- How can we protect an IMD without requiring that it be surgically replaced?
- How should an IMD's security and privacy mechanisms fail open—that is, protect the device by default but allow emergency responders to bypass them?
- How can we prevent eavesdroppers from receiving sensitive patient information from an IMD?
- How can we prevent an IMD from obeying commands from unauthorized transmitters?
The secret sauce is friendly jamming, applied judiciously. The IMD Shield takes advantage of the specific properties of medical communications (in the MICS band) to protect IMDs from passive and active adversaries, to fail open when appropriate, and to reduce the risks related to surgical replacement.
On to the paper's details: A shield is a wearable electronic device that acts as a proxy for an IMD's communications. In a future form, the shield might resemble a locket or necklace. It has two antennas inside, designated TX (transmit) and RX+TX (receive and transmit). It listens on a certain set of wireless channels for messages to or from the IMD. When it hears a message destined for the IMD, the shield transmits a random jamming signal that prevents the IMD from receiving the message. Only after authenticating the message's sender does the shield stop jamming. In the other direction, the shield jams every message sent by the IMD to foil eavesdroppers: it transmits a random jamming signal while simultaneously transmitting an antidote signal that cancels the jamming only at the shield's RX+TX antenna. The shield and an authorized IMD programmer (e.g., one in a doctor's clinic, or a bedside monitor) establish an encrypted channel out of band and exchange messages over it.
|Sidebar: Overview of the IMD Shield from a USENIX Security 2011 poster.|
|Sidebar: The IMD Shield's jamming strategy provides information-theoretic security akin to that of a one-time pad. The shield fails open when off or absent. (From a USENIX Security 2011 poster.)|
The shield is currently implemented as a prototype on USRP boards controlled by GNU Radio.
["They Can Hear Your Heartbeats: Non-Invasive Security for Implanted Medical Devices"
by Shyamnath Gollakota, Haitham Hassanieh, Ben Ransford, Dina Katabi and Kevin Fu received the Best Paper Award at ACM SIGCOMM 2011.]