Krishna K. Venkatasubramanian

Challenges and Research Directions in Medical Cyber–Physical Systems

Medical cyber-physical systems (MCPS) are life-critical, context-aware, networked systems of medical devices. These systems are increasingly used in hospitals to provide high-quality continuous care for patients. The need to design complex MCPS that are both safe and effective has presented numerous challenges, including achieving high assurance in system software, intoperability, context-aware intelligence, autonomy, security and privacy, and device certifiability. In this paper, we discuss these challenges in developing MCPS, some of our work in addressing them, and several open research issues.

Ensuring Safety, Security, and Sustainability of Mission-Critical Cyber–Physical Systems

Cyber-physical systems (CPSs) couple their cyber and physical parts to provide mission-critical services, including automated pervasive health care, smart electricity grid, green cloud computing, and surveillance with unmanned aerial vehicles (UAVs). CPSs can use the information available from the physical environment to provide such ubiquitous, energy-efficient and low-cost functionalities. Their operation needs to ensure three key properties, collectively referred to as S3: 1) safety: avoidance of hazards; 2) security: assurance of integrity, authenticity, and confidentiality of information; and 3) sustainability: maintenance of long-term operation of CPSs using green sources of energy. Ensuring S3 properties in a CPS is a challenging task given the spatio-temporal dynamics of the underlying physical environment. In this paper, the formal underpinnings of recent CPS S3 solutions are aligned together in a theoretical framework for cyber-physical interactions, empowering CPS researchers to systematically design solutions for ensuring safety, security, or sustainability. The general applicability of this framework is demonstrated with various exemplar solutions for S3 in diverse CPS domains. Further, insights are provided on some of the open research problems for ensuring S3 in CPSs.

Security of Autonomous Systems Employing Embedded Computing and Sensors

Embedded computing and sensor systems are increasingly becoming an integral part of todays infrastructure. From jet engines to vending machines, our society relies on embedded computing and sensor systems to support numerous applications seamlessly and reliably. This is especially true with respect to autonomous systems such as unmanned aircraft, unmanned ground vehicles, robotics, medical operations, and industrial automation. However, given societys increasing reliance on embedded computing and sensor systems as well as the applications they support, this introduces a new form of vulnerability into this critical infrastructure that is only now beginning to be recognized as a significant threat with potentially serious consequences. This column presents the latest insights on the technical challenges and opportunities associated with the security of autonomous systems from an embedded computing and sensors perspective.

Body Area Networks: Safety, Security, and Sustainability

Body area networks (BANs) are networks of wireless sensors and medical devices embedded in clothing, worn on or implanted in the body, and have the potential to revolutionize healthcare by enabling pervasive healthcare. However, due to their critical applications affecting human health, challenges arise when designing them to ensure they are safe for the user, sustainable without requiring frequent battery replacements and secure from interference and malicious attacks. This book lays the foundations of how BANs can be redesigned from a cyber-physical systems perspective (CPS) to overcome these issues. Introducing cutting-edge theoretical and practical techniques and taking into account the unique environment-coupled characteristics of BANs, the book examines how we can re-imagine the design of safe, secure and sustainable BANs. It features real-world case studies, suggestions for further investigation and project ideas, making it invaluable for anyone involved in pervasive and mobile healthcare, telemedicine, medical apps and other cyber-physical systems.

Analyzing and defending against web-based malware

Web-based malware is a growing threat to todays Internet security. Attacks of this type are prevalent and lead to serious security consequences. Millions of malicious URLs are used as distribution channels to propagate malware all over the Web. After being infected, victim systems fall in the control of attackers, who can utilize them for various cyber crimes such as stealing credentials, spamming, and distributed denial-of-service attacks. Moreover, it has been observed that traditional security technologies such as firewalls and intrusion detection systems have only limited capability to mitigate this new problem. In this article, we survey the state-of-the-art research regarding the analysis of—and defense against—Web-based malware attacks. First, we study the attack model, the root cause, and the vulnerabilities that enable these attacks. Second, we analyze the status quo of the Web-based malware problem. Third, three categories of defense mechanisms are discussed in detail: (1) building honeypots with virtual machines or signature-based detection system to discover existing threats; (2) using code analysis and testing techniques to identify the vulnerabilities of Web applications; and (3) constructing reputation-based blacklists or smart sandbox systems to protect end-users from attacks. We show that these three categories of approaches form an extensive solution space to the Web-based malware problem. Finally, we compare the surveyed approaches and discuss possible future research directions.

