Physical proof-based

protocols for the IoT era:

Securing medical devices case study

Farinaz Koushanfar
Professor and Henry Booker Faculty Scholar
Electrical and Computer Engineering
University of California, San Diego

IoT security challenges

Device form-factors, resources, constraints
Energy supply, Cming, memory
Naturally avoids security/crypto algorithms

Cyber/physical aGack surface

Remote aGacks on the wireless interface, side-channels, and physical aGacks
Physical insecurity -- new, sensor-based vulnerabiliCes

Handling keys, keys, and keys

GeneraCon
Storage
DistribuCon/agreement

Suggested solution path: physical proofs

Sensor-based vulnerabiliCes
Need physical tamper-proong
Sensor/based physical aGestaCon

Keys
Physical unclonability needed for key storage
Key generaCon and distribuCon in transient seMngs by bootstrapping the
physical parameters, e.g., temporal, spaCal relaConships
E.g., locaCon-based proofs, simultaneous access to random transient events, etc.

Case study: Implanted medical devices

Implanted Medical Devices (IMDs) are surgically implanted systems
that monitor physiological condiCons and (usually) apply therapies

Pacemakers
Cardiac debrillators
NeurosCmulators
Drug-delivery devices

25 million people in U.S. alone Ged with IMDs

Medical devices branching into many areas; someday, most people
may have one

Example: Transcranial Direct Current SCmulaCon (tDCS)

Improves cogniCve performance

(May also prevent migraines)

Why do we need to secure IMDs?

IMDs are embedded systems

Microprocessors
BaGeries
Wireless interfaces

Why wireless? In order to

Update rmware, programming

Provide telemetry
Communicate with other IMDs (eventually)

IMD

Programmer

Two big challenges for IMDs

1. IMD access is too easy
2. IMD access is too hard

E.g., PaCent collapses on sidewalk

EMTs arrive and try to read diagnosCcs/reprogram
They cant get access
What did you
say was your
rst pets
name?

IMD

How do we address these conic0ng challenges for

emergency access to IMD[1]?

ostami (Koushanfar) et al. DAC13

Heart-to-Heart (H2H) example: setting and

approach

Two devices:

IMD
Programmer

Access-control policy: Touch-to-access

rotocol in H2H
1. Programmer sensor touches
paCents body
2. IMD reads PV A
3. Programmer reads PV B
4. Devices check that A B

?
A = B

IMD

Programmer

H2H contributions[1][2][3]
StaCsCcal characterizaCon of ECG randomness
Algorithms for opCmally using the randomness

Cryptographic pairing protocol

Lightweight protocol not to burden the IMD

ImplementaCon
End-to-end implementaCon shows it is low power and can be
retroGed by SW updates (no surgery needed!)

[1] Rostami, Juels, Koushanfar, ACM Computer CommunicaBon Security (CCS) 13

[2] Best pracBcal paper, Embedded Systems Week14
[3] Cyber Security Awareness Week (CSAW) Best Applied Security Award

IMD