skip to main content


Title: A Visible Light Channel Based Access Control Scheme for Wireless Insulin Pump Systems
Smart personal insulin pumps have been widely adopted by type 1 diabetes. However, many wireless insulin pump systems lack security mechanisms to protect them from malicious attacks. In previous works, the read-write attacks over RF channels can be launched stealthily and could jeopardize patients' lives. Protecting patients from such attacks is urgent. To address this issue, we propose a novel visible light channel based access control scheme for wireless infusion insulin pumps. This scheme employs an infrared photodiode sensor as a receiver in an insulin pump, and an infrared LED as an emitter in a doctor's reader (USB) to transmit a PIN/shared key to authenticate the doctor's USB. The evaluation results demonstrate that our scheme can reliably pass the authentication process with a low false accept rate (0.05% at a distance of 5cm).  more » « less
Award ID(s):
1812553
NSF-PAR ID:
10454051
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
2018 IEEE International Conference on Communications (ICC)
Page Range / eLocation ID:
1 to 6
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Insulin pumps have been widely used by patients with diabetes. Insulin pump systems adopt wireless channels with few cryptographic mechanisms, which makes them vulnerable to many attacks. In this paper, we focus on the wireless channel between Carelink USB and insulin pump on which the attackers can launch message eavesdropping and/or therapy manipulation attacks, which may put the patient in a life-threatening situation. Some prior solutions such as certificate-based or token-based schemes need either complicated key management or additional devices. We propose a novel voiceprint-based access control scheme comprising anti-replay speaker verification and voiceprint-based key agreement to secure the channel between the Carelink USB and insulin pump. Our scheme does not need permanent key sharing or additional devices. The anti-replay speaker verification adopts cascaded fusion of speaker verification and anti-replay countermeasure to ensure the insulin pump can be accessed by Carelink USB only after the legitimate user passes the identity verification. The evaluation on ASVspoof 2017 datasets shows that our scheme achieves a 4.02% Equal Error Rate (EER) with the existence of replay impostors. Besides, our scheme uses energy-difference-based voiceprint extraction and secure multi-party computing to generate a common cryptography (temporary) key between the Carelink USB and insulin pump, which can be used to encrypt the subsequent communication, and protect the insulin pump from eavesdropping and therapy manipulation attacks. By appropriately setting the similarity threshold of voiceprints, our key agreement scheme allows the insulin pump to establish a secure channel only with the device in its close proximity. 
    more » « less
  2. USB-based attacks have increased in complexity in recent years. Modern attacks now incorporate a wide range of attack vectors, from social engineering to signal injection. To address these challenges, the security community has responded with a growing set of fragmented defenses. In this work, we survey and categorize USB attacks and defenses, unifying observations from both peer-reviewed research and industry. Our systematization extracts offensive and defensive primitives that operate across layers of communication within the USB ecosystem. Based on our taxonomy, we discover that USB attacks often abuse the trust-by-default nature of the ecosystem, and transcend different layers within a software stack; none of the existing defenses provide a complete solution, and solutions expanding multiple layers are most effective. We then develop the first formal verification of the recently released USB Type- C Authentication specification, and uncover fundamental flaws in the specification's design. Based on the findings from our systematization, we observe that while the spec has successfully pinpointed an urgent need to solve the USB security problem, its flaws render these goals unattainable. We conclude by outlining future research directions to ensure a safer computing experience with USB. 
    more » « less
  3. Universal Serial Bus (USB) ports are a ubiquitous feature in computer systems and offer a cheap and efficient way to provide power and data connectivity between a host and peripheral devices. Even with the rise of cloud and off-site computing, USB has played a major role in enabling data transfer between devices. Its usage is especially prevalent in high-security environments where systems are ‘air-gapped’ and not connected to the Internet. However, recent research has demonstrated that USB is not nearly as secure as once thought, with different attacks showing that modified firmware on USB mass storage devices can compromise a host system. While many defenses have been proposed, they require user interaction, advanced hardware support (incompatible with legacy devices), or utilize device identifiers that can be subverted by an attacker. In this paper, we present Time-Print, a novel timing-based fingerprinting method, for identifying USB mass storage devices. We create a fingerprint by timing a series of read operations from different locations on a drive, as the timing variations are unique enough to identify individual USB devices. Time-Print is low overhead, completely software-based, and does not require any extra or specialized hardware. To validate the efficacy of Time-Print, we examine more than 40 USB flash drives and conduct experiments in multiple authentication scenarios. The experimental results show that Time-Print can (1) identify known/unknown brand/model USB devices with greater than 99.5% accuracy, (2) identify seen/unseen devices of the same brand/model with 95% accuracy, and (3) classify USB devices from the same brand/model with an average accuracy of 98.7%. 
    more » « less
  4. Abstract

