Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system

Chunxiao Li, Anand Raghunathan, Niraj K. Jha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

273 Scopus citations

Abstract

Wearable and implantable medical devices are being increasingly deployed to improve diagnosis, monitoring, and therapy for a range of medical conditions. Unlike other classes of electronics and computing systems, security attacks on these devices have extreme consequences and must, therefore, be analyzed and prevented with utmost effort. Yet, very little work exists on this important topic and the security vulnerabilities of such systems are not well understood. We demonstrate security attacks that we have implemented in the laboratory on a popular glucose monitoring and insulin delivery system available on the market, and also propose defenses against such attacks. Continuous glucose monitoring and insulin delivery systems are becoming increasingly popular among patients with diabetes. These systems utilize wireless communication links, which are frequently utilized as a portal to launch security attacks. Our study shows that both passive attacks (eavesdropping of the wireless communication) and active attacks (impersonation and control of the medical devices to alter the intended therapy) can be successfully launched using public-domain information and widely available off-the-shelf hardware. The proposed attacks can compromise both the privacy and safety of patients. We propose two possible defenses against such attacks. One is based on rolling-code cryptographic protocols, and the other is based on body-coupled communication. Our security analysis shows that the proposed defenses have the potential to mitigate the security risks associated with personal healthcare systems.

Original languageEnglish (US)
Title of host publication2011 IEEE 13th International Conference on e-Health Networking, Applications and Services, HEALTHCOM 2011
Pages150-156
Number of pages7
DOIs
StatePublished - 2011
Event2011 IEEE 13th International Conference on e-Health Networking, Applications and Services, HEALTHCOM 2011 - Columbia, MO, United States
Duration: Jun 13 2011Jun 15 2011

Publication series

Name2011 IEEE 13th International Conference on e-Health Networking, Applications and Services, HEALTHCOM 2011

Other

Other2011 IEEE 13th International Conference on e-Health Networking, Applications and Services, HEALTHCOM 2011
Country/TerritoryUnited States
CityColumbia, MO
Period6/13/116/15/11

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Health Informatics
  • Health Information Management

Fingerprint

Dive into the research topics of 'Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system'. Together they form a unique fingerprint.

Cite this