Rice University researchers propose touch-to-access security for implanted devices
Pacemakers, insulin pumps, defibrillators and other implantable medical devices often have wireless capabilities that allow emergency workers to monitor patients. But these devices have a potential downside: They can be hacked.
Researchers at Rice University have come up with a secure way to dramatically cut the risk that an implanted medical device (IMD) could be altered remotely without authorization.
Their technology would use the patient’s own heartbeat as a kind of password that could only be accessed through touch.
Rice electrical and computer engineer Farinaz Koushanfar and graduate student Masoud Rostami will presentHeart-to-Heart, an authentication system for IMDs, at the Association for Computing Machinery’s Conference on Computer and Communications Security in Berlin in November. They developed the technology with Ari Juels, former chief scientist at RSA Laboratories, a security company in Cambridge, Mass.
IMDs generally lack the kind of password security found on a home Wi-Fi router because emergency medical technicians often need quick access to the information the devices store to save a life, Rostami said. But that leaves the IMDs open to attack.
“If you have a device inside your body, a person could walk by, push a button and violate your privacy, even give you a shock,” he said. “He could make (an insulin pump) inject insulin or update the software of your pacemaker. But our proposed solution forces anybody who wants to read the device to touch you.”
The system would require software in the IMD to talk to the “touch” device, called the programmer. When a medical technician touches the patient, the programmer would pick up an electrocardiogram (EKG) signature from the beating heart. The internal and external devices would compare minute details of the EKG and execute a “handshake.” If signals gathered by both at the same instant match, they become the password that grants the external device access.
“The signal from your heartbeat is different every second, so the password is different each time,” Rostami said. “You can’t use it even a minute later.”
He compared the EKG to a chart of a financial stock. “We’re looking at the minutia,” Rostami said. “If you zoom in on a stock, it ticks up and it ticks down every microsecond. Those fine details are the byproduct of a very complex system and they can’t be predicted.”
A human heartbeat is the same, he said. It seems steady, but on closer view every beat has unique characteristics that can be read and matched. “We treat your heart as if it were a random number generator,” he said.
The system could potentially be used with the millions of IMDs already in use, Koushanfar said. “To our knowledge, this is the first fully secure solution that has small overhead and can work with legacy systems,” she said. “Like any device that has wireless access, we can simply update the software.”
The Latest on: Heartbeat biometric
- The advertising potential of wearable techon July 18, 2019 at 4:02 pm
“Second … sensor technology integrated into wearables can capture the audience’s emotions through biometric features extraction – most importantly, heart-rate variability – paving the way for ... […]
- Yale, Mayo Clinic to study effect of biometric data on drug development for heart failureon July 17, 2019 at 2:55 pm
Yale University and Rochester, Minn.-based Mayo Clinic are partnering with Bifourmis, a digital therapeutics company, to study the use of patient-measured data to determine effective drug development ... […]
- The Apollo 11 mission as measured by heartbeatson July 17, 2019 at 12:18 pm
In any case, the crew slept well, though the sleep times they reported were consistently less than what their biometric data showed. While sleeping, the astronauts’ heart rates averaged in the 40s, ... […]
- What makes you work harder? Strap on a sensor and find out.on July 16, 2019 at 3:38 pm
The data in these studies is largely being captured with wearable technology, both devices that are on the market and ones developed for research purposes — bands worn on the wrist that track heart ... […]
- The real facial recognition threat: Worry about bad actors getting ahold of the dataon July 15, 2019 at 3:00 am
At the heart of this issue is the reality that you can’t get a new face. The use of biometrics as an authenticator becomes compromised as soon as your data is leaked or breached. If your facial data ... […]
- Brainworks uses smartphone camera and AI to detect your heart rate, breathingon July 13, 2019 at 9:45 am
When your heart beats, there’s a pulse of change ... He said contactless health monitoring will enable health professionals to use biometric data to diagnose conditions that might not surface ... […]
- New South Wales plans major biometrics integration with transport systemon July 11, 2019 at 10:13 am
Biometrics will be part of the payment and access plan ... Entry into buildings, onto planes, at banks, hotels all changes — transport’s at the heart.” NSW is planning to launch driverless vehicle ... […]
- The Pentagon’s New Laser-Based Tool Uses Your Heartbeat to Track Youon July 11, 2019 at 7:00 am
Unlike this classic setup, the Pentagon’s new tech—dubbed Jetson—uses laser doppler vibrometry that detects minute movements on the skin caused by heartbeat. Currently under development by Ideal ... […]
- Risk based screening – driving secure and seamless passenger experience through biometrics, machine learning and AIon July 11, 2019 at 4:02 am
it has become clearer than ever before that biometrics technology will be at the heart of the travel experience of tomorrow. Future Travel Experience Global 2019 (4-6 September, Las Vegas) will ... […]
- NSW looks to biometric payments and Netflix-like public transport subscriptionson July 10, 2019 at 3:56 pm
"Digital identity verifications will eventually be integrated with biometric recognition ... hotels all changes -- transport's at the heart." He said it's just the start of data being captured and ... […]
via Google News and Bing News