Interoperable medical devices: Communication security issues

IEEE Pulse

Volumn 1, Issue 2, 2010, Pages 16-27

  Venkatasubramanian, K K ^a   Gupta, S K S ^b   Jetley, R P ^c   Jones, P L ^c  

^a UNIVERSITY OF PENNSYLVANIA   (United States)

^b ARIZONA STATE UNIVERSITY   (United States)

^c CENTER FOR DEVICES AND RADIOLOGICAL HEALTH   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 81155138997     PISSN: 21542287     EISSN: None     Source Type: Journal    
DOI: 10.1109/MPUL.2010.937905     Document Type: Article

References (40)

1. BodyMedia [Online]. Available: http://www.bodymedia.com/
2. Cybersecurity for networked medical devices containing offthe- shelf (OTS) software [Online]. Available: http://www.fda. gov/cdrh/comp/guidance/1553. html
3. Medical devices "plug-n-play" interoperability program [Online]. Available: http://mdpnp.org/
4. Medtronics Inc. [Online]. Available: http://www.medtronic.com/your- health/bradycardia/device/
5. A. Banerjee, K. Venkatasubramanian, and S. K. S. Gupta, "Challenges of implementing cyber-physical security solutions in body area networks ," in Proc. Int. Conf. Body Area Networks (BodyNets 2009), Apr. 2009, pp. 1-8.
6. G. Bella, Formal Correctness of Security Protocols (Information Security and Cryptography). New York: Springer-Verlag, 2007 .
7. G. Bella and E. Riccobene, "A realistic environment for cryptoprotocol analyses ," in Proc. 5th Int. Workshop Abstract State Machines, 1998, pp. 127-138 .
8. S. Braun, "Usability for medical devices ," in Proc. 2005 IEEE Symp. Product Safety Engineering, Oct. 2005, pp. 16-22 . (Pubitemid 44499834)
9. M. Burrows and R. Needham, "A logic of authentication ," ACM Trans. Comput. Syst., vol. 8, no. 1, pp. 18-36, 1990 .
10. V. Cehlot and E. B. Sloane, "Ensuring patient safety in wireless medical device networks ," Computer, vol. 39, no. 4, pp. 54-60, Apr. 2006 .
11. Z. Chen, S. Guo, K. Zheng, and Y. Yang, "Modeling of man-inthe-middle attack in the wireless networks ," in Proc. Int. Conf. Wireless Communications, Networking and Mobile Computing, 2007 (WiCom'07), Sept. 2007, pp. 2255-2258 .
12. T. Cohen, "Medical and information technologies converge ," IEEE Eng. Med. Biol. Mag., vol. 23, no. 3, pp. 59-65, May-June 2004. (Pubitemid 39078915)
13. R. Corin and A. Saptawijaya, "A logic for constraint-based security protocol analysis ," in Proc. IEEE Symp. Security and Privacy, May 2006, pp. 155-168 . (Pubitemid 44753720)
14. E. Morris, L. Levine, C. Meyers, D. Plakosh, and P. Place, "Systems of systems interoperability ," Carnegie-Mellon Univ., Pittsburgh, PA, CMU/SEI-2004-TR-004 (ESC-TR-2004-004), Apr. 2004 .
15. F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman, "Strand spaces: Why is a security protocol correct? ," in Proc. 17th IEEE Symp. Security and Privacy, 1998, pp. 1-12 .
16. D. F. Ferraiolo, J. F. Barkley, and R. Chandramouli, "Comparing authorization management cost for identity-based and role-based access control ," National Institute of Standards and Technology White Paper, 1999 .
17. S. L. Grimes, "Security: A new clinical engineering paradigm ," IEEE Eng. Med. Biol. Mag., vol. 23, no. 4, pp. 80-82, July-Aug. 2004.
18. S. K. S. Gupta, T. Mukherjee, and K. Venkatasubramanian, "Criticality aware access control model for pervasive applications ," in Proc. 4th IEEE Conf. Pervasive Computing (PerCom), Mar. 2006, pp. 257-261 .
19. D. Halperin, T. Heydt-Benjamin, K. Fu, T. Kohno, and W. Maisel, "Security and privacy for implantable medical devices ," IEEE Pervasive Comput., vol. 7, no. 1, pp. 30-39, 2008 .
20. P. P. Gunn, A. M. Fremont, M. Bottrell, L. R. Shugarman, J. Galegher, and T. Bikson, "The Health Insurance Portability and Accountability Act privacy rule: A practical guide for researchers," Med. Care, vol. 42, no. 4, pp. 321-327.
21. R. Hubert, "Accessibility and usability guidelines for mobile devices in home health monitoring ," SIGACCESS Access. Comput., no. 84, pp. 26-29, Jan. 2006 .
22. J. Zhang, T. R. Johnson, V. L. Patel, D. L. Paigec, and T. Kubose, "Using usability heuristics to evaluate patient safety of medical devices," J. Biomed. Inform., vol. 36, no. 12, pp. 23-30, Feb.- Apr. 2003. (Pubitemid 37206388)
23. R. Jetley, S. P. Iyer, P. L. Jones, and W. Spees, "A formal approach to pre-market review for medical device software ," in Proc. 30th Annu. Int. Computer Software and Applications Conf. (COMPSAC'06), Washington, DC, 2006, pp. 169-177 . (Pubitemid 46661646)
24. R. P. Jetley, P. L. Jones, and P. Anderson, "Static analysis of medical device software using codesonar ," in Proc. 2008 Workshop Static Analysis (SAW'08), 2008, pp. 22-29 .
25. C. Karlof and D. Wagner, "Secure routing in wireless sensor networks: Attacks and countermeasures ," in Proc. IEEE 38th Int. Conf. Communication, May 2003, pp. 113-127 .
26. C. Kuo, M. Luk, R. Negi, and A. Perrig, "Message-in-a-bottle: User-friendly and secure key deployment for sensor nodes ," in Proc. ACM Conf. Embedded Networked Sensor System (SenSys'07), Oct. 2007, pp. 233-246 .
27. X. Li and Q.Wang, "An improvement of authentication test for security protocol analysis ," in Proc. Int. Conf. Computational Intelligence and Security Workshops 2007 (CISW'07), Dec. 2007, pp. 745-748.
28. K. McCarthy, "NONIN Avant 4000 Bluetooth wireless oximetry: Increased safety and accuracy when administering the sixminute walk test ," White Paper, Feb. 2008 .
29. A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography. Boca Raton, FL: CRC, Oct. 1996 .
30. D. Panescu, "Emerging technologies [wireless communication systems for implantable medical devices] ," IEEE Eng. Med. Biol. Mag., vol. 27, no. 2, pp. 96-101, Mar.-Apr. 2008 . (Pubitemid 351374193)
31. A. Perrig, R. Szewczyk, V. Wen, D. Culler, and D. Tygar, "SPINS: Security protocol for sensor networks ," Wireless Netw., vol. 8, no. 5, pp. 521-534, Sept. 2002 .
32. C. D. Schou, J. Frost, and W. V. Maconachy, "Information assurance in biomedical informatics systems ," IEEE Eng. Med. Biol. Mag., vol. 23, no. 1, pp. 110-118, Jan.-Feb. 2004 . (Pubitemid 38667852)
33. N. L. Snee and K. A. McCormick, "The case for integrating public health informatics networks ," IEEE Eng. Med. Biol. Mag., vol. 23, no. 1, pp. 81-88, Jan.-Feb. 2004 . (Pubitemid 38667849)
34. F. Stajano and R. Anderson, "The resurrecting duckling: Security issues for ad-hoc wireless networks ," in Proc. 7th Int. Workshop Security Protocols, 1999, pp. 172-194 .
35. A. Tolk and J. A. Muguria, "The levels of conceptual interoperability model ," in Proc. Simulation Interoperability Workshop, 2003, pp. 1-10 .
36. K. Venkatasubramanian, A. Banerjee, and S. K. S. Gupta, "Plethysmogram- based secure inter-sensor communication in body area networks ," in Proc. IEEE Military Communications Conf., Nov. 2008, pp. 1-7.
37. K. Venkatasubramanian, A. Banerjee, and S. K. S. Gupta, "Pska: Usable and secure key agreement scheme for body area networks ," IEEE Trans. Inform. Technol. Biomed. (Special Issue on Wireless Health), vol. 14, no. 1, pp. 60-68, Jan. 2010 .
38. K. Venkatasubramanian and S. K. S. Gupta, "Physiological value based efficient usable security solutions for body sensor networks ," ACM Trans. Sensor Networks, vol. 6, no. 4, pp. 1-36, 2010 .
39. K. Venkatasubramanian, T. Mukherjee, and S. K. S. Gupta, "Caac- An adaptive and proactive access control approach for emergencies for smart infrastructures ," ACM Trans. Autonom. Adaptive Syst. (Special Issue on Adaptive Security), to be published .
40. S. Zhu, S. Setia, and S. Jajodia, "LEAP+: Efficient security mechanisms for large-scale distributed sensor networks ," ACM Trans. Sensor Networks, vol. 2, no. 4, pp. 500-528, Nov. 2006 . (Pubitemid 46278640)