Enhancing the Safety and Trustworthiness of Medical Devices

ABSTRACT

Rapid advances in personal healthcare systems based on implantable and wearable medical devices promise to greatly improve the quality of diagnosis and treatment for a range of medical conditions. However, the increasing programmability and wireless connectivity of medical devices also open up wireless attack and software exploit opportunities for malicious attackers. In this poster, we first demonstrate radio-frequency (RF) wireless attacks that we have successfully implemented in the laboratory on a popular glucose monitoring and insulin delivery system available on the market. Unlike other classes of electronics and computing systems, security attacks on these devices have extreme consequences and must, therefore, be analyzed and prevented with utmost effort. To defend against wireless attacks, we present a medical security monitor (MedMon) that snoops on all the RF wireless communications to/from medical devices and uses multi-layered anomaly detection to identify potential malicious transactions. A key benefit of MedMon is that it is applicable to existing medical devices with no hardware or software modifications needed for them. Consequently, it leads to zero power overheads on these devices. To improve the trustworthiness of medical device software and minimize potential software exploits, we show how to apply formal verification techniques to cardiac pacemaker software, and demonstrate its ability to verify security properties and detect a range of software vulnerabilities. We believe that the proposed approaches can be effective in enhancing the security of a wide range of medical devices and personal healthcare systems.

Award ID: 1219570