Abstract
The computer security community has recently begun research on the security and privacy issues associated with implantable medical devices and identified both existing flaws and new techniques to improve future devices. This paper surveys some of the recent work from the security community and highlights three of the major factors affecting security and privacy solutions for implantable medical devices: fundamental tensions, software risks, and human factors. We also present two challenges from the security community with which the biomedical community may be able to help: access to medical devices and methods for in vitro experimentation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Open Medical Device Research Library, http://www.omdrl.org/
Bliznakov, Z., Mitalas, G., Pallikarakis, N.: Analysis and Classification of Medical Device Recalls. World Congress on Medical Physics and Biomedical Engineering (2006)
Broad, W.J., Markoff, J., Sanger, D.E.: Israeli Test on Worm Called Crucial in Iran Nuclear Delay (2011), http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html
Denning, T., Borning, A., Friedman, B., Gill, B.T., Kohno, T., Maisel, W.H.: Patients, Pacemakers, and Implantable Defibrillators: Human Values and Security for Wireless Implantable Medical Devices. In: International Conference on Human Factors in Computing Systems (2010)
Denning, T., Fu, K., Kohno, T.: Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security. In: USENIX Workshop on Hot Topics in Security (2008)
Fu, K.: Inside Risks, Reducing the Risks of Implantable Medical Devices: A Prescription to Improve Security and Privacy of Pervasive Health Care. Communications of the ACM 52(6), 25–27 (2009)
Fu, K.: Software Issues for the Medical Device Approval Process. Statement to the Special Committee on Aging, United States Senate, Hearing on a Delicate Balance: FDA and the Reform of the Medical Device Approval Process (2011)
Fu, K.: Trustworthy Medical Device Software. Public Health Effectiveness of the FDA 510(k) Clearance Process: Measuring Postmarket Performance and Other Select Topics, Workshop Report (2011)
Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D., Fu, K.: They Can Hear Your Heartbeats: Non-Invasive Security for Implanted Medical Devices. ACM SIGCOMM (2011)
Halperin, D., Heydt-Benjamin, T.S., Fu, K., Kohno, T., Maisel, W.H.: Security and Privacy for Implantable Medical Devices. IEEE Pervasive Computing 7, 30–39 (2008)
Halperin, D., Heydt-Benjamin, T.S., Ransford, B., Clark, S.S., Defend, B., Morgan, W., Fu, K., Kohno, T., Maisel, W.H.: Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses. In: IEEE Symposium on Security and Privacy (2008)
Hanna, S., Rolles, R., Molina-Markham, A., Fu, K., Song, D.: Take Two Software Updates and See Me in the Morning: The Case for Software Security Evaluations of Medical Devices. In: USENIX Workshop on Health Security and Privacy (2011)
Israel, C.W., Barold, S.S.: Pacemaker Systems as Implantable Cardiac Rhythm Monitors. American Journal of Cardiology (2001)
Lee, S., Fu, K., Kohno, T., Ransford, B., Maisel, W.H.: Clinically Significant Magnetic Interference of Implanted Cardiac Devices by Portable Headphones. Heart Rhythm Journal 6(10), 1432–1436 (2009)
Leveson, N.G., Turner, C.S.: An Investigation of the Therac-25 Accidents. Computer 26(7), 18–41 (1993)
Leveson, N.G.: Safeware: System Safety and Computers. Addison-Wesley (1995)
Li, C., Raghunathan, A., Jha, N.K.: Hijacking an Insulin Pump: Security Attacks and Defenses for a Diabetes Therapy System. In: IEEE International Conference on e-Health Networking, Applications and Services (2011)
Networking and Information Technology Research and Development Program: High-Confidence Medical Devices: Cyber-Physical Systems for 21st Century Health Care (2009)
Paul, N., Klonoff, D.C.: Insulin Pump System Security and Privacy. In: USENIX Workshop on Health Security and Privacy (2010)
Rasmussen, K.B., Castelluccia, C., Heydt-Benjamin, T.S., Capkun, S.: Proximity-Based Access Control for Implantable Medical Devices. In: ACM Conference on Computer and Communications Security (2009)
Schechter, S.: Security that is Meant to be Skin Deep: Using Ultraviolet Micropigmentation to Store Emergency-Access Keys for Implantable Medical Devices. In: USENIX Workshop on Health Security and Privacy (2010)
Seidman, S.J., Ruggera, P.S., Brockman, R.G., Lewis, B., Shein, M.J.: Electromagnetic Compatibility of Pacemakers and Implantable Cardiac Defibrillators Exposed to RFID Readers. International Journal on Radio Frequency Identification Technology and Applications (2007)
Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N., Cranor, L.F.: Crying Wolf: An Empirical Study of SSL Warning Effectiveness. In: USENIX Security Symposium (2009)
The Stuxnet Worm, http://www.symantec.com/business/outbreak/index.jsp?id=stuxnet/
Wallace, D., Kuhn, D.: Failure Modes in Medical Device Software: An Analysis of 15 Years of Recall Data. International Journal of Reliability Quality and Safety Engineering (2001)
Whitten, A., Tygar, J.: Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0. In: USENIX Security Symposium (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Clark, S.S., Fu, K. (2012). Recent Results in Computer Security for Medical Devices. In: Nikita, K.S., Lin, J.C., Fotiadis, D.I., Arredondo Waldmeyer, MT. (eds) Wireless Mobile Communication and Healthcare. MobiHealth 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 83. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29734-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-29734-2_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29733-5
Online ISBN: 978-3-642-29734-2
eBook Packages: Computer ScienceComputer Science (R0)