Nourhene Ellouze

Securing implantable cardiac medical devices: use of radio frequency energy harvesting

Implantable Medical Devices (IMDs) are surgically implanted into a human body to collect physiological data and perform medical therapeutic functions. They are increasingly being used to improve the quality of life of patients by treating chronic ailments such as cardiac arrhythmia, diabetes, and Parkinsons disease. Wireless IMDs have shown recently important security concerns. In particular, it has been stated that lethal attacks can be launched on these devices. In this paper, we propose a solution to secure IMDs against unauthorized access, battery depletion, and denial of service attacks. A Radio Frequency energy harvesting solution is used to design a powerless mutual authentication protocol. A technique for dynamic biometric keys extraction from electrocardiogram signals collected at both sides (the programmer and the IMD) is used, allowing to secure access to the IMD devices in regular and emergency situations.

Digital Investigation of Security Attacks on Cardiac Implantable Medical Devices

A Cardiac Implantable Medical device (IMD) is a device, which is surgically implanted into a patient’s body, and wirelessly configured using an external pr ogrammer by prescribing physicians and doctors. A set of lethal attacks targeting these devices can be conducted due to the use of vulnerable wireless communication and security protocols, and the lack of security protection mechanisms deployed on IMDs. In this paper, we propose a system for postmortem analysis of lethal attack scenarios targeting cardiac IMDs. Such a system reconciles in the same framework conclusions derived by technical investigators and deductions generated by pathologists. An inference system integrating a library of medical rules is used to automatically infer potential medical scenarios that could have led to the death of a patient. A Model Checking based formal technique allowing the reconstruction of potential technical attack scenarios on the IMD, starting from the collected evidence, is also proposed. A correlation between the results obtained by the two techniques allows to prove whether a potential attack scenario is the source of the patient’s death.

A wireless sensor network based water monitoring system

Several water quality monitoring systems were proposed in literature. However, these systems are highly expensive and complex, offer inaccurate pollution positions, and do not perform auto-diagnosis to recover from faults and cope with the characteristics of the monitored environment. In this paper, we propose a novel water quality monitoring platform which combines Wireless Sensor Networks (WSNs) and Radio Frequency Identification (RFID) systems. In fact, the system uses a set of fixed RFID tags that are deployed next to the waterway and a set of mobile sensor nodes which integrate RFID readers. This platform can offer several enhancements in comparison to the existing water monitoring platforms such as: reduced cost, low energy consumption, scalability, system performance monitoring, and tolerance to errors and loss of information.

Security of implantable medical devices: limits, requirements, and proposals

Implantable medical devices (IMDs) are surgically implanted into a human body to collect physiological data and perform medical therapeutic functions. They are increasingly being used to improve the quality of life of patients by treating chronic ailments such as cardiac arrhythmia, diabetes, and Parkinsons disease. However, recent research has demonstrated the deficiency of wireless IMDs in enforcing security and privacy, and discussed the impact of these attacks on the patients safety and efficacy of medical treatments. This paper provides an overview of the main vulnerabilities of IMDs. It also reviews the recent research on IMD security and privacy, and discusses their advantages and limitations. In this paper, we also describe the main requirements for improving security of IMDs and identify and discuss a set of research challenges for designing the next generation of secure wireless IMDs. Copyright

Cardiac Implantable Medical Devices forensics: Postmortem analysis of lethal attacks scenarios

Abstract Cardiac Implantable Medical devices (IMD) are increasingly being used by patients to benefit from their therapeutic and life-saving functions. These medical devices are surgically implanted into patients bodies and wirelessly configured by prescribing physicians and healthcare professionals using external programmers. However, these devices are threatened by a set of lethal attacks, due to the use of vulnerable wireless communication and security protocols, and the lack of security protection mechanisms deployed on IMDs. In this paper, we propose a digital investigation system for the postmortem analysis of lethal attack scenarios on cardiac IMDs. After developing a set of techniques allowing the secure storage of digital evidence logs which track the executed sensitive events, we implement an in-depth security solution allowing the protection of cardiac IMDs. An inference system integrating a library of medical rules is proposed to automatically infer potential medical scenarios that caused the patients death, or that created heart-related emergency situations (through the occurrence of ventricular tachycardia for example). A Model Checking based formal technique to reconstruct potential technical attack scenarios on a cardiac IMD, starting from the collected evidence, is also proposed. The results obtained by the two proposed reasoning techniques (i.e., the inference system and the Model Checking based algorithm) are correlated to prove whether a potential attack scenario is responsible of the occurrence of heart-related emergency situations or the death of a patient. Based on the proposed techniques, we design a decision-support system that reconciles in the same framework the medical and technical investigation aspects.

Powerless security for Cardiac Implantable Medical Devices: Use of Wireless Identification and Sensing Platform

Abstract Implantable Medical Devices are therapeutic devices designed to be surgically implanted into the body of a patient to continuously monitor his/her physiological parameters and automatically execute the suitable therapeutic functions when a chronic disorder is detected. Because of their therapeutic and life-saving benefits, cardiac IMDs, such as Pacemakers and Cardiac Defibrillators, are increasingly being used by patients to treat cardiac arrhythmia. Using an external programmer, cardiac IMDs are wirelessly configured and diagnosed by healthcare professionals. Nevertheless, the use of wireless networks to remotely access to these medical devices has shown important security concerns. In particular, it has been stated that lethal attacks can be launched on these devices. In this paper, we propose a powerless security solution to protect cardiac IMDs against security threats. We firstly identify and classify the main security attacks threatening IMDs, then we extend the IMD architecture by introducing a Radio Frequency Identification (RFID) system. Thanks to the use of a Radio Frequency energy harvesting solution, we design a powerless mutual authentication protocol between the IMD and the programmer allowing the prevention against battery depletion attacks. We also implement a technique for the dynamic biometric keys extraction from electrocardiogram signals collected at both sides (the programmer and the IMD), allowing a secure generation and distribution of master keys between the IMD and the programmer. A discussion about the main properties offered by the proposed solution and a simulation is conducted to evaluate its efficiency in protecting cardiac IMDs.

Energy harvesting based protection of border surveillance systems

Border surveillance is one of the famous mission critical applications of Wireless Sensor Networks (WSNs), whose aim is to monitor country borderlines, detect intruders, and track their trajectories. However, such an application can be threatened by specific types of security attacks affecting its availability, lifespan, and detection accuracy. In this paper, we propose a solution to secure border surveillance WSNs application. After identifying and describing the security attacks specific to such an application, we extend the sensor nodes architecture by introducing a Radio Frequency IDentification (RFID) system, and we design powerless protocols and techniques for mutual authentication and proximity verification between sensor nodes. A simulation is conducted to evaluate the efficiency of the proposed techniques in detecting the identified attacks.