Evaluation and Analysis of Security Breaches and Attacks on Medical Devices
With increasing embedded devices connected to the Internet - Internet of Things, security issues will only rise, both on software, hardware and both hardware-software. The medical domain is a critical segment of the IoTs with the advent of Internet connected medical devices and implantable medical devices As medical devices interact more intimately with human beings, security becomes a critical issue. Specific challenges uniquely define the security threats in medical devices viz. crucial resource constraints, device safety, sensitive data protection and emergency access(irrespective of an attack). Security breaches/attacks and mechanisms to mitigate them, in medical devices will have drastic affects on the aforementioned aspects. New attacks are discovered in the research community that target loopholes in medical device design, thus requiring special validation of the entire device design and manufacture cycle.
There is a strong requirement however to study and analyse the attack platform on the medial devices in other words What part of the medical device system are the attackers targeting?. This would provide a direction for channelizing research and industry efforts to prevent them.
Project Plan:
Though there are not many publicly disclosed cases of medical devices attacks, simple cases like detection of vulnerabilities would be a good start for the study as this translated to possible loopholes for future attacks. I plan to study and analyse vulnerabilities in medical devices in greater detail especially what components are vulnerable which may be software, hardware, interface, input-output, wireless communication or cloud systems. In-depth analysis of what further sub-components of these components are vulnerable would be necessary. This study and analysis would give a better perspective of where the possible attack surfaces lie and what should the preventive measure target. As much research has suggested security has to be incorporated from ground-up. Research [1][2][3] has been carried out in this direction but do not delve into the sub-components level and results are oriented only towards a study direction rather than an analysis and test bed for preventive scheme direction which I would like to explore in the ECE506 project. The required raw data for this project will be obtained from the several sources including but not limited to the sources that the references have obtained their data from.
References:
[1] Z. Bliznakov et. al., ”Analysis and Classification of Medical Device Recalls”, IFMBE Proceedings.
[2] Homa Alemzadeh et. al., ”Analysis of Safety-Critical Computer Failure in Medical Devices”, IEEE Computer and Reliability Societies, 2013.
[3] Daniel B. Kramer et. al., ”Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance”, PLoS ONE, 2012.
Do I have to look these up, or can you provide links? Most are in our library databases. So I assume you read them online.
ReplyDelete