Physiological Information Leakage: A New Frontier in Health Information Security

Arsalan Mohsen Nia, Susmita Sur-Kolay, Anand Raghunathan, Niraj Kumar Jha

Research output: Contribution to journalReview article

16 Citations (Scopus)

Abstract

Information security has become an important concern in healthcare systems, owing to the increasing prevalence of medical devices and the growing use of wearable and mobile computing platforms for health and lifestyle monitoring. The previous work in the area of health information security has largely focused on attacks on the wireless communication channel of medical devices, or on health data stored in online databases. In this paper, we pursue an entirely different angle to health information security, motivated by the insight that the human body itself is a rich source (acoustic, visual, and electromagnetic) of data. We propose a new class of information security attacks that exploit physiological information leakage, i.e., various forms of information that naturally leak from the human body, to compromise privacy. As an example, we demonstrate attacks that exploit acoustic leakage from the heart and lungs. The medical devices deployed within or on our bodies also add to natural sources of physiological information leakage, thereby increasing opportunities for attackers. Unlike previous attacks on medical devices, which target the wireless communication to/from them, we propose privacy attacks that exploit information leaked by the very operation of these devices. As an example, we demonstrate how the acoustic leakage from an insulin pump can reveal important information about its operation, such as the duration and dosage of insulin injection. Moreover, we show how an adversary can estimate blood pressure (BP) by capturing and processing the electromagnetic radiation of an ambulatory BP monitoring device.

Original languageEnglish (US)
Article number7273876
Pages (from-to)321-334
Number of pages14
JournalIEEE Transactions on Emerging Topics in Computing
Volume4
Issue number3
DOIs
StatePublished - Jan 1 2016

Fingerprint

Security of data
Health
Acoustics
Insulin
Blood pressure
Mobile computing
Monitoring
Electromagnetic waves
Pumps
Communication
Processing

All Science Journal Classification (ASJC) codes

  • Computer Science (miscellaneous)
  • Information Systems
  • Human-Computer Interaction
  • Computer Science Applications

Cite this

Mohsen Nia, Arsalan ; Sur-Kolay, Susmita ; Raghunathan, Anand ; Jha, Niraj Kumar. / Physiological Information Leakage : A New Frontier in Health Information Security. In: IEEE Transactions on Emerging Topics in Computing. 2016 ; Vol. 4, No. 3. pp. 321-334.
@article{35a160c213ec4d80a0b14cb62f251850,
title = "Physiological Information Leakage: A New Frontier in Health Information Security",
abstract = "Information security has become an important concern in healthcare systems, owing to the increasing prevalence of medical devices and the growing use of wearable and mobile computing platforms for health and lifestyle monitoring. The previous work in the area of health information security has largely focused on attacks on the wireless communication channel of medical devices, or on health data stored in online databases. In this paper, we pursue an entirely different angle to health information security, motivated by the insight that the human body itself is a rich source (acoustic, visual, and electromagnetic) of data. We propose a new class of information security attacks that exploit physiological information leakage, i.e., various forms of information that naturally leak from the human body, to compromise privacy. As an example, we demonstrate attacks that exploit acoustic leakage from the heart and lungs. The medical devices deployed within or on our bodies also add to natural sources of physiological information leakage, thereby increasing opportunities for attackers. Unlike previous attacks on medical devices, which target the wireless communication to/from them, we propose privacy attacks that exploit information leaked by the very operation of these devices. As an example, we demonstrate how the acoustic leakage from an insulin pump can reveal important information about its operation, such as the duration and dosage of insulin injection. Moreover, we show how an adversary can estimate blood pressure (BP) by capturing and processing the electromagnetic radiation of an ambulatory BP monitoring device.",
author = "{Mohsen Nia}, Arsalan and Susmita Sur-Kolay and Anand Raghunathan and Jha, {Niraj Kumar}",
year = "2016",
month = "1",
day = "1",
doi = "https://doi.org/10.1109/TETC.2015.2478003",
language = "English (US)",
volume = "4",
pages = "321--334",
journal = "IEEE Transactions on Emerging Topics in Computing",
issn = "2168-6750",
publisher = "IEEE Computer Society",
number = "3",

}

Physiological Information Leakage : A New Frontier in Health Information Security. / Mohsen Nia, Arsalan; Sur-Kolay, Susmita; Raghunathan, Anand; Jha, Niraj Kumar.

In: IEEE Transactions on Emerging Topics in Computing, Vol. 4, No. 3, 7273876, 01.01.2016, p. 321-334.

Research output: Contribution to journalReview article

TY - JOUR

T1 - Physiological Information Leakage

T2 - A New Frontier in Health Information Security

AU - Mohsen Nia, Arsalan

AU - Sur-Kolay, Susmita

AU - Raghunathan, Anand

AU - Jha, Niraj Kumar

PY - 2016/1/1

Y1 - 2016/1/1

N2 - Information security has become an important concern in healthcare systems, owing to the increasing prevalence of medical devices and the growing use of wearable and mobile computing platforms for health and lifestyle monitoring. The previous work in the area of health information security has largely focused on attacks on the wireless communication channel of medical devices, or on health data stored in online databases. In this paper, we pursue an entirely different angle to health information security, motivated by the insight that the human body itself is a rich source (acoustic, visual, and electromagnetic) of data. We propose a new class of information security attacks that exploit physiological information leakage, i.e., various forms of information that naturally leak from the human body, to compromise privacy. As an example, we demonstrate attacks that exploit acoustic leakage from the heart and lungs. The medical devices deployed within or on our bodies also add to natural sources of physiological information leakage, thereby increasing opportunities for attackers. Unlike previous attacks on medical devices, which target the wireless communication to/from them, we propose privacy attacks that exploit information leaked by the very operation of these devices. As an example, we demonstrate how the acoustic leakage from an insulin pump can reveal important information about its operation, such as the duration and dosage of insulin injection. Moreover, we show how an adversary can estimate blood pressure (BP) by capturing and processing the electromagnetic radiation of an ambulatory BP monitoring device.

AB - Information security has become an important concern in healthcare systems, owing to the increasing prevalence of medical devices and the growing use of wearable and mobile computing platforms for health and lifestyle monitoring. The previous work in the area of health information security has largely focused on attacks on the wireless communication channel of medical devices, or on health data stored in online databases. In this paper, we pursue an entirely different angle to health information security, motivated by the insight that the human body itself is a rich source (acoustic, visual, and electromagnetic) of data. We propose a new class of information security attacks that exploit physiological information leakage, i.e., various forms of information that naturally leak from the human body, to compromise privacy. As an example, we demonstrate attacks that exploit acoustic leakage from the heart and lungs. The medical devices deployed within or on our bodies also add to natural sources of physiological information leakage, thereby increasing opportunities for attackers. Unlike previous attacks on medical devices, which target the wireless communication to/from them, we propose privacy attacks that exploit information leaked by the very operation of these devices. As an example, we demonstrate how the acoustic leakage from an insulin pump can reveal important information about its operation, such as the duration and dosage of insulin injection. Moreover, we show how an adversary can estimate blood pressure (BP) by capturing and processing the electromagnetic radiation of an ambulatory BP monitoring device.

UR - http://www.scopus.com/inward/record.url?scp=84986557919&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84986557919&partnerID=8YFLogxK

U2 - https://doi.org/10.1109/TETC.2015.2478003

DO - https://doi.org/10.1109/TETC.2015.2478003

M3 - Review article

VL - 4

SP - 321

EP - 334

JO - IEEE Transactions on Emerging Topics in Computing

JF - IEEE Transactions on Emerging Topics in Computing

SN - 2168-6750

IS - 3

M1 - 7273876

ER -