skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Designing novel proxy-based access control scheme for implantable medical devices
Implantable medical devices (IMDs) are small medical devices implanted within the human body, performing diagnostic, monitoring, and therapeutic functions. Modern IMDs are equipped with a radio transmitter and can communicate with a specialized external programmer device (i.e., IMD programmer) through the wireless channel. IMDs are extremely limited in computation power, storage and battery capacity, hence can only afford lightweight cryptographic operations. This makes IMDs vulnerable to adversarial attacks especially on the wireless interface. In this paper, we propose a novel proxy-based fine-grained access control scheme for IMDs, which can prolong the IMD’s lifetime by delegating the heavy cryptographic computations to a proxy device (e.g., smartphone). Additionally, we use the ciphertext-policy attribute-based encryption (CP-ABE) to enforce fine-grained access control so that only the qualified and/or authorized individuals can access the IMDs. The proposed scheme is implemented on real emulator devices. The experimental results show that the proposed scheme is lightweight and effective.  more » « less
Award ID(s):
1901010
PAR ID:
10499321
Author(s) / Creator(s):
;
Publisher / Repository:
Elsevier
Date Published:
Journal Name:
Computer Standards & Interfaces
Volume:
87
Issue:
C
ISSN:
0920-5489
Page Range / eLocation ID:
103754
Subject(s) / Keyword(s):
Implantable medical device (IMD), Access control, Proxy, Attribute-based encryption.
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, 2021 IEEE/ACM Symposium on Edge Computing (SEC))
    In this paper, we propose Aerogel, a lightweight access control framework to define fine-grained access control policies for Wasm-based, bare-metal IoT devices. Aerogel leverages the security features of Wasm runtime to protect the access and usage of peripherals. We prototype Aerogel on nRF52840 dev board, and the results show that Aerogel only introduces 0.19% to 1.04% overhead. 
    more » « less
  2. ; ; ; ; (, 2018 IEEE 15th International Conference on Mobile Ad-hoc and Sensor Systems)
    Insulin pumps have been widely used by patients with diabetes. Insulin pump systems adopt wireless channels with few cryptographic mechanisms, which makes them vulnerable to many attacks. In this paper, we focus on the wireless channel between Carelink USB and insulin pump on which the attackers can launch message eavesdropping and/or therapy manipulation attacks, which may put the patient in a life-threatening situation. Some prior solutions such as certificate-based or token-based schemes need either complicated key management or additional devices. We propose a novel voiceprint-based access control scheme comprising anti-replay speaker verification and voiceprint-based key agreement to secure the channel between the Carelink USB and insulin pump. Our scheme does not need permanent key sharing or additional devices. The anti-replay speaker verification adopts cascaded fusion of speaker verification and anti-replay countermeasure to ensure the insulin pump can be accessed by Carelink USB only after the legitimate user passes the identity verification. The evaluation on ASVspoof 2017 datasets shows that our scheme achieves a 4.02% Equal Error Rate (EER) with the existence of replay impostors. Besides, our scheme uses energy-difference-based voiceprint extraction and secure multi-party computing to generate a common cryptography (temporary) key between the Carelink USB and insulin pump, which can be used to encrypt the subsequent communication, and protect the insulin pump from eavesdropping and therapy manipulation attacks. By appropriately setting the similarity threshold of voiceprints, our key agreement scheme allows the insulin pump to establish a secure channel only with the device in its close proximity. 
    more » « less
  3. ; ; ; (, Cryptography)
    null (Ed.)
    Direct Memory Access (DMA) is a state-of-the-art technique to optimize the speed of memory access and to efficiently use processing power during data transfers between the main system and a peripheral device. However, this advanced feature opens security vulnerabilities of access compromise and to manipulate the main memory of the victim host machine. The paper outlines a lightweight process that creates resilience against DMA attacks minimal modification to the configuration of the DMA protocol. The proposed scheme performs device identification of the trusted PCIe devices that have DMA capabilities and constructs a database of profiling time to authenticate the trusted devices before they can access the system. The results show that the proposed scheme generates a unique identifier for trusted devices and authenticates the devices. Furthermore, a machine learning–based real-time authentication scheme is proposed that enables runtime authentication and share the results of the time required for training and respective accuracy. 
    more » « less
  4. ; (, IEEE Transactions on Consumer Electronics)
    Designing a low-energy and secure lightweight cryptographic coprocessor is the primary design constraint for modern wireless Implantable Medical Devices (IMDs). The lightweight cryptographic ciphers are the preferred cryptographic solution for low-energy encryption. This article proposes 2-SPGAL, the 2-phase sinusoidal clocking implementation of Symmetric Pass Gate Adiabatic Logic (SPGAL) for IMDs. The proposed 2-SPGAL is energy-efficient and secure against the Correlation Power Analysis (CPA) attack. The proposed 2-SPGAL was evaluated with the integration of synchronous resonant Power Clock Generators (PCGs): (i) 2N2P-PCG, and (ii) 2N-PCG. The case study implementation of one round of PRESENT-80 encryption using 2-SPGAL, with 2N2P-PCG integrated into the design, shows an average of 47.50% of energy saving compared to its CMOS counterpart, over the frequency range of 50 kHz to 250 kHz. The same 2-SPGAL based case study, with 2N-PCG integrated into the design, shows 51.18% of an average energy saving compared to its CMOS counterpart, over 50 kHz to 250 kHz. Further, the 2-SPGAL based PRESENT- 80 one round shows an average energy saving of 16.62% and 28.90% respectively for 2N2P-PCG and 2N-PCG integrated into the design compared to existing 2-phase adiabatic logic called 2- EE-SPFAL. We also subjected PRESENT-80 design of 2-SPGAL and CMOS against CPA attack. The 2-SPGAL, with 2N2P-PCG and 2N-PCG, integrated into one round of PRESENT-80 design protects the encryption key. However, the encryption key was successfully revealed in one round of PRESENT-80 design using CMOS logic. Therefore, the proposed 2-SPGAL logic can be useful to design energy-efficient and CPA resilient Implantable Medical Devices (IMDs). 
    more » « less
  5. ; ; ; ; ; ; (, IEEE Internet of Things Journal)
    null (Ed.)
    Cyber-Physical Systems (CPS) connected in the form of Internet of Things (IoT) are vulnerable to various security threats, due to the infrastructure-less deployment of IoT devices. Device-to-Device (D2D) authentication of these networks ensures the integrity, authenticity, and confidentiality of information in the deployed area. The literature suggests different approaches to address security issues in CPS technologies. However, they are mostly based on centralized techniques or specific system deployments with higher cost of computation and communication. It is therefore necessary to develop an effective scheme that can resolve the security problems in CPS technologies of IoT devices. In this paper, a lightweight Hash-MAC-DSDV (Hash Media Access Control Destination Sequence Distance Vector) routing scheme is proposed to resolve authentication issues in CPS technologies, connected in the form of IoT networks. For this purpose, a CPS of IoT devices (multi-WSNs) is developed from the local-chain and public chain, respectively. The proposed scheme ensures D2D authentication by the Hash-MAC-DSDV mutual scheme, where the MAC addresses of individual devices are registered in the first phase and advertised in the network in the second phase. The proposed scheme allows legitimate devices to modify their routing table and unicast the one-way hash authentication mechanism to transfer their captured data from source towards the destination. Our evaluation results demonstrate that Hash-MAC-DSDV outweighs the existing schemes in terms of attack detection, energy consumption and communication metrics. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email