1 / 20

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses. Authors: Daniel Halperin , Thomas S. Heydt -Benjamin, Benjamin Ransford , Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, William H. Maisel.

bandele
Download Presentation

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Authors: Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, William H. Maisel Presenter: Raghu Rangan

  2. What Are IMDs? • Implantable Medical Device • Can control heart rate, deliver medication, etc. • Sophisticated devices with radios • But are they secure?

  3. ICDs Implantable Cardiac Devices Radio-enabled, wirelessly programmable Pacemaking, defibrillation (steady shocks vs. single large shock) Communicates with a device programmer

  4. Adversaries Commercial ICD programmer Passive RF listener Active RF attacker

  5. Related Work Most research has focused on preventing unintentional failures RC5 on WISP Work using software radios to receive transmissions from commercial wireless protocols

  6. Insider Attack Device programmers can be used directly Programmers can read all ICD information, change all settings No technological controls to ensure authorized use

  7. Reverse Engineering • Black box: watch communication between ICD and programmer • Done using inexpensive components: • Oscilloscope • Universal Software Radio Peripheral • Software: GNU Radio, Perl, Matlab • Cost: less than $1000

  8. Passive Monitoring • Patient data transmitted cleartext • Challenge: modulation, encoding • Not so difficult, standard schemes are used. • Name, birth date, ID number, patient history, diagnosis, treating physician ...

  9. Transaction Timeline In order to eavesdrop, need to establish timeline for bidirectional comms between ICD and programmer Do not need to decipher transmissions, can infer meanings and some content

  10. Eavesdropping Setup

  11. Active Attack: Replay • Replay attacks–attacker needs little knowledge • Trigger information disclosure • Change patient name, ICD clock • Change therapies • Can disable functions • Quitely change device state • Induce fibrillation • Patient safety at risk

  12. Active Attack: Denial of Service Presence of strong magnet makes ICD transmit telemetry data Can also be triggered without magnet Radio use might run out battery faster DoScould be quite dangerous–replacing the battery requires surgery

  13. Defense Goals Prevent attacks from insiders and outsiders Draw no power from primary battery Security events should be detectable by patient

  14. Zero Power Defense • Use RFID tag (WISPer) to guard ICD communication • WISPerharvests power from reader, can perform computations • Three applications: • Notification • Authentication • Sensible key exchange

  15. Zero Power Defense

  16. Notification When WISPer is activated, beep via piezoelectric speaker After beep, notify ICD it can start using radio Patient aware when ICD is being programmed Can be deterrent for attacker

  17. Authentication Challenge/response protocol using RC5 Only if authentication is successful will ICD be told to activate No power is used until authentication succeeds.

  18. Key Exchange Use audio as a channel for crypto key exchange Modulate sound wave using same scheme as radio Audible to patient, hard to hear at a distance Also uses no power

  19. Conclusion and Future Work Still many open problems: key management, failure modes Security problems can have life-threatening consequences IMDs should be treated as what they are computers

  20. Questions/Comments/Discussion

More Related