Securing Implantable Cardioverter Defibrillators Using Smartphones

Jiwan Ninglekhu1+, Ram Krishnan1, Eugene John1, and Manoj Panday2
 

1The University of Texas at San Antonio, One UTSA Circle, San Antonio, TX 78256, USA
iiw057@my.utsa.edu, ram.krishnan@utsa.edu, eugene.john@utsa.edu

2University of Texas Health Science Center, San Antonio, TX, USA
manojpanday@hotmail.com

 

Abstract

In this paper, we propose a novel security framework to protect Implantable Cardioverter Defibrillators (ICDs) using Smartphones. ICDs are small battery powered Implantable Medical Devices (IMDs) that are introduced in the patient’s body to treat irregular heartbeats known as arrhythmias. These devices are programmed and accessed wirelessly for diagnosis and therapy by a programming device known as External Programmer (EP). Previous studies have demonstrated that ICDs are susceptible to attacks via unauthorized EPs. These attacks may not only pose privacy concerns, but can also do serious physical harm to a patient. While it is crucial that these devices need to be secured by all means possible, a medical practitioner should be allowed to access ICDs when needed, especially under emergency situations. In this paper, we investigate techniques for using a patient’s smartphone for authenticated and authorized communication between the patient’s ICD and the EP operated by a physician treating the patient. An application running in the smartphone serves two major purposes. (1) mediates secure communication, and (2) keeps the patient in-the-loop by providing an audiovisual interface, to be aware of and take control over the communication occurring between the ICD and EP. Due to the fact that smartphones are becoming more cheaper and their versatility becoming greater, using smartphones as a security device is a feasible option. As a proof-of-concept, the proposed Kerberos based security scheme is implemented using simulated EP, ICD, and an Android-based smartphone.

Keywords: Implantable Cardioverter Defibrillator (ICD), Implantable Medical devices (IMD),
security, safety, Smartphones

 

+: Corresponding author: Jiwan Ninglekhu
Department of Electrical and Computer Engineering, The University of Texas at San Antonio (UTSA), One UTSA Circle, San Antonio, TX 78256, USA, Tel: +1-210-458-7753
 

Journal of Internet Services and Information Security (JISIS), 5(2): 47-64, May 2015 [pdf]