TY - GEN
T1 - Hijacking an insulin pump
T2 - 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services, HEALTHCOM 2011
AU - Li, Chunxiao
AU - Raghunathan, Anand
AU - Jha, Niraj K.
PY - 2011
Y1 - 2011
N2 - Wearable and implantable medical devices are being increasingly deployed to improve diagnosis, monitoring, and therapy for a range of medical conditions. Unlike other classes of electronics and computing systems, security attacks on these devices have extreme consequences and must, therefore, be analyzed and prevented with utmost effort. Yet, very little work exists on this important topic and the security vulnerabilities of such systems are not well understood. We demonstrate security attacks that we have implemented in the laboratory on a popular glucose monitoring and insulin delivery system available on the market, and also propose defenses against such attacks. Continuous glucose monitoring and insulin delivery systems are becoming increasingly popular among patients with diabetes. These systems utilize wireless communication links, which are frequently utilized as a portal to launch security attacks. Our study shows that both passive attacks (eavesdropping of the wireless communication) and active attacks (impersonation and control of the medical devices to alter the intended therapy) can be successfully launched using public-domain information and widely available off-the-shelf hardware. The proposed attacks can compromise both the privacy and safety of patients. We propose two possible defenses against such attacks. One is based on rolling-code cryptographic protocols, and the other is based on body-coupled communication. Our security analysis shows that the proposed defenses have the potential to mitigate the security risks associated with personal healthcare systems.
AB - Wearable and implantable medical devices are being increasingly deployed to improve diagnosis, monitoring, and therapy for a range of medical conditions. Unlike other classes of electronics and computing systems, security attacks on these devices have extreme consequences and must, therefore, be analyzed and prevented with utmost effort. Yet, very little work exists on this important topic and the security vulnerabilities of such systems are not well understood. We demonstrate security attacks that we have implemented in the laboratory on a popular glucose monitoring and insulin delivery system available on the market, and also propose defenses against such attacks. Continuous glucose monitoring and insulin delivery systems are becoming increasingly popular among patients with diabetes. These systems utilize wireless communication links, which are frequently utilized as a portal to launch security attacks. Our study shows that both passive attacks (eavesdropping of the wireless communication) and active attacks (impersonation and control of the medical devices to alter the intended therapy) can be successfully launched using public-domain information and widely available off-the-shelf hardware. The proposed attacks can compromise both the privacy and safety of patients. We propose two possible defenses against such attacks. One is based on rolling-code cryptographic protocols, and the other is based on body-coupled communication. Our security analysis shows that the proposed defenses have the potential to mitigate the security risks associated with personal healthcare systems.
UR - http://www.scopus.com/inward/record.url?scp=80053973692&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80053973692&partnerID=8YFLogxK
U2 - 10.1109/HEALTH.2011.6026732
DO - 10.1109/HEALTH.2011.6026732
M3 - Conference contribution
AN - SCOPUS:80053973692
SN - 9781612846972
T3 - 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services, HEALTHCOM 2011
SP - 150
EP - 156
BT - 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services, HEALTHCOM 2011
Y2 - 13 June 2011 through 15 June 2011
ER -