Rice University researchers propose touch-to-access security for implanted devices
Pacemakers, insulin pumps, defibrillators and other implantable medical devices often have wireless capabilities that allow emergency workers to monitor patients. But these devices have a potential downside: They can be hacked.
Researchers at Rice University have come up with a secure way to dramatically cut the risk that an implanted medical device (IMD) could be altered remotely without authorization.
Their technology would use the patient’s own heartbeat as a kind of password that could only be accessed through touch.
Rice electrical and computer engineer Farinaz Koushanfar and graduate student Masoud Rostami will presentHeart-to-Heart, an authentication system for IMDs, at the Association for Computing Machinery’s Conference on Computer and Communications Security in Berlin in November. They developed the technology with Ari Juels, former chief scientist at RSA Laboratories, a security company in Cambridge, Mass.
IMDs generally lack the kind of password security found on a home Wi-Fi router because emergency medical technicians often need quick access to the information the devices store to save a life, Rostami said. But that leaves the IMDs open to attack.
“If you have a device inside your body, a person could walk by, push a button and violate your privacy, even give you a shock,” he said. “He could make (an insulin pump) inject insulin or update the software of your pacemaker. But our proposed solution forces anybody who wants to read the device to touch you.”
The system would require software in the IMD to talk to the “touch” device, called the programmer. When a medical technician touches the patient, the programmer would pick up an electrocardiogram (EKG) signature from the beating heart. The internal and external devices would compare minute details of the EKG and execute a “handshake.” If signals gathered by both at the same instant match, they become the password that grants the external device access.
“The signal from your heartbeat is different every second, so the password is different each time,” Rostami said. “You can’t use it even a minute later.”
He compared the EKG to a chart of a financial stock. “We’re looking at the minutia,” Rostami said. “If you zoom in on a stock, it ticks up and it ticks down every microsecond. Those fine details are the byproduct of a very complex system and they can’t be predicted.”
A human heartbeat is the same, he said. It seems steady, but on closer view every beat has unique characteristics that can be read and matched. “We treat your heart as if it were a random number generator,” he said.
The system could potentially be used with the millions of IMDs already in use, Koushanfar said. “To our knowledge, this is the first fully secure solution that has small overhead and can work with legacy systems,” she said. “Like any device that has wireless access, we can simply update the software.”
The Latest on: Heartbeat biometric
- Heartbeat Based Securityon December 1, 2019 at 12:00 am
The biometric security technology is based on the unique signature of the human heartbeat. The researchers involved are working to develop a wearable device that can be used as an alternative to ...
- Why can't passport biometrics see through my cunning disguise?on November 30, 2019 at 6:25 am
They use biometric facial recognition but, I find ... There's a notorious story here in France from a few years back involving a man having a heart attack at home. An ambulance was called which duly ...
- Ring Fit Adventure review: A bizarre and fun way to sweat with your Switchon November 29, 2019 at 3:27 am
Since this is such an intimate and personal game — it reads your heart rate and guesses how many calories you burn — I should explain a little about how I came to this title. I just turned 35 and ...
- Sony Patent Describes Biometric Controllers for PS5 Consoleon November 27, 2019 at 11:49 am
The patent goes on to note that a controller “may additionally or alternatively be designed to capture biometric readings using sensors in the remote to record data including, for example, skin ...
- AHA News: For Better or For Worse, a Couple's Heart Health Can Overlapon November 26, 2019 at 9:55 am
"We try to make good choices." A new study provides a look at the levels of such similarity between married partners when it comes to their heart health, in hopes of finding ways to lead more people ...
- Another accolade for Village HeartBEATon November 26, 2019 at 6:10 am
Village HeartBEAT was founded to reduce those risk factors ... to kick of a new season. Those biometric numbers are used to identify health concerns as well as to track the program’s effectiveness.
- Sarah Hill sees a future in 'seeing feelings,' and it's a happier placeon November 26, 2019 at 4:05 am
Users of the app can synch their biometric information, like their heart rate or brain waves, through either Apple Watches or EEG headbands to control the various virtual landscapes the platform ...
- Invitae Launches Invitae Discover Research Platform on Apple Watch; First Study on Platform Will Investigate Genetic Causes of Cardiovascular Diseaseon November 23, 2019 at 12:19 am
a clinical research platform that leverages biometric data available through Apple Watch to provide better understanding of the genetic causes of disease. The first study on the platform will evaluate ...
- Lawsuits allege Amazon Web Services illegally stored biometric data obtained by customerson November 22, 2019 at 3:00 pm
The use of biometric identification, such as fingerprint ... You’ll see familiar faces, make new friends and enjoy an evening of conversation, tasty treats and festive cocktails with great music in ...
- Will a smart toilet be the next health technology?on November 21, 2019 at 3:00 am
For example, Apple recently received FDA approval to alert consumers when atrial fibrillation is detected, this is a rapid and irregular heartbeat that increases the risk of stroke and ... The ...
via Google News and Bing News