pacemakers and implantable cardiac defibrillators
play

Pacemakers and implantable cardiac defibrillators: Software radio - PowerPoint PPT Presentation

Aug 05, 2023 •47 likes •507 views

Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses Ben Ransford ransford@cs.umass.edu U. Washington: UMass Amherst: BIDMC/ D. Halperin T. S. Heydt-Benjamin Harvard: T. Kohno S. Clark B.

  1. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses Ben Ransford ransford@cs.umass.edu U. Washington: UMass Amherst: BIDMC/ D. Halperin T. S. Heydt-Benjamin Harvard: T. Kohno S. Clark B. Defend W. H. Maisel, MD W. Morgan K. Fu http://secure-medicine.org/ Ben Ransford, IEEE Security & Privacy ’08

  2. Neurostimulator Pharmacy on a chip Cardiac Device Prosthetic Drug pump limb Ben Ransford, IEEE Security & Privacy ’08 2 Photos: Medtronic, Hearing Loss Assoc. of WA, St. Jude Medical, Otto Bock

  3. Neurostimulator Pharmacy on a chip Cardiac Device Prosthetic Drug pump limb Ben Ransford, IEEE Security & Privacy ’08 2 Photos: Medtronic, Hearing Loss Assoc. of WA, St. Jude Medical, Otto Bock

  4. Why Care About IMDs? • Common devices • Sophisticated devices with radios • Perform vital functions inside people • Are they secure? Ben Ransford, IEEE Security & Privacy ’08 3

  5. Trends in Cardiac Devices • Complex therapies • Radio interfaces • Monitoring over Internet • Algorithms for problem detection • More storage, better CPU, ... Implantable defibrillator, 2003 Ben Ransford, IEEE Security & Privacy ’08 4

  6. An Implanted Computer ... which is wirelessly reprogrammable ... and contains personal data. 1990–2002: ~2.6 million (US) [JAMA 2006] Ben Ransford, IEEE Security & Privacy ’08 5 Photos: oldcomputers.net, Wikipedia (“Heart”)

  7. Contributions • Study of a real implantable device • Attacks with software radio • Prototype energy harvesting defenses Ben Ransford, IEEE Security & Privacy ’08 6

  8. The Next 20 Minutes 1. How secure is a real device? 2. Why is this non-trivial to get right? 3. Where should we go from here? Ben Ransford, IEEE Security & Privacy ’08 7

  9. Ben Ransford, IEEE Security & Privacy ’08 #1: Analysis of a Real Device http://secure-medicine.org/ 8

  10. We analyzed an ICD. • I mplantable C ardiac D efibrillator • Related to pacemaker • Large shock: resync heart Heart • Monitors heart waveforms Ben Ransford, IEEE Security & Privacy ’08 9

  11. Implantation Scenario 1. Doctor sets patient info 2. Surgically implants 3. Tests defibrillation 4. Ongoing monitoring Ben Ransford, IEEE Security & Privacy ’08 10 Photos: Medtronic; Video: or-live.com

  12. Implantation Scenario 1. Doctor sets patient info 2. Surgically implants 3. Tests defibrillation 4. Ongoing monitoring Device Programmer Ben Ransford, IEEE Security & Privacy ’08 10 Photos: Medtronic; Video: or-live.com

  13. Implantation Scenario 1. Doctor sets patient info 2. Surgically implants 3. Tests defibrillation 4. Ongoing monitoring Ben Ransford, IEEE Security & Privacy ’08 10 Photos: Medtronic; Video: or-live.com

  14. Implantation Scenario 1. Doctor sets patient info 2. Surgically implants 3. Tests defibrillation 4. Ongoing monitoring Home monitor Ben Ransford, IEEE Security & Privacy ’08 10 Photos: Medtronic; Video: or-live.com

  15. Attack #1: Steal Device Programmer • Insider attack • Thief can reverse engineer, modify... • Risk: get “root” on many implants Issue: ICD’s trusted computing base is large. Ben Ransford, IEEE Security & Privacy ’08 11 Photo: Medtronic

  16. Why Steal When You Can Build? • Software radio • GNU Radio software, $0 • USRP board, $700 • Daughterboards, antennas: $100 ~10 cm (un-optimized) Ben Ransford, IEEE Security & Privacy ’08 12

  17. Attack #2: Eavesdrop Private Info Ben Ransford, IEEE Security & Privacy ’08 Ben Ransford, IEEE Security & Privacy ’08 13

