Brave New World—medical devices use biometrics to prevent hack attacks

Ars Technica

August 7, 2012

By Dan Goodin

Computer scientists have proposed a wearable healthcare device that uses unique physiological signatures in a patient's heart rate or other physiological response to prevent tampering by malicious hackers.

A research paper presented on Monday at the 3rd Usenix Workshop of Health Security and Privacy describes a health sensor that measures the unique electrical properties of a patient's body to recognize their identity. A separate paper recently penned by many of the same scientists envisions a similar device that uses heart rates, galvanic skin response, or other physiological data as a shared secret that can be used to securely share encryption keys among sensor nodes attached to the same body.

Over the past decade, there's been an explosion of tiny networked devices that manage a variety of health maladies, from regulating the beating of the human heart to controlling serious diabetic conditions. Allowing the devices to connect wirelessly to computers or other devices saves money and can eliminate the number of invasive surgeries needed to keep them in working order. But it also comes with a catch: researchers have devised proof-of-concept hacks that can disable or sabotage electronic pacemakers or deliver fatal insulin dosages over the air. In the case of wearable devices, it's crucial that they also authenticate the identity of the person who's using it.

"Reliably interpreting data from a body-worn sensor often requires information about who is wearing the sensor as well as the current person's environment, location, current activity, and social context," the authors of the Usenix paper wrote. "Techniques exist for collecting some of this information, but today's body-worn sensors lack the ability to reliably determine who is wearing the device."

They proposed a device that's worn on the wrist like a watch or piece of jewelry. It could automatically and securely connect to peripheral devices that are placed in a pocket, ingested, or implanted.

"That is, without any other action on the part of the users, the devices discover each other's presence, recognize that they are on the same body (and transitively learn from the wrist device whose body), develop shared secrets from which to derive encryption keys, and establish reliable and secure communications."

The wearable device passively recognizes the patient using something called bioimpedance, which is a measure of how the body's tissues respond to a small electrical shock applied to the skin. In theory, each person's reaction is unique, although experiments conducted by the researchers were effective at accurately recognizing people in a household only 90 percent of the time. The devices are designed to provide strong authentication without requiring users to enter long passwords into a tiny interface or carry out other onerous tasks.

In addition to preventing serious hack attacks, the passive authentication system is intended to address other problematic scenarios—two people in the same household accidentally using the wrong device, for example, or a smoker who places his "smoking sensor" on a non-smoking friend to receive incentives for quitting.

The researchers who wrote the Usenix paper include Cory Cornelius, Jacob Sorber, Ronald Peterson, