Loading
26 October 2022
Abstract:Implantable medical devices (IMDs) such as cardiac implants and insulin pumps provide patients with lifesaving functions and improve their lives. These properties make them an integral part of medical professionals' toolbox. Today, IMDs which can be controlled or adjusted wirelessly are widely adopted and are becoming increasingly connected to each other and to the internet. While the modern communication properties of IMDs provide substantial benefits, they pose a major cybersecurity risk when devices are not secured adequately.
In this thesis, we explore security issues related to the communication and sensing capabilities of modern on-body devices such as IMDs. In particular, we investigate authentication and key agreement in a network of body-worn devices, and address the privacy of in-body continuous sensing and monitoring.
The main contributions of this thesis are twofold: (1) We propose and evaluate Tiek, an authentication and key distribution protocol for networked body-worn devices. Tiek authenticates the presence of participating devices on the body and distributes cryptographic keys to them using environment based sources of randomness. The protocol utilizes a two-tier authorization scheme to restrict the access of mal-behaving body-worn participants to the network. (2) We also study the information leakage associated with the deployment of a novel in-body continuous monitoring technique. We target the information leakage from the sensing process, and propose and evaluate privacy enhancing measures that prevent a passive eavesdropper from violating the privacy of the patient. We believe this thesis contributes to the development of secure on-body devices in general and IMDs in particular.
Available as PDF (1.03 MB)
Download BibTeX entry.