1 / 21

Security and Privacy Issues in Wireless Medical Devices

Security and Privacy Issues in Wireless Medical Devices . Hossen Mustafa CSCE 824 04/17/13. Wireless Medical Devices. Wireless Medical Devices. Wireless Medical Infrastructure. Research Areas. Wireless security and privacy Medical database security Secure medical systems.

milos
Download Presentation

Security and Privacy Issues in Wireless Medical Devices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and Privacy Issues in Wireless Medical Devices Hossen Mustafa CSCE 824 04/17/13

  2. Wireless Medical Devices

  3. Wireless Medical Devices

  4. Wireless Medical Infrastructure

  5. Research Areas • Wireless security and privacy • Medical database security • Secure medical systems

  6. Wireless Security and Privacy • Implantable medical device, e.g., pacemaker • No security in transmission between pacemaker and programmer. • As a result, vulnerable to • eavesdropping attack • spoofing attack • battery drain attack

  7. Wireless Security and Privacy • Proposed solution: • The shield acts as a jammer to protect IMD wireless transmissions, known as “Friendly Jamming” • An upcoming publication shows that “Friendly Jamming” cannot provide full protection…

  8. Wireless Security and Privacy • Insulin pumps can be remotely • programmed to inject lethal dose • shut down • Nike+iPod sports kit is vulnerable to • Eavesdropping attack which can hamper location privacy of the user • Spoofing attack which can lead to invalid and inconsistent health data • Onyx fingertip pulse oximeter is vulnerable to • Man-in-the-Middle attack • Jamming Attack

  9. Wireless Security and Privacy • Researchers have proposed • Cryptographic solutions • Friendly jamming to protect legacy devices • RSS-based jamming detection • Detecting spoofed packet using correlation

  10. Research Areas • Wireless security and privacy • Medical database security • Secure medical systems

  11. Medical Database Security • Medical database has different requirements compared to traditional database • Health Insurance Portability and Accountability Act (HIPAA) includes strict privacy and security requirements: • Privacy and Data Confidentiality • Security • Disposal • Media re-use • Accountability • Backup and Storage

  12. Hippocratic Database (HDB) • ‘Most’ compliant with HIPPA • It includes • Active Enforcement • Compliance Auditing • Optimal k-anonymization • Sovereign Information Integration • Privacy-Preserving Data Mining

  13. Privacy Protocol for Linking Distributed Medical Data • Such queries are called private fuzzy queries • The protocol ensures authorized data exchange • Disadvantage: • High overhead • Does not work in case of unique attributes 1. E(attribute <sex, hair color, eyecolor>) 2. For each match, encrypt with public key and add to response 4. Decrypt record with patient private key 3. R = E(records)

  14. Privacy Management in Dynamic Groups • Sensitive health data are often co-managed by different groups of medical employees • Three forms of group dynamics are challenging to privacy • Dynamic Group Members • Diverse Life Span of Teams • Different Levels of Information Sensitivity

  15. Research Areas • Wireless security and privacy • Medical database security • Secure medical systems

  16. Secure Medical Systems • PKI that Rings • Public Key Infrastructure (PKI)-based authentication mechanism using cellular networks • Workflow • The patient calls authentication service (AS) • A challenge is sent to the patient’s cell phone, encrypted with the patient’s public key • The patient decrypts the challenge • The patient prepares response which includes hospitals ID and sends it to AS • AS sends records to the hospital

  17. Secure Medical Systems • A Home Healthcare System in the Cloud • Empowers depressed patients over their treatment process • Works in three steps • Personal monitoring devices monitor and collect patients data • Data are uploaded and stored in the cloud • Data is shared with patient’s health record provider on demand • Uses cryptographic technique to ensure security and privacy

  18. Smartphone! • Smartphone poses a new set of potential problems: • Apps are available for health monitoring using phone sensors, e.g., accelerometer • Apps are being integrated with health monitoring sensors • Apps are being used to keep track of medical records, e.g., blood pressure • Most apps use local storage in the Smartphone for data with NO encryption • Many apps provides server space for keeping health records but does not follow HIPPA guidelines

  19. Requirements for Medical Data • Confidentiality • Fine-grained Access Control • Integrity • Availability • Performance • Logging, Audit Trails, and Provenance • Support for Long Retention and Secure Migration • Backup • Cost

  20. More Requirements… • Secure transmission protocol, specially for wireless transmission • Enforcement of security requirements for upcoming medical devices • Find solutions for legacy (vulnerable) medical device • Bring smartphones under the guidelines of HIPPA

  21. Thank You

More Related