Umass Security Seminar Series
 
Search this site

Seminar 2

Time: Sept 16, 4:00 pm
Place: Gunness Student Center Conference Room.

Refreshments will be served at 3:45 pm

Title: Implantable Medical Devices: Security and Privacy for Pervasive, Wireless Healthcare
Speakers: Kevin Fu and Ben Ransford, UMass Computer Science


Abstract:

An incredible array of implantable medical devices treat chronic ailments such as cardiac arrhythmia, diabetes, Parkinson's disease, seizures, and even obesity with various combinations of electrical therapy and drug infusion. These devices use tiny embedded computers to control therapies and collect physiological data. To improve patient care and detect early warning signs, implantable medical devices are rapidly embracing wireless communication and Internet connectivity. Implantable cardioverter defibrillators (ICDs) are wirelessly reprogrammable and relay medical telemetry over the Internet via at-home monitors. Such devices will vastly improve care for chronic disease, but will also introduce fundamentally new risks because of global computing infrastructures such as the Internet that are physically infeasible to secure. Thus, new devices must not only prevent accidental malfunctions, but must also prevent *intentional* malfunctions caused by malicious parties lurking on the network.

Our interdisciplinary research team implemented several software radio-based methods that could compromise patient safety and patient privacy (e.g., disclosing patient data or inducing ventricular fibrillation via a wireless command). Addressing these new risks, our zero-power approaches help to mitigate the risk of intentional malfunctions. Attendees will learn about (1) the challenging security and privacy risks that result from the incorporation of wireless communication and Internet connectivity in healthcare; (2) the key factors for balancing medical safety and effectiveness with security and privacy; and (3) three new zero-power defenses based on RF power harvesting that balance security and power consumption to improve patient safety. This line of research is an important step in understanding how to provide better security and privacy as more medical devices rely on wireless communication. Wireless communication has the potential to improve patient care, but researchers have yet to fully understand the effects of wireless communication on security and privacy of pervasive devices. We do not believe that our discovery poses a significant threat today, but we are certain that the risks will grow as the technology develops. This research was carried out at the University of Massachusetts Amherst in collaboration with the University of Washington and the Harvard Medical School.

BIOs:
Kevin Fu is an assistant professor in the Department of Computer Science at the University of Massachusetts Amherst, and is the co-director of the Medical Device Security Center and the director of the RFID Consortium on Security and Privacy (RFID CUSP). Kevin investigates the security and privacy of pervasive and invasive computation --- including RFID, implantable medical devices, and file systems. Kevin's contributions include the security analysis of an implantable cardioverter defibrillator, RFID-enabled credit cards, Web authentication, and software updates; the SFS read-only file system for fast integrity-protected content distribution; key regression for efficient decentralized access control of storage; and proxy re-encryption file systems for managing distributed access control.
Kevin received his M.Eng. and Ph.D. in Electrical Engineering and Computer Science at the Massachusetts Institute of Technology in 1999 and 2005 respectively, and his S.B. in Computer Science and Engineering from MIT in 1998. Kevin's research received a number of best paper awards from premiere conferences in computer security and cryptography. His research has appeared in The New York Times and The Wall Street Journal. Kevin also holds a certificate of achievement in artisanal bread making from the French Culinary Institute.

Ben Ransford is a second year graduate student in the Department of Computer Science at the University of Massachusetts Amherst. He is formally interested in cryptography, anonymity, and privacy, and is informally interested in programming languages and operating systems. Ben returned to academia after a six-year stint as a programmer and freelance consultant. He received a B.S. in Computer Science from Cornell University in 2001.
Subscribe to posts

Reference

posted ‎‎Sep 12, 2008 9:46 AM‎‎ by lang lin   [ updated ‎‎Oct 13, 2008 11:07 AM‎‎ ]

Video (WMV format, 192 Kbps) of this presentation

Publication: "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses" in IEEE Symposium on Security and Privacy 2008.
available at http://www.rfid-cusp.org/publication.html

‹ Prev    1-1 of 1    Next ›