Biomedical devices and systems security

Medical devices have been changing in revolutionary ways in recent years. One is in their form-factor. Increasing miniaturization of medical devices has made them wearable, light-weight, and ubiquitous; they are available for continuous care and not restricted to clinical settings. Further, devices are increasingly becoming connected to external entities through both wired and wireless channels. These two developments have tremendous potential to make healthcare accessible to everyone and reduce costs. However, they also provide increased opportunity for technology savvy criminals to exploit them for fun and profit. Consequently, it is essential to consider medical device security issues. In this paper, we focused on the challenges involved in securing networked medical devices. We provide an overview of a generic networked medical device system model, a comprehensive attack and adversary model, and describe some of the challenges present in building security solutions to manage the attacks. Finally, we provide an overview of two areas of research that we believe will be crucial for making medical device system security solutions more viable in the long run: forensic data logging, and building security assurance cases.

Trust in collaborative web applications

Collaborative functionality is increasingly prevalent in web applications. Such functionality permits individuals to add-and sometimes modify-web content, often with minimal barriers-to-entry. Ideally, large bodies of knowledge can be amassed and shared in this manner. However, such software also provide a medium for nefarious persons to operate. By determining the extent to which participating content/agents can be trusted, one can identify useful contributions. In this work, we define the notion of trust for collaborative web applications and survey the state-of-the-art for calculating, interpreting, and presenting trust values. Though techniques can be applied broadly, Wikipedias archetypal nature makes it a focal point for discussion.

A trust model for vehicular network-based incident reports

Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) networks are ephemeral, short-duration wireless networks designed for improving the overall driving experience through the exchange of multitude information among vehicles and the infrastructure. Real-time incident report is an important application domain that can leverage the advantage of vehicular networks to greatly improve driving safety. However, given the presence of malicious entities, blindly trusting such incident report (even the one received through a cryptographically secure channel) can lead to undesirable consequences. In this paper, we propose an approach to determine the likelihood of the accuracy of V2V incident reports based on the trustworthiness of the report originator and those vehicles that forward it. The proposed approach takes advantage of existing V2I communication facilities deployed and managed by central traffic authorities, which can be used to collect vehicle behavior information in a crowd-sourcing fashion for constructing a more comprehensive view of vehicle trustworthiness. For validating our scheme, we implemented a V2V/V2I trust simulator by extending an existing V2V simulator with trust management capabilities. Preliminary analysis of the model shows promising results. By combining our trust modeling technique with a threshold-based decision strategy, we observed on average 85% accuracy.

PEES: physiology-based end-to-end security for mHealth

Ensuring security of private health data over the communication channel from the sensors to the back-end medical cloud is crucial in a mHealth system. This end-to-end (E2E) security is enabled by distributing cryptographic keys between a sensor and the cloud so that the data can be encrypted and its integrity protected. Further, the key can also be used for mutually authenticating the communication. The distribution of keys is one of the biggest overheads in enabling secure communication and needs to be done is a transparent way that minimizes the cognitive load on the users (patients). Traditional approaches for providing E2E security for mHealth systems are based on asymmetric cryptosystems that require extensive security infrastructure. In this paper, we propose a novel protocol, Physiology-based End-to-End Security (PEES), which provides a secure communication channel between the sensors and the back-end medical cloud in a transparent way. PEES uses: (1) physiological signal features to hide a secret key, and (2) synthetically generated physiological signals from generative models parameterized with patients physiological information, to unhide the key. Moreover, in PEES authentication comes for free since only sensors on the users body has access to physiological features and can therefore gain access to the protected information in the cloud. The analysis of the approach using electrocardiogram (ECG) and phototplethysmogram (PPG) signals and their associated models demonstrate the feasibility of PEES. The protocol is light-weight for sensors and has no pre-deployment or storage requirements and can provide strong and random keys (≈ 90 bits long). We have also started clinical studies to establish its efficacy in practice.

Toward a safe integrated clinical environment: a communication security perspective

With a vision emerging for dynamically composable and interoperable medical devices and information systems, many communication standards have been proposed, and more are in development. However, few include sufficiently comprehensive or flexible security mechanisms to meet current and future safety needs. In this work, we enumerate security requirements for the communication stack of a medical composition framework. We then survey existing medical and non-medical communication standards and find significant gaps between required properties and those that can be fulfilled even by combinations of currently standardized protocols. This paper is meant to inform future work on building such a comprehensive protocol stack or standardizing protocols and protocol suites that satisfy the properties needed for safe and secure next-generation device coordination.