  18. Attack #2: Eavesdrop Private Info Diagnosis Ben Ransford, IEEE Security & Privacy ’08 Ben Ransford, IEEE Security & Privacy ’08 13

  19. Attack #2: Eavesdrop Private Info Diagnosis Hospital Ben Ransford, IEEE Security & Privacy ’08 Ben Ransford, IEEE Security & Privacy ’08 13

  20. Attack #2: Eavesdrop Private Info Implanting Diagnosis physician Hospital Ben Ransford, IEEE Security & Privacy ’08 Ben Ransford, IEEE Security & Privacy ’08 13

  21. Attack #2: Eavesdrop Private Info Implanting Diagnosis physician Also: Device state Patient name Date of birth Hospital Make & model Serial no. ... and more Ben Ransford, IEEE Security & Privacy ’08 Ben Ransford, IEEE Security & Privacy ’08 13

  22. Attack #2: Eavesdrop Private Info In the future: Sophisticated devices may divulge a lot more data . Challenge: Can we add encryption? Ben Ransford, IEEE Security & Privacy ’08 14 Photo: Medtronic

  23. Attack #3: Sniff Vital Signs 1 0.5 0 − 0.5 − 1 0 500 1000 1500 2000 2500 3000 ICD emits reconstructible Eavesdropping setup vital signs Issue: Vital signs can say plenty. Ben Ransford, IEEE Security & Privacy ’08 15

  24. Attack #4: Drain Energy • Implant designed for infrequent radio use • Radio decreases battery lifetime “Are you sleeping?” “No!” Ben Ransford, IEEE Security & Privacy ’08 16

  25. Simple Replay Attacks • Ours: “Deaf” (transmit-only) attacks • Caveats: Close range; only one ICD model tested; attacks not optimized; takes many seconds ~10 cm Ben Ransford, IEEE Security & Privacy ’08 Photo: Medtronic 17

  26. Attack #5: Turn Off Therapies • “Stop detecting fibrillation.” • Device programmer would warn here Issue: Can quietly change device state. Ben Ransford, IEEE Security & Privacy ’08 18

  27. Attack #6: Affect Patient’s Physiology • Induce fibrillation which implant ignores • Again, at close range • In other kinds of implant: • Flood patient with drugs • Overstimulate nerves, ... Issue: Puts patient safety at risk. Ben Ransford, IEEE Security & Privacy ’08 19

  28. Ben Ransford, IEEE Security & Privacy ’08 #2: Fundamental Challenges http://secure-medicine.org/ 20

  29. Conventional Solutions? How about... Non-trivial problem Authenticate device Key management is hard. programmers? Revocation? Encrypt all Under what key? transmissions? Must fail open! Ben Ransford, IEEE Security & Privacy ’08 21

  30. Cannot fail closed • Closed: Don’t know the password? No admission! • Medical personnel need emergency access. • Challenge: design to fail open . Ben Ransford, IEEE Security & Privacy ’08 22

  31. Security vs. Safety? • Tensions discussed in [IEEE Pervasive ’08] • Patient’s health is the top priority • We seek the sweet spots Ben Ransford, IEEE Security & Privacy ’08 23

  32. Ben Ransford, IEEE Security & Privacy ’08 3. Defensive Directions http://secure-medicine.org/ 24

  33. Prototype defenses against some of the attacks. Main idea: defend without using battery. Ben Ransford, IEEE Security & Privacy ’08 25

  34. B.Y.O.P. • WISP = RFID + computation [Ubicomp ’06] • WISPer = WISP + our code • “Maximalist” crypto [RFIDSEC ’07] • Prototype: 913 MHz RFID band Goal: External party pays for power. Ben Ransford, IEEE Security & Privacy ’08 26

  35. WISPer as Gatekeeper External party 1 • Authenticate against WISPer 3 WISPer • WISPer to ICD: “OK to use radio” 2 • Acoustic patient notification Implant • How to deter enemies? (Open question!) Ben Ransford, IEEE Security & Privacy ’08 27

  36. How WISPer Could Work • Auxiliary device (possibly integrated) • Audible or tactile patient alert • Patient detects activity: am I in a clinic? • Fail open: sensible , tactile key exchange Ben Ransford, IEEE Security & Privacy ’08 28

  37. Testing WISPer: Simulated Torso 1 cm bacon WISPer 6 cm chuck Energy harvesting through tissue is possible. Ben Ransford, IEEE Security & Privacy ’08 29

  38. Ben Ransford, IEEE Security & Privacy ’08 Medical Devices Need Continued Attention! http://secure-medicine.org/ 30

  39. Medical Device Trends • Further computerization of care • Longer-range communication • Cooperation among devices Issue: All of these bring risks. Ben Ransford, IEEE Security & Privacy ’08 31

  40. Related Work • [IEEE Pervasive ’08] D. • [Ubicomp ’06] J. R. Smith, A. P. Sample, P. S. Powledge, S. Roy, Halperin, T. S. Heydt- and A. Mamishev: A wirelessly- Benjamin, K. Fu, T. Kohno, powered platform for sensing and and W. H. Maisel: Security computation . and privacy for implantable • [RFIDSEC ’07] H.-J. Chae, D. J. medical devices . (January Yeager, J. R. Smith, and K. Fu: 2008) Maximalist cryptography and • computation on the WISP UHF [JAMA ’06] W. H. Maisel, M. RFID tag . Moynahan, B. D. Zuckerman, T. • More in paper P. Gross, O. H. Tovar, D.-B. Tillman, and D. B. Schultz: Pacemaker and ICD generator malfunctions: Analysis of Food and Drug Administration annual reports. (JAMA 295(16)) Ben Ransford, IEEE Security & Privacy ’08 32

  41. Conclusions • Analysis of wirelessly controlled IMD • Methodologies & defensive directions ‣ Software radio ‣ Energy harvesting gatekeeper ‣ Patient notification (deterrence) • Many open problems http://secure-medicine.org/ Ben Ransford, IEEE Security & Privacy ’08 33

Recommend

Patients, Pacemakers, and Implantable Defibrillators: Human Values and Security for Wireless

Patients, Pacemakers, and Implantable Defibrillators: Human Values and Security for Wireless

Patients, Pacemakers, and Implantable Defibrillators: Human Values and Security for Wireless Implantable Medical Devices Tamara Denning 1 , Alan Borning 1 , Batya Friedman 1 , Brian Gill 2 , Tadayoshi Kohno 1 , William H. Maisel 3 Implantable

491 views • 37 slides
CS 598 - Computer Security in the Physical World: Project Submission #1 & Pacemakers and

CS 598 - Computer Security in the Physical World: Project Submission #1 & Pacemakers and

CS 598 - Computer Security in the Physical World: Project Submission #1 & Pacemakers and Implantable Cardiac Defibrillators Professor Adam Bates Fall 2016 Security & Privacy Research at Illinois (SPRAI) Oct 4th Deliverable

792 views • 20 slides
Implantable Cardiac Devices Pacemakers Correct for slow heart

Implantable Cardiac Devices Pacemakers Correct for slow heart

CPS: Beyond Usability: Applying Value Sensi8ve Design Based Methods to Inves8gate Domain Characteris8cs for Security for Implantable Cardiac Devices Tamara Denning

2.37k views • 48 slides
EXTRATERRITORIAL REACH OF U.S. PATENTS IS NARROWED TO EXCLUDE METHOD PATENTS Cardiac Pacemakers,

EXTRATERRITORIAL REACH OF U.S. PATENTS IS NARROWED TO EXCLUDE METHOD PATENTS Cardiac Pacemakers,

EXTRATERRITORIAL REACH OF U.S. PATENTS IS NARROWED TO EXCLUDE METHOD PATENTS Cardiac Pacemakers, Inc. v. St. Jude Medical, Inc. 91 USPQ2d 1898 (Fed. Cir. 2009) Abraham J. Rosner Sughrue, Mion PLLC Background: In the 1972 case of Deepsouth

328 views • 8 slides
The Current State of Cybersecurity in Medical Devices Medmarcs Webinar Series August 22, 2019

The Current State of Cybersecurity in Medical Devices Medmarcs Webinar Series August 22, 2019

The Current State of Cybersecurity in Medical Devices Medmarcs Webinar Series August 22, 2019 Vulnerable Devices Pacemakers / implantable defibrillators Insulin pumps Infusion pumps Mobile health technologies (mHealth

613 views • 40 slides
Perioperative Management of Patients with Cardiac Implantable Electronic Devices Rachel Heise,

Perioperative Management of Patients with Cardiac Implantable Electronic Devices Rachel Heise,

Perioperative Management of Patients with Cardiac Implantable Electronic Devices Rachel Heise, BSN, RN, CCRN, SRNA Melissa Maxwell, BSN, RN, SRNA Rosalind Franklin University We have no conflicts of interest to declare and will not be

535 views • 34 slides
Poor actual availability of publicly accessible automated external defibrillators limit their

Poor actual availability of publicly accessible automated external defibrillators limit their

21/07/2017 Poor actual availability of publicly accessible automated external defibrillators limit their value in the treatment of out of hospital cardiac arrest. M Thalib Mowjood Tammy Pegg Nelson Hospital Epidemiology of OHCA 2000

84 views • 7 slides
Dr. Zhihao Jiang Real-Time & Embedded Systems Lab Dept. Electrical & Systems Engineering

Dr. Zhihao Jiang Real-Time & Embedded Systems Lab Dept. Electrical & Systems Engineering

Dr. Zhihao Jiang Real-Time & Embedded Systems Lab Dept. Electrical & Systems Engineering University of Pennsylvania zhihaoj@seas.upenn.edu 1 Implantable Pacemaker 2 1990-2000: 600,000 implantable pacemakers were recalled 200,000 of

848 views • 61 slides
Defibrillators Defibrillators Vince Baier Corey Provencher Adam Spirer Kory Williams History

Defibrillators Defibrillators Vince Baier Corey Provencher Adam Spirer Kory Williams History

EM Field Theory Applied: EM Field Theory Applied: Defibrillators Defibrillators Vince Baier Corey Provencher Adam Spirer Kory Williams History History First Demonstration; 1899, Prevost and Batelli Batelli, Physiologists from ,

633 views • 10 slides
ChemoPort Access Guidelines & Demonstration What is Implantable Chemoport ?

ChemoPort Access Guidelines & Demonstration What is Implantable Chemoport ?

ChemoPort Access Guidelines & Demonstration What is Implantable Chemoport ? Ports are a type of Totally Implantable Central Venous Access Device used for intermediate and long term therapies. A Catheter attached to a

378 views • 23 slides
1 Histology EARLY Lymphocytic Infiltrate GRANULOMA PHASE Diagnosis LATE - SCAR Favora et.

1 Histology EARLY Lymphocytic Infiltrate GRANULOMA PHASE Diagnosis LATE - SCAR Favora et.

Outline 1. Basics of Cardiac Sarcoidosis 2. Diagnosis of Cardiac Sarcoidosis Evaluation and Management of 3. Management of Cardiac Sarcoidosis Patients with Suspected Cardiac 4. Ventricular Arrhythmia in Cardiac Sarccoidosis Sarcoidosis 2016

408 views • 13 slides
9/29/2016 The Implantable Artificial Kidney Implantable Artificial Kidney: From Silicon Chips to

9/29/2016 The Implantable Artificial Kidney Implantable Artificial Kidney: From Silicon Chips to

9/29/2016 The Implantable Artificial Kidney Implantable Artificial Kidney: From Silicon Chips to Renal Clearance Shuvo Roy, PhD Professor UCSF *Financial Disclosure Silicon Kidney LLC Paul Brakeman, MD, PhD Associate Professor UCSF 2

311 views • 12 slides
SUPPLIER BRIEFING DEFIBRILLATORS AND ASSOCIATED CONSUMABLES HPVITS2019-070 Thursday 11 th October

SUPPLIER BRIEFING DEFIBRILLATORS AND ASSOCIATED CONSUMABLES HPVITS2019-070 Thursday 11 th October

SUPPLIER BRIEFING DEFIBRILLATORS AND ASSOCIATED CONSUMABLES HPVITS2019-070 Thursday 11 th October Natalie Sweeney Category Manager Equipment Agenda HPV Overview Project Team Invitation to Supply Timeline o Categories in

435 views • 25 slides
1 EMS: Out of Hospital Cardiac Arrest ACC/AHA/HRS: Sudden Cardiac Death ACC/AHA/HRS, 2006:

1 EMS: Out of Hospital Cardiac Arrest ACC/AHA/HRS: Sudden Cardiac Death ACC/AHA/HRS, 2006:

U.S. Mortality by Death Certificates Redefining Sudden Cardiac Death: Insights from the 500,000 San Francisco POstmortem 400,000 Systematic invesTigation of # deaths/year 300,000 Sudden Cardiac Death Study 200,000 100,000 17 December

275 views • 16 slides
Background Previous randomized trials report that pulmonary vein isolation is more effective

Background Previous randomized trials report that pulmonary vein isolation is more effective

Study title: The CAPTAF trial - C atheter A blation compared with optimized P harmacological T herapy for A trial F ibrillation - a randomized multicentre study of quality of life and implantable cardiac monitoring . Authors: Carina

529 views • 7 slides
A novel implantable sensor for long-term continuous glucose measurement CORPORATE THE READ-OUT

A novel implantable sensor for long-term continuous glucose measurement CORPORATE THE READ-OUT

Sencell Development PRODUCT & TECHNOLOGY A novel implantable sensor for long-term continuous glucose measurement CORPORATE THE READ-OUT OPTIONS TECHNOLOGY 2 The Challenge Miniaturization Project Lifecare AS is developing an implantable

428 views • 22 slides
A novel implantable sensor for long-term continuous glucose measurement CORPORATE THE READ-OUT

A novel implantable sensor for long-term continuous glucose measurement CORPORATE THE READ-OUT

Sencell Development PRODUCT & TECHNOLOGY A novel implantable sensor for long-term continuous glucose measurement CORPORATE THE READ-OUT OPTIONS TECHNOLOGY 2 The Challenge Miniaturization Project Lifecare AS is developing an implantable

315 views • 20 slides
SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks Michael

SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks Michael

SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks Michael Rushan[JHU], Aviel Rubin[JHU], Denis Foo Kune[Michigan] and Colleen Swanson[Michigan] Presented by: Matthew S. Bauer September 20, 2016 Implantable medical

301 views • 19 slides
Leadless and Subcutaneous Pacemakers and ICDs Where Are We Now and What Is the Future? Byron K.

Leadless and Subcutaneous Pacemakers and ICDs Where Are We Now and What Is the Future? Byron K.

Leadless and Subcutaneous Pacemakers and ICDs Where Are We Now and What Is the Future? Byron K. Lee MD Professor of Medicine Samuel T. and Elizabeth Webb Reeves Endowed Chair Director of the EP Labs and Clinics University of California, San

506 views • 24 slides
A novel implantable sensor for long-term continuous glucose measurement Investor Presentation

A novel implantable sensor for long-term continuous glucose measurement Investor Presentation

A novel implantable sensor for long-term continuous glucose measurement Investor Presentation at November 29th - 2019 1 Lifecare AS is developing an implantable glucose sensor named SENCELL for positioning under the skin into the

339 views • 31 slides
A novel implantable sensor for long-term continuous glucose measurement Investor Presentation

A novel implantable sensor for long-term continuous glucose measurement Investor Presentation

A novel implantable sensor for long-term continuous glucose measurement Investor Presentation at November 29th - 2019 1 Lifecare AS is developing an implantable glucose sensor named SENCELL for positioning under the skin into the

400 views • 23 slides
3/12/2019 Cardiac Cath Why Bother? Cardiac Catheterization in Respiratory Status Preterm

3/12/2019 Cardiac Cath Why Bother? Cardiac Catheterization in Respiratory Status Preterm

3/12/2019 Cardiac Cath Why Bother? Cardiac Catheterization in Respiratory Status Preterm Infants with ventilatory settings, blood gases, chest CT UCSF Chronic Pulmonary Cardiac Status Pediatric Pulmonary Hypertension Program

543 views • 3 slides
What is an Implantable Medical Device? The FDA strictly defines a medical device Neuro-

What is an Implantable Medical Device? The FDA strictly defines a medical device Neuro-

SoK: Security and Privacy in Implantable Medical Devices Michael Rushanan 1 , Denis Foo Kune 2 , Colleen M. Swanson 2 , Aviel D. Rubin 1 1. Johns Hopkins University 2. University of Michigan 0 This work was supported by STARnet, the Dept. of

384 views • 24 slides
12/17/16 Cardiac CT, Nuclear Cardiology, and Cardiac MRI DISCLOSURE Roles in the Era of

12/17/16 Cardiac CT, Nuclear Cardiology, and Cardiac MRI DISCLOSURE Roles in the Era of

12/17/16 Cardiac CT, Nuclear Cardiology, and Cardiac MRI DISCLOSURE Roles in the Era of Value-based Imaging Daniel S. Berman, M.D. declares the following relationships: Daniel S. Berman, MD Director, Cardiac Imaging Consultant:

639 views • 37 slides

More recommend