sponsors
USENIX Conference Policies
An Evaluation of ECG use in Cryptography for Implantable Medical Devices and Body Area Networks
Michael Rushanan, Johns Hopkins University; Denis Foo Kune, Daniel E Holcomb, and Colleen M Swanson, University of Michigan
The interpulse interval (IPI), or the time between heartbeats, is a prominent feature of Electrocardiograph (ECG) signals that can be reliably measured anywhere on the body. As such, IPI is a physiological value that has frequently been suggested for use in implantable medical device (IMD) and body area network (BAN) authentication protocols, such as the H2H protocol by Rostami et al. These protocols rely on extracting randomness from IPIs and the assumption that these values cannot be measured without physical contact. In this presentation, we prompt a discussion regarding the security assumptions of these protocols and what can go wrong when these assumptions are not met in practice. In particular, we argue that it is not clear whether the suggested extraction methods, or the way we obtain random bits from ECG signals, reliably produce uniform random bits in real-world settings. In addition, as part of a security analysis of the H2H protocol, we discuss preliminary experimentation to remotely observe ECG signals using known video processing techniques that track involuntary movements of the head and subtle color changes of skin over time.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Michael Rushanan and Denis Foo Kune and Daniel E Holcomb and Colleen M Swanson},
title = {An Evaluation of {ECG} use in Cryptography for Implantable Medical Devices and Body Area Networks},
year = {2014},
address = {San Diego, CA},
publisher = {USENIX Association},
month = aug
}
