Robert M. Seepers

Cerebellar control of gait and interlimb coordination

Synaptic and intrinsic processing in Purkinje cells, interneurons and granule cells of the cerebellar cortex have been shown to underlie various relatively simple, single-joint, reflex types of motor learning, including eyeblink conditioning and adaptation of the vestibulo-ocular reflex. However, to what extent these processes contribute to more complex, multi-joint motor behaviors, such as locomotion performance and adaptation during obstacle crossing, is not well understood. Here, we investigated these functions using the Erasmus Ladder in cell-specific mouse mutant lines that suffer from impaired Purkinje cell output (Pcd), Purkinje cell potentiation (L7-Pp2b), molecular layer interneuron output (L7-Δγ2), and granule cell output (α6-Cacna1a). We found that locomotion performance was severely impaired with small steps and long step times in Pcd and L7-Pp2b mice, whereas it was mildly altered in L7-Δγ2 and not significantly affected in α6-Cacna1a mice. Locomotion adaptation triggered by pairing obstacle appearances with preceding tones at fixed time intervals was impaired in all four mouse lines, in that they all showed inaccurate and inconsistent adaptive walking patterns. Furthermore, all mutants exhibited altered front–hind and left–right interlimb coordination during both performance and adaptation, and inconsistent walking stepping patterns while crossing obstacles. Instead, motivation and avoidance behavior were not compromised in any of the mutants during the Erasmus Ladder task. Our findings indicate that cell type-specific abnormalities in cerebellar microcircuitry can translate into pronounced impairments in locomotion performance and adaptation as well as interlimb coordination, highlighting the general role of the cerebellar cortex in spatiotemporal control of complex multi-joint movements.

DeSyRe: On-demand system reliability

The DeSyRe project builds on-demand adaptive and reliable Systems-on-Chips (SoCs). As fabrication technology scales down, chips are becoming less reliable, thereby incurring increased power and performance costs for fault tolerance. To make matters worse, power density is becoming a significant limiting factor in SoC design, in general. In the face of such changes in the technological landscape, current solutions for fault tolerance are expected to introduce excessive overheads in future systems. Moreover, attempting to design and manufacture a totally defect-/fault-free system, would impact heavily, even prohibitively, the design, manufacturing, and testing costs, as well as the system performance and power consumption. In this context, DeSyRe delivers a new generation of systems that are reliable by design at well-balanced power, performance, and design costs. In our attempt to reduce the overheads of fault-tolerance, only a small fraction of the chip is built to be fault-free. This fault-free part is then employed to manage the remaining fault-prone resources of the SoC. The DeSyRe framework is applied to two medical systems with high safety requirements (measured using the IEC 61508 functional safety standard) and tight power and performance constraints.

A system architecture, processor, and communication protocol for secure implants

Secure and energy-efficient communication between Implantable Medical Devices (IMDs) and authorized external users is attracting increasing attention these days. However, there currently exists no systematic approach to the problem, while solutions from neighboring fields, such as wireless sensor networks, are not directly transferable due to the peculiarities of the IMD domain. This work describes an original, efficient solution for secure IMD communication. A new implant system architecture is proposed, where security and main-implant functionality are made completely decoupled by running the tasks onto two separate cores. Wireless communication goes through a custom security ASIP, called SISC (Smart-Implant Security Core), which runs an energy-efficient security protocol. The security core is powered by RF-harvested energy until it performs external-reader authentication, providing an elegant defense mechanism against battery Denial-of-Service (DoS) and other, more common attacks. The system has been evaluated based on a realistic case study involving an artificial pancreas implant. When synthesized for a UMC 90nm CMOS ASIC technology, our system architecture achieves defense against unauthorized accesses having zero energy cost, running entity authentication through harvesting only 7.45μJ of RF energy from the requesting entity. In all other successfully authenticated accesses, our architecture achieves secure data exchange without affecting the performance of the main IMD functionality, adding less than 1‰ (1.3mJ) to the daily energy consumption of a typical implant. Compared to a singe-core, secure reference IMD, which would still be more vulnerable to some types of attacks, our secure system on chip (SoC) achieves high security levels at 56% energy savings and at an area overhead of less than 15%.

Enhancing Heart-Beat-Based Security for mHealth Applications

In heart-beat-based security, a security key is derived from the time difference between consecutive heart beats (the inter-pulse interval, IPI), which may, subsequently, be used to enable secure communication. While heart-beat-based security holds promise in mobile health (mHealth) applications, there currently exists no work that provides a detailed characterization of the delivered security in a real system. In this paper, we evaluate the strength of IPI-based security keys in the context of entity authentication. We investigate several aspects that should be considered in practice, including subjects with reduced heart-rate variability (HRV), different sensor-sampling frequencies, intersensor variability (i.e., how accurate each entity may measure heart beats) as well as average and worst-case-authentication time. Contrary to the current state of the art, our evaluation demonstrates that authentication using multiple, less-entropic keys may actually increase the key strength by reducing the effects of intersensor variability. Moreover, we find that the maximal key strength of a 60-bit key varies between 29.2 bits and only 5.7 bits, depending on the subjects HRV. To improve security, we introduce the inter-multi-pulse interval (ImPI), a novel method of extracting entropy from the heart by considering the time difference between nonconsecutive heart beats. Given the same authentication time, using the ImPI for key generation increases key strength by up to 3.4

Secure key-exchange protocol for implants using heartbeats

\times

Peak misdetection in heart-beat-based security: Characterization and tolerance

(+19.2 bits) for subjects with limited HRV, at the cost of an extended key-generation time of 4.8

Architecture-level fault-tolerance for biomedical implants

\times

Adaptive entity-identifier generation for IMD emergency access

(+45 s).

An implementation of a wavelet-based seizure detection filter suitable for realtime closed-loop epileptic seizure suppression

The cardiac interpulse interval (IPI) has recently been proposed to facilitate key exchange for implantable medical devices (IMDs) using a patients own heartbeats as a source of trust. While this form of key exchange holds promise for IMD security, its feasibility is not fully understood due to the simplified approaches found in related works. For example, previously proposed protocols have been designed without considering the limited randomness available per IPI, or have overlooked aspects pertinent to a realistic system, such as imperfect heartbeat detection or the energy overheads imposed on an IMD. In this paper, we propose a new IPI-based key-exchange protocol and evaluate its use during medical emergencies. Our protocol employs fuzzy commitment to tolerate the expected disparity between IPIs obtained by an external reader and an IMD, as well as a novel way of tackling heartbeat misdetection through IPI classification. Using our protocol, the expected time for securely exchanging an 80-bit key with high probability (1-10−6) is roughly one minute, while consuming only 88 μJ from an IMD.

Attacks on Heartbeat-Based Security Using Remote Photoplethysmography

The Inter-Pulse-Interval (IPI) of heart beats has previously been suggested for security in mobile health (mHealth) applications. In IPI-based security, secure communication is facilitated through a security key derived from the time difference between heart beats. However, there currently exists no work which considers the effect on security of imperfect heart-beat (peak) detection. This is a crucial aspect of IPI-based security and likely to happen in a real system. In this paper, we evaluate the effects of peak misdetection on the security performance of IPI-based security. It is shown that even with a high peak detection rate between 99.9% and 99.0%, a significant drop in security performance may be observed (between -70% and -303%) compared to having perfect peak detection. We show that authenticating using smaller keys yields both stronger keys as well as potentially faster authentication in case of imperfect heart beat detection. Finally, we present an algorithm which tolerates the effect of a single misdetected peak and increases the security performance by up to 155%.