Rice University researchers propose touch-to-access security for implanted devices
Pacemakers, insulin pumps, defibrillators and other implantable medical devices often have wireless capabilities that allow emergency workers to monitor patients. But these devices have a potential downside: They can be hacked.
Researchers at Rice University have come up with a secure way to dramatically cut the risk that an implanted medical device (IMD) could be altered remotely without authorization.
Their technology would use the patient’s own heartbeat as a kind of password that could only be accessed through touch.
Rice electrical and computer engineer Farinaz Koushanfar and graduate student Masoud Rostami will present Heart-to-Heart, an authentication system for IMDs, at the Association for Computing Machinery’s Conference on Computer and Communications Security in Berlin in November. They developed the technology with Ari Juels, former chief scientist at RSA Laboratories, a security company in Cambridge, Mass.
IMDs generally lack the kind of password security found on a home Wi-Fi router because emergency medical technicians often need quick access to the information the devices store to save a life, Rostami said. But that leaves the IMDs open to attack.
“If you have a device inside your body, a person could walk by, push a button and violate your privacy, even give you a shock,” he said. “He could make (an insulin pump) inject insulin or update the software of your pacemaker. But our proposed solution forces anybody who wants to read the device to touch you.”
The system would require software in the IMD to talk to the “touch” device, called the programmer. When a medical technician touches the patient, the programmer would pick up an electrocardiogram (EKG) signature from the beating heart. The internal and external devices would compare minute details of the EKG and execute a “handshake.” If signals gathered by both at the same instant match, they become the password that grants the external device access.
“The signal from your heartbeat is different every second, so the password is different each time,” Rostami said. “You can’t use it even a minute later.”
He compared the EKG to a chart of a financial stock. “We’re looking at the minutia,” Rostami said. “If you zoom in on a stock, it ticks up and it ticks down every microsecond. Those fine details are the byproduct of a very complex system and they can’t be predicted.”
A human heartbeat is the same, he said. It seems steady, but on closer view every beat has unique characteristics that can be read and matched. “We treat your heart as if it were a random number generator,” he said.
The system could potentially be used with the millions of IMDs already in use, Koushanfar said. “To our knowledge, this is the first fully secure solution that has small overhead and can work with legacy systems,” she said. “Like any device that has wireless access, we can simply update the software.”
The Latest Bing News on:
- Bold statement. See new, modern, 3-level S.F. home on mega-lot listed at $46 millionon July 1, 2021 at 8:24 pm
A newly built modern home in the heart of San Francisco on a rare triple-wide lot — complete with a panoramic views and a 72-foot lap pool — has hit the market at $46 million, the most expensive ...
- Biometric screening company CLEAR closes up nearly 30% in its first day as public companyon July 1, 2021 at 1:27 pm
Biometric screening company CLEAR made its market debut Wednesday on the New York Stock Exchange and is now trading under the ticker symbol “YOU.” ...
- ISTELive 21: Think Before You Click to Protect Student Data, Privacy Expert Tells Educatorson July 1, 2021 at 8:19 am
Teachers could be transmitting student data unknowingly by using voice assistants, biometric scanning, social media and even AR/VR in their classrooms.
- Infineon powers biometric bracelet with gesture recognition, no screenon June 29, 2021 at 11:57 am
Several companies focusing on the development of biometric wearable devices have recently announced new products, partnerships, or investments.
- SmartMetric Announces Breakthrough Anti-spoofing Technology for Its Advanced Fingerprint Biometric Safeguarded Credit and Debit Cardson June 28, 2021 at 11:28 am
SmartMetric has invented a hardware and software solution that detects whether or not the finger being used to activate the card is from an actual person or not. This “liveness detection” ...
- 'Smart Bed' May Detect, Track COVID-19 Symptomson June 28, 2021 at 4:21 am
Smart-bed technology may help predict and track symptoms of COVID-19 and other respiratory infections, new research suggests. Real-world biometric data obtained from a consumer smart-bed platform ...
- Smartwatch Data May Hold Important Clue in Athens Murder Investigationon June 23, 2021 at 1:36 pm
Investigators trying to solve a murder in Athens may have a new lead in the case thanks to biometric data taken from the victim's smartwatch ...
- Flywallet signs investment agreement with TASon June 23, 2021 at 5:28 am
Italy-based Flywallet, a startup offering digital payments through wearable devices with biometric authentication, has signed a reserved investment agreement with Global ...
- A Home Office visa blunder is breaking my hearton June 22, 2021 at 10:01 pm
It sent me a biometric residence permit with the wrong expiry date, and plans for a family reunion are dwindling ...
- Flywallet closes second Seed round to advance biometric wearable platformon June 22, 2021 at 3:40 pm
Seed financing round to bring its biometric wearable platform as a service to market with Global Payment S.p.A. taking a stake.
The Latest Google Headlines on:
The Latest Bing News on:
Contract for the Web
- Guess I'll have to wait for the No. 8 another year: Fernandes congratulates Mata on contract extensionon July 3, 2021 at 11:44 am
Portuguese midfielder Bruno Fernandes has joked that he wants Juan Mata's shirt number -- No. 8 -- and will now have to wait after Mata's contract extension with United was announced. United on ...
- The complicated interplay of agreement on the Trump-appointee-heavy Supreme Courton July 2, 2021 at 11:51 am
The Supreme Court term that ended this week was the first in which three of the sitting justices were appointed by former president Donald Trump. During his 2016 campaign and well into his presidency, ...
- Fresh out of AWS, Teresa Carlson forecasts changing winds for the government cloudon June 29, 2021 at 2:46 pm
With her tenure at AWS in the rear view, Teresa Carlson talks about the future of government cloud contracting and helping grow Splunk.
- Reopening for Direct Contract Programson June 29, 2021 at 1:24 pm
This notice provides information regarding the implementation of the requirement for programs to reopen. The 2020–21 Education Omnibus Budget Trailer Bill (Senate Bill [SB] 98) requires programs ...
- 2021 - Inside The Dark Webon June 29, 2021 at 8:05 am
A short guide on how you can access the hidden sectors of the internet that provide users the anonymity to explore a range of criminal options.
- European Fintech LiquidShare Selects Sextant for Daml, the Blockchain and Smart Contracts Solution Offered by BTPon June 29, 2021 at 3:10 am
European Fintech LiquidShare selects Sextant for Daml, the blockchain and smart contracts solution offered by BTP.
- Be the Hotspot With These No-Contract Prepaid Planson June 28, 2021 at 7:14 am
Straight Talk's no-contract prepaid hotspot plans could let you have your own Wi-Fi connection at 4G LTE speeds anywhere on America's largest and most dependable networks.
- A snapshot of the bipartisan infrastructure agreementon June 24, 2021 at 9:07 pm
President Joe Biden and a bipartisan group of senators have reached an agreement to significantly boost infrastructure spending, though considerable hurdles remain before the blueprint unveiled ...
- Hunter Strategy Awarded Cloud Modernization and Security Contract for VA Medical Centeron June 21, 2021 at 4:52 am
Hunter Strategy, specialists in deploying secure & efficient software solutions into accredited environments, was recently awarded a prime contract with the US Department of Veteran's Affairs (VA), ...
- Chainlink to Offer Free Blockchain Developer Training for Writing Ethereum based Solidity Smart Contracts, Implementing Secure dAppson June 19, 2021 at 3:28 am
As smart contracts continue to gain adoption ... Crowdfund Insider is the leading news and information web site covering the emerging global industry of disruptive finance including investment ...