    The global cost of diabetes care exceeds $1 trillion each year with more than $327 billion being spent in the United States alone. Despite some of the advances in diabetes care including continuous glucose monitoring systems and insulin pumps, the technology associated with managing diabetes has largely remained unchanged over the past several decades. With the rise of wearable electronics and novel functional materials, the field is well‐poised for the next generation of closed‐loop diabetes care. Wearable glucose sensors implanted within diverse platforms including skin or on‐tooth tattoos, skin‐mounted patches, eyeglasses, contact lenses, fabrics, mouthguards, and pacifiers have enabled noninvasive, unobtrusive, and real‐time analysis of glucose excursions in ambulatory care settings. These wearable glucose sensors can be integrated with implantable drug delivery systems, including an insulin pump, glucose responsive insulin release implant, and islets transplantation, to form self‐regulating closed‐loop systems. This review article encompasses the emerging trends and latest innovations of wearable glucose monitoring and implantable insulin delivery technologies for diabetes management with a focus on their advanced materials and construction. Perspectives on the current unmet challenges of these strategies are also discussed to motivate future technological development toward improved patient care in diabetes management.

     
    more » « less
  5. Use of diabetes technology (CGM, pump) is recommended for people with T1D, and early CGM initiation leads to improved glucose values. We compare %CGM and %pump use and time to initiation from T1D diagnosis in the Historical cohort, 4T Pilot, and 4T Study 1 and the associated workflow changes to increase early technology use. CGM initiation within 30 days of diagnosis increased from 2% in the historical cohort to 92% in Pilot 4T to 98% in 4T Study 1 (Table). Days to pump initiation from TID diagnosis decreased from 272 in the historical cohort to 144 days in Study 1. From 2014-2016 pumps and CGM were initiated when families expressed interest or if the provider discussed them. Families were required to attend a pre-pump class where the CDCES introduced pumps and CGMs prior to starting technology. During the 4T Pilot and 4T Study 1, CGMs were introduced and started during the first month of diagnosis. In Study 1, families were encouraged to attend pump class and initiate AID. The CDCES team does the CGM teach, CGM follow-up, pre-pump classes, and insulin pump starts for the families in preferred language. In 4T Study 2 (enrolling) standard of care is to complete a pre-pump class in the first 3 months after diagnosis. Changes in processes can lead to early implementation of diabetes technology. A structured, team-based process to introduce, reduce barriers, and encourage families to utilize diabetes technology increases early initiation. Disclosure B.P.Conrad: Advisory Panel; Edgepark medical supplies, Consultant; Abbott Diabetes. P.Prahalad: None. D.M.Maahs: Advisory Panel; Medtronic, LifeScan Diabetes Institute, MannKind Corporation, Consultant; Abbott, Research Support; Dexcom, Inc. F.K.Bishop: None. J.Leverenz: None. A.Chmielewski: None. P.Sagan: None. J.Senaldi: None. A.Martinez-singh: None. S.Lin: None. I.Chan: None. Funding National Institute of Diabetes and Digestive and Kidney Diseases (R18DK122422); The Leona M. and Harry B. Helmsley Charitable Trust (G-2002-04251-2); International Society for Pediatric and Adolescent Diabetes/JDRF (1P30DK, 11607401); Lucile Packard Child 
    more » « less