Abstract
Remote healthcare systems help doctors diagnose, monitor and treat chronic diseases by collecting data from Implantable Medical Devices (IMDs) through base stations that are often located in the patients’ house. In the future, these systems may also support bidirectional communication, allowing remote reprogramming of IMDs. As sensitive medical data and commands to modify the IMD’s settings will be sent wirelessly, strong security and privacy mechanisms must be deployed.
In this paper, we propose a user-friendly protocol that is used to establish a secure end-to-end channel between the IMD and the hospital while preserving the patient’s privacy. The protocol can be used by patients (at home) to send medical data to the hospital or by doctors to remotely reprogram their patients’ IMD. We also propose a key establishment protocol between the IMD and the base station based on a patient’s physiological signal in combination with fuzzy extractors. Through security analysis, we show that our protocol resists various attacks and protects patients’ privacy.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
In an emergency situation doctors have other means (e.g. necklace-based emergency systems) to know the patient’s location.
References
RFC3610: Counter with CBC-MAC (CCM). https://tools.ietf.org/html/rfc3610
Federal Communications Commission. MICS Medical Implant Communication Services, FCC 47CFR95.601-95.673 Subpart E/I Rules for MedRadio Services
Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)
Castelluccia, C., Mutaf, P.: Shake them up!: a movement-based pairing protocol for cpu-constrained devices. In: Proceedings of the 3rd International Conference on Mobile Systems, Applications, and Services, NY, USA, pp. 51–64 (2005)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)
Gehrmann, C., Mitchell, C.J., Nyberg, K.: Manual authentication for wireless devices. RSA Cryptobytes 7(1), 29–37 (2004)
Halperin, D., Heydt-Benjamin, T.S., Ransford, B., Clark, S.S., Defend, B., Morgan, W., Fu, K., Kohno, T., Maisel, W.H.: Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defenses. In: Proceedings of the 29th Annual IEEE Symposium on Security and Privacy, pp. 129–142, May 2008
Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm. Int. J. Inf. Secur. 1(1), 36–63 (2014)
Ko, J., Lim, J.H., Chen, Y., Musvaloiu-E, R., Terzis, A., Masson, G.M., Gao, T., Destler, W., Selavo, L., Dutton, R.P.: Medisn: medical emergency detection in sensor networks. ACM Trans. Embed. Comp. Syst. 10(1), 11:1–11:29 (2010)
Malan, D., Thaddeus, F.J., Welsh, M., Moulton, S.: CodeBlue: an ad hoc sensor network infrastructure for emergency medical care. In MobiSys Workshop on Applications of Mobile Embedded Systems, pp. 12–14. ACM (2004)
Marin, E., Singelée, D., Yang, B., Verbauwhede, I., Preneel, B.: On the feasibility of cryptography for a wireless insulin pump system. In: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, CODASPY 2016, pp. 113–120. ACM, New York (2016)
Ng, J.W.P., Lo, B.P.L., Wells, O., Sloman, M., Peters, N., Darzi, A., Toumazou, C., Yang, G.Z.: Ubiquitous monitoring environment for wearable and implantable sensors. In: UbiComp - 6th International Conference on Ubiquitous Computing (2004)
Ortiz, A., Munilla, J., Peinado, A.: Secure wireless data link for low-cost telemetry and telecommand applications. In: Electrotechnical Conference. MELECON. IEEE Mediterranean, pp. 828–831. IEEE (2006)
Perrig, A., Szewczyk, R., Tygar, J.D., Wen, V., Culler, D.E.: SPINS: security protocols for sensor networks. Wirel. Netw. 8(5), 521–534 (2002)
Rostami, M., Juels, A., Koushanfar, F.: Heart-to-heart (H2H): authentication for implanted medical devices. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, CCS, NY, USA, pp. 1099–1112 (2013)
Sampigethaya, K., Poovendran, R.: A survey on mix networks and their secure applications. Proc. IEEE 94(12), 2142–2181 (2006)
Savci, H., Sula, A., Wang, Z., Dogan, N., Arvas, E.: MICS transceivers: regulatory standards and applications. In: Proceedings of IEEE SoutheastCon, April 2005
Stajano, F., Anderson, R.J.: The resurrecting duckling: security issues for ad-hoc wireless networks. In: Proceedings of the 7th International Workshop on Security Protocols, London, UK, pp. 172–194 (2000)
Xu, F., Qin, Z., Tan, C.C., Wang, B., Li, Q.: IMDGuard: securing implantable medical devices with the external wearable guardian. In: Proceedings of INFOCOM, pp. 1862–1870, April 2011
Acknowledgments
The authors would like to thank George Petrides and the anonymous reviewers for their helpful comments. This work was partially supported by KIC InnoEnergy SE via KIC innovation project SAGA, and the Research Council KU Leuven: C16/15/058.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Marin, E., Mustafa, M.A., Singelée, D., Preneel, B. (2016). A Privacy-Preserving Remote Healthcare System Offering End-to-End Security. In: Mitton, N., Loscri, V., Mouradian, A. (eds) Ad-hoc, Mobile, and Wireless Networks. ADHOC-NOW 2016. Lecture Notes in Computer Science(), vol 9724. Springer, Cham. https://doi.org/10.1007/978-3-319-40509-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-40509-4_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-40508-7
Online ISBN: 978-3-319-40509-4
eBook Packages: Computer ScienceComputer Science (R0)