy consumption = 108.3 μJ. 59.6 μJ required for auth., i.e., steps 1-4 and 48.7 μJ for steps 5IMD energy consumption and performance per IMDfence-protocol step while using hardware-accelerated security primitives (I) Computational costs: Similarly to[49]…”

mentioning

confidence: 99%

See 2 more Smart Citations

IMDfence: Architecting a Secure Protocol for Implantable Medical Devices

2020

Self Cite

View full text Add to dashboard Cite

Over the past decade, focus on the security and privacy aspects of implantable medical devices (IMDs) has intensified, driven by the multitude of cybersecurity vulnerabilities found in various existing devices. However, due to their strict computational, energy and physical constraints, conventional security protocols are not directly applicable to IMDs. Custom-tailored schemes have been proposed instead which, however, fail to cover the full spectrum of security features that modern IMDs and their ecosystems so critically require. In this paper we propose IMDfence, a security protocol for IMD ecosystems that provides a comprehensive yet practical security portfolio, which includes availability, non-repudiation, access control, entity authentication, remote monitoring and system scalability. The protocol also allows emergency access that results in the graceful degradation of offered services without compromising security and patient safety. The performance of the security protocol as well as its feasibility and impact on modern IMDs are extensively analyzed and evaluated. We find that IMDfence achieves the above security requirements at a mere less than 7% increase in total IMD energy consumption, and less than 14 ms and 9 kB increase in system delay and memory footprint, respectively.

show abstract

Section: B Availability -Dos Protectionmentioning

confidence: 99%

Section: Imd Lifetimementioning

confidence: 99%

See 1 more Smart Citation

IMDfence: Architecting a Secure Protocol for Implantable Medical Devices

2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…Even though the messages are bogus, the IMD has to spend some energy to process or authenticate each request message. With a significantly large number of such requests, the attacker can successfully drain the battery and thus force device shutdown [6].…”

Section: Introductionmentioning

confidence: 99%

“…Traditionally, energy harvesting 1 has been employed to FIGURE 2. A generic RF energy harvesting system [6] protect against such attacks. In such a strategy, which is a socalled zero-power defense (ZPD) mechanism, the IMD first harvests energy from wireless messages received from the external entity and then performs the authentication operation using this free energy.…”

Section: Introductionmentioning

confidence: 99%

Securing Implantable Medical Devices Using Ultrasound Waves

et al. 2021

Self Cite

View full text Add to dashboard Cite

Modern Implantable Medical Devices (IMDs) are vulnerable to security attacks because of their wireless connectivity to the outside world. One of the main security challenges is establishing trust between the IMD and an external reader/programmer in order to facilitate secure communication. Numerous device-pairing schemes have been proposed to address this specific challenge. However, they alone cannot protect against a battery-depletion attack in which the adversary is able to keep the IMD occupied with continuous authentication requests until the battery empties. As a result, energy harvesting has been employed as an ancillary mechanism for implementing Zero-Power Defense (ZPD) functionality in order to protect against such a low-cost attack. In this paper, we propose SecureEcho, a device-pairing scheme based on MHz-range ultrasound that establishes trust between the IMD and an external reader. In addition, SecureEcho achieves ZPD without requiring any energy harvesting, which significantly reduces the design complexity. We also provide a proof-of-concept implementation and a first ever security evaluation of the ultrasound channel, which proves that it is infeasible for the attacker to eavesdrop or insert messages even from a range of a few millimeters.INDEX TERMS Authentication protocol, battery-depletion attack, body-coupled communication, denialof-service attack, IMD, implantable medical device, ultrasound, zero-power defense This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.

show abstract

Zero-Power Defense Done Right: Shielding IMDs from Battery-Depletion Attacks

Siddiqi

Serdijn

Strydis

2020

J Sign Process Syst

Self Cite

View full text Add to dashboard Cite

The wireless capabilities of modern Implantable Medical Devices (IMDs) make them vulnerable to security attacks. One prominent attack, which has disastrous consequences for the patient's wellbeing, is the battery Denial-of-Service attack whereby the IMD is occupied with continuous authentication requests from an adversary with the aim of depleting its battery. Zero-Power Defense (ZPD), based on energy harvesting, is known to be an excellent protection against these attacks. This paper raises essential design considerations for employing ZPD techniques in commercial IMDs, offers a critical review of ZPD techniques found in literature and, subsequently, gives crucial recommendations for developing comprehensive ZPD solutions. Keywords Implantable medical device • IMD • Energy harvesting • Wireless power transfer • Zero-power defense • Authentication protocol • Denial-of-service attack • Battery DoS • Battery-depletion attack This work is an extended version of [49], which was presented at the 16th ACM International Conference on Computing Frontiers. This paper improves the original article by (1) introducing additional design considerations in Section 4, (2) adding nonharvestingbased-ZPD works in Section 5, (3) discussing the impact of electromagnetic-noise attacks on IMDs in Section 6.2, and (4) proposing the novel concept of a standalone ZPD module along with the taxonomy of ZPD implementations in Section 6.

show abstract

Towards realistic battery-DoS protection of implantable medical devices

Cited by 12 publications

References 24 publications

IMDfence: Architecting a Secure Protocol for Implantable Medical Devices

IMDfence: Architecting a Secure Protocol for Implantable Medical Devices

Securing Implantable Medical Devices Using Ultrasound Waves

Zero-Power Defense Done Right: Shielding IMDs from Battery-Depletion Attacks

Contact Info

Product

Resources

About