MedMon: Securing medical devices through wireless monitoring and anomaly detection

Meng Zhang, Anand Raghunathan, Niraj Kumar Jha

Research output: Contribution to journalArticle

58 Citations (Scopus)

Abstract

Rapid advances in personal healthcare systems based on implantable and wearable medical devices promise to greatly improve the quality of diagnosis and treatment for a range of medical conditions. However, the increasing programmability and wireless connectivity of medical devices also open up opportunities for malicious attackers. Unfortunately, implantable/wearable medical devices come with extreme size and power constraints, and unique usage models, making it infeasible to simply borrow conventional security solutions such as cryptography. We propose a general framework for securing medical devices based on wireless channel monitoring and anomaly detection. Our proposal is based on a medical security monitor (MedMon) that snoops on all the radio-frequency wireless communications to/from medical devices and uses multi-layered anomaly detection to identify potentially malicious transactions. Upon detection of a malicious transaction, MedMon takes appropriate response actions, which could range from passive (notifying the user) to active (jamming the packets so that they do not reach the medical device). A key benefit of MedMon is that it is applicable to existing medical devices that are in use by patients, with no hardware or software modifications to them. Consequently, it also leads to zero power overheads on these devices. We demonstrate the feasibility of our proposal by developing a prototype implementation for an insulin delivery system using off-the-shelf components (USRP software-defined radio). We evaluate its effectiveness under several attack scenarios. Our results show that MedMon can detect virtually all naive attacks and a large fraction of more sophisticated attacks, suggesting that it is an effective approach to enhancing the security of medical devices.

Original languageEnglish (US)
Article number6507636
JournalIEEE Transactions on Biomedical Circuits and Systems
Volume7
Issue number6
DOIs
StatePublished - Dec 1 2013

Fingerprint

Monitoring
Insulin
Jamming
Cryptography
Hardware
Communication

All Science Journal Classification (ASJC) codes

  • Electrical and Electronic Engineering
  • Biomedical Engineering

Keywords

  • Anomaly detection
  • medical devices
  • monitor
  • personal healthcare systems
  • security
  • wireless

Cite this

@article{e38dd16480d24ee48a83f912fe6f6494,
title = "MedMon: Securing medical devices through wireless monitoring and anomaly detection",
abstract = "Rapid advances in personal healthcare systems based on implantable and wearable medical devices promise to greatly improve the quality of diagnosis and treatment for a range of medical conditions. However, the increasing programmability and wireless connectivity of medical devices also open up opportunities for malicious attackers. Unfortunately, implantable/wearable medical devices come with extreme size and power constraints, and unique usage models, making it infeasible to simply borrow conventional security solutions such as cryptography. We propose a general framework for securing medical devices based on wireless channel monitoring and anomaly detection. Our proposal is based on a medical security monitor (MedMon) that snoops on all the radio-frequency wireless communications to/from medical devices and uses multi-layered anomaly detection to identify potentially malicious transactions. Upon detection of a malicious transaction, MedMon takes appropriate response actions, which could range from passive (notifying the user) to active (jamming the packets so that they do not reach the medical device). A key benefit of MedMon is that it is applicable to existing medical devices that are in use by patients, with no hardware or software modifications to them. Consequently, it also leads to zero power overheads on these devices. We demonstrate the feasibility of our proposal by developing a prototype implementation for an insulin delivery system using off-the-shelf components (USRP software-defined radio). We evaluate its effectiveness under several attack scenarios. Our results show that MedMon can detect virtually all naive attacks and a large fraction of more sophisticated attacks, suggesting that it is an effective approach to enhancing the security of medical devices.",
keywords = "Anomaly detection, medical devices, monitor, personal healthcare systems, security, wireless",
author = "Meng Zhang and Anand Raghunathan and Jha, {Niraj Kumar}",
year = "2013",
month = "12",
day = "1",
doi = "https://doi.org/10.1109/TBCAS.2013.2245664",
language = "English (US)",
volume = "7",
journal = "IEEE Transactions on Biomedical Circuits and Systems",
issn = "1932-4545",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "6",

}

MedMon : Securing medical devices through wireless monitoring and anomaly detection. / Zhang, Meng; Raghunathan, Anand; Jha, Niraj Kumar.

In: IEEE Transactions on Biomedical Circuits and Systems, Vol. 7, No. 6, 6507636, 01.12.2013.

Research output: Contribution to journalArticle

TY - JOUR

T1 - MedMon

T2 - Securing medical devices through wireless monitoring and anomaly detection

AU - Zhang, Meng

AU - Raghunathan, Anand

AU - Jha, Niraj Kumar

PY - 2013/12/1

Y1 - 2013/12/1

N2 - Rapid advances in personal healthcare systems based on implantable and wearable medical devices promise to greatly improve the quality of diagnosis and treatment for a range of medical conditions. However, the increasing programmability and wireless connectivity of medical devices also open up opportunities for malicious attackers. Unfortunately, implantable/wearable medical devices come with extreme size and power constraints, and unique usage models, making it infeasible to simply borrow conventional security solutions such as cryptography. We propose a general framework for securing medical devices based on wireless channel monitoring and anomaly detection. Our proposal is based on a medical security monitor (MedMon) that snoops on all the radio-frequency wireless communications to/from medical devices and uses multi-layered anomaly detection to identify potentially malicious transactions. Upon detection of a malicious transaction, MedMon takes appropriate response actions, which could range from passive (notifying the user) to active (jamming the packets so that they do not reach the medical device). A key benefit of MedMon is that it is applicable to existing medical devices that are in use by patients, with no hardware or software modifications to them. Consequently, it also leads to zero power overheads on these devices. We demonstrate the feasibility of our proposal by developing a prototype implementation for an insulin delivery system using off-the-shelf components (USRP software-defined radio). We evaluate its effectiveness under several attack scenarios. Our results show that MedMon can detect virtually all naive attacks and a large fraction of more sophisticated attacks, suggesting that it is an effective approach to enhancing the security of medical devices.

AB - Rapid advances in personal healthcare systems based on implantable and wearable medical devices promise to greatly improve the quality of diagnosis and treatment for a range of medical conditions. However, the increasing programmability and wireless connectivity of medical devices also open up opportunities for malicious attackers. Unfortunately, implantable/wearable medical devices come with extreme size and power constraints, and unique usage models, making it infeasible to simply borrow conventional security solutions such as cryptography. We propose a general framework for securing medical devices based on wireless channel monitoring and anomaly detection. Our proposal is based on a medical security monitor (MedMon) that snoops on all the radio-frequency wireless communications to/from medical devices and uses multi-layered anomaly detection to identify potentially malicious transactions. Upon detection of a malicious transaction, MedMon takes appropriate response actions, which could range from passive (notifying the user) to active (jamming the packets so that they do not reach the medical device). A key benefit of MedMon is that it is applicable to existing medical devices that are in use by patients, with no hardware or software modifications to them. Consequently, it also leads to zero power overheads on these devices. We demonstrate the feasibility of our proposal by developing a prototype implementation for an insulin delivery system using off-the-shelf components (USRP software-defined radio). We evaluate its effectiveness under several attack scenarios. Our results show that MedMon can detect virtually all naive attacks and a large fraction of more sophisticated attacks, suggesting that it is an effective approach to enhancing the security of medical devices.

KW - Anomaly detection

KW - medical devices

KW - monitor

KW - personal healthcare systems

KW - security

KW - wireless

UR - http://www.scopus.com/inward/record.url?scp=84893849701&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84893849701&partnerID=8YFLogxK

U2 - https://doi.org/10.1109/TBCAS.2013.2245664

DO - https://doi.org/10.1109/TBCAS.2013.2245664

M3 - Article

C2 - 24473551

VL - 7

JO - IEEE Transactions on Biomedical Circuits and Systems

JF - IEEE Transactions on Biomedical Circuits and Systems

SN - 1932-4545

IS - 6

M1 - 6507636

ER -