PORTLAND, Ore. — The increasing proliferation of medical implants that can be programmed wirelessly, such as pacemakers, insulin pumps, defibrillators, neural implants, and drug delivery systems, has prompted concern that hackers could gain access and harm a patient.
Now researchers at Rice University claim to have an answer. Called Heart-to-Heart (H2H) the novel cryptographic technique uses the patient's own heartbeat as a random number generator. It will be presented at the upcoming Association for Computing Machinery (ACM) Conference on Computer and Communications Security (November 4-8, Berlin).
Today, reprogramming medical implants are performed in the doctor's office where security is not a concern. Traditional cryptographic techniques can be used for secure access to implants there, but, according to the Rice researchers, hackers could gain wireless access to implants outside the doctor's office by breaking those techniques. Sophisticated, traditional cryptography could be used, but that would tax the processing power of the implant's microcontroller and run down its battery. H2H, on the other hand, is designed to be easy on computing resources and yet more secure than traditional cryptography.
In essence, the technique derives a random password from the heartbeat of the patient that can only be computed when touching the patient. Called touch-to-access by the researchers, they claim touching is important, since hackers could determine the rough outline of a heartbeat remotely with special cameras. After touch-to-access derives the random password from the patient's heartbeat, a novel pairing protocol then uses that password, which is separately calculated by the implant's microcontroller, to establish a secure wireless connection between the doctor's programmer and the implanted medical device (IMD).
"We have shown that the heartbeat has enough randomness to be used as a random number generator," professor Farinaz Koushanfar at Rice University told EE Times. "The IMD, which is inside the body, can record random bits in a heartbeat in the short-time interval that the access is happening, and the person who is accessing the IMD can also record the heartbeat."
Koushanfar went on to explain:
For 12 seconds the person who has access to the patient with the IMD device records the same random number as the IMD device is recording, and then they go through a cryptographic pairing. But what is significant about this cryptographic pairing is that we have shown it is resilient against all sorts of attacks. There have been approaches that tried this earlier, but earlier work has shown that those approaches could be broken.
Today millions of medical implants are in use, many of them with unsecured wireless access, but the Rice researchers claim their algorithm is simple enough to be incorporated even into legacy IMDs by simply updating their firmware. The researchers are currently in informal discussions with IMD makers to license them their H2H technology.
Professor Farinaz Koushanfar (left) at Rice University and doctoral candidate Masoud Rostami (right) created a system to secure implantable medical devices like pacemakers and insulin pumps from wireless attacks.
(Source: Jeff Fitlow/Rice University)
In their ACM presentation in Berlin, the researchers, who include doctoral candidate Masoud Rostami, will describe H2H and the touch-to-access protocol, which they have implemented on an ARM Core M-3 microcontroller.
Also contributing to the development effort was independent security analyst, and former director of RSA Laboratories in Cambridge, Mass., Ari Juels. Funding was provided by the Office of Naval Research and the Army Research Office.