Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Zac Chupka Jeff Signore.

Slides:

Advertisements

Similar presentations

Network Security Chapter 1 - Introduction.

Advertisements

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.

By Md Emran Mazumder Ottawa University Student no:

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

NFC Devices: Security and Privacy

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks 0 Fall 2014 Presenter: Kun Sun, Ph.D. Michael Rushanan*, Denis Foo Kune,

Imbedded SSR Mode-S Logic Control Unit University of Stellenbosch Department of Electrical & Electronic Engineering K. Gastrow 4 December 2009.

Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Authors: Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

1 A study on Location Aware Computing Presenter : Narendiran Visvanathan Instructor : Dr. Chin-Chih Chang Course : CS 898T Mobile and Wireless Networks.

Software Defined Radio Mentor: Dr. Brian Banister Sponsor: Comtech AHA Team: Brad Eylander, Dylan Kievit, Jeff Chang, Ted Storms Acknowledgements: Dr.

Implantable Cardioverter Defibrillator Rebecca Boduch Biomedical Engineering University of Rhode Island.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

A Framework for Patient Monitoring A. L. Praveen Aroul, William Walker, Dinesh Bhatia Department of Electrical Engineering University of Texas at Dallas.

Applied Cryptography for Network Security

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Wireless Data Acquisition for SAE Car Project by: J.P. Haberkorn & Jon Trainor Advised by: Mr. Steven Gutschlag.

Chip tag A radio-frequency identification system uses tags readers send a signal to the tag and read its response RFID tags can be either passive active.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.

Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.

Figure 13.1 Block diagram of an asynchronous cardiac pacemaker

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

Neighborhood Watch: Security and Privacy Analysis of Automatic Meter Reading Systems Ishtiaq Rouf, Hossen Mustafa Rob Miller Marco Grutese Presented By.

A Quantitative Analysis of the Insecurity of Embedded Network Devices: Results of a Wide-Area Scan Ang Cui and Salvatore J. Stolfo Department of Computer.

Introduction Implantable Medical Devices (IMDs) are vulnerable to exploitation (last paper) Unauthorized data retrieval Malicious commands Millions of.

Wireless and Security CSCI 5857: Encoding and Encryption.

1 Secure Cooperative MIMO Communications Under Active Compromised Nodes Liang Hong, McKenzie McNeal III, Wei Chen College of Engineering, Technology, and.

“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with.

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

Weaponizing Wireless Networks: An Attack Tool for Launching Attacks against Sensor Networks Thanassis Giannetsos Tassos Dimitriou Neeli R. Prasad.

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

An Analysis of Bluetooth Security

Security and Privacy for Implantable Medical Devices Presented by : Dilip Simha.C.R.

EMERGENCY VEHICLE ALERT SYSTEM ECE 495C Digital Systems Senior Design Project Proposal Team #3 Spring 2008 January 09, 2008.

Wireless Cardiac Device Monitoring Presented by: Ashley D. Solomon, RN Nursing 457: Nursing Informatics Fall 2009.

This presentation is an outgrowth of work done under contract to the Institute for Telecommunication Sciences and does not represent the views or policies.

Wireless Network Security Presented by: Prabhakaran Theertharaman.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-01 S. Hartman M. Wasserman D. Zhang 1.

They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices Shyamnath Gollakota, Haitham Hassanieh, Benjamin Ransford, Dina Katabi,

Securing Wireless Medical Implants Shyamnath Gollakota Haitham Hassanieh Benjamin Ransford Dina Katabi Kevin Fu.

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero- Power Defenses By: Halperin, Heydt—Benjamin, Ransford, Clark, Defend,

Mobile Phone Based Environment Control/Security System Christopher Carroll B.E. Electronic and Computer Engineering.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Focus On Bluetooth Security Presented by Kanij Fatema Sharme.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Wireless Network Security CSIS 5857: Encoding and Encryption.

Fall 2006CS 395: Computer Security1 Key Management.

Implantable Cardioverter Defibrillator (ICD) Reprogramming Guidelines Lauren Butler.

Security and Privacy for Implantable Medical Devices Presented by Tuo Yu 1.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

What is an Implantable Medical Device?

RAILWAY TRACK SNAP NOTIFICATION

Proximity-based Access Control for Implantable Medical Devices

CARDIAC DEFIBRILLATORS

CARDIAC DEFIBRILLATORS

They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices Shyamnath Gollakota, Haitham Hassanieh, Benjamin Ransford, Dina Katabi,

Presentation transcript:

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Zac Chupka Jeff Signore

Disclosure The researchers omit details that would act as a guide for someone to attack an implantable medical device Focuses more on the security and privacy vulnerabilities in implantable medical devices

Overview Technology Vulnerabilities Techniques Experiment Prevention Conclusions

Implantable Medical Devices (IMDs) Wireless reprogrammable medical devices that are implanted in a patient’s body Implantable Cardioverter Defibrillators (ICDs) Pacemakers Neurostimulators Drug pumps Between : 2.6 million IMDs implanted in US patients

ICDs Monitor and responds to heart activity Include modes for pacing and defibrillation Implanted in the chest with leads that connect to the chambers of the heart Practitioner can interact with ICD post surgery using an external commercial device programmer Perform diagnostics Read and write private data Adjust therapy settings

ICDs Self contained with respect to power and connectivity Non-rechargeable internal batteries No physical external connections Designed to last for many years

Other Equipment Used Oscilloscope Tests functionality of equipment that generates electrical signal Measures changing voltage of signal and displays as a waveform on a graph Antennas Universal Software Radio Peripheral device that interacts with open source GNU Radio libraries

Overview Technology Vulnerabilities Techniques Experiment Prevention Conclusions

Vulnerabilities Addressing the security and privacy issues with the communication between the ICD and the external ICD programmer used by practitioners Attacks classified as three types of adversary classes Commercial ICD programmer passive adversary active adversary

 Adversaries Commercial ICD programmer No mechanisms in place to determine if the external programmer is being used by authorized personnel Passive adversary Eavesdrop on communications Record Radiofrequency messages output by devices Active adversary Generates arbitrary radiofrequency traffic

Overview Technology Vulnerabilities Techniques Experiment Prevention Conclusions

Reverse Engineering Transmissions Captured RF transmissions using the oscilloscope and USRP at 175 kHz Processed these signals using Matlab to determine the type of data it was transmitting

Reverse Engineering Transmissions Intercepting Programmer Directly connect to device carry raw bits from programmer to processing equipment Intercepting ICD Made dummy patient name Analyzed RF signal to determine the phase shift to determine the modulation scheme

Eavesdropping Used USRP to eavesdrop on the transmission data using the GNU radio Set up an eavesdropping timeline to determine the where and when to listen in on bidirectional conversations between devices

Overview Technology Vulnerabilities Techniques Experiment Prevention Conclusions

Passive Attacks (Eavesdropping) Replay attacks used to obtain information: First, auto-identification command used to retrieve limited device information Once identified, additional personal information is requested using interrogation command Cardiac data also obtained under certain conditions, such as with a strong magnet

Active Attacks (Changing Information) Replay attacks used with GNU radio to modify ICD information: Change patient name Change ICD clock - date and/or time Change therapies - programmed responses to cardiac events

Active Attacks (Other Attacks) Induce fibrillation Apply a ~1 Joule command shock to the patient’s heart at a precise point in the patient’s cardiac rhythm. Unconfirmed attacks Power denial of service Insecure software updates Buffer overflow vulnerabilities.

Overview Technology Vulnerabilities Techniques Experiment Prevention Conclusions

Notification for Patients: WISPer Wireless Identification and Sensing Platform: tiny embedded system with RFID circuitry and microcontroller After WISPer receives wireless requests, it chirps Tested with and without bacon

Authentication Challenge-response type authentication Programmers know master key IMD knows identity Both have to calculate IMD specific key based on master key and identity, and must match results for authentication to occur. Master key not suitable for large- scale deployment: too risky

Sensible Key Exchange A distribution of a symmetric cryptographic key over a human perceptible sensory channel IMD generates a key and broadcasts it as sound wave, only strong enough to be received by a patient in contact with the microphone

Conclusions Important that the authors have revealed the security and privacy risks These experiments aren’t practical or feasible in a real world situation These risks and prevention techniques for IMDs should be taken into account for future development

Inner Workings of an ICD Inside is a magnetic switch A close magnetic field allows the ICD to transmit telemetry data which includes EKG readings The magnetic field comes from a magnet in the external programmer when placed in proximity of the patient’s ICD The model of ICD used is intended for short range wireless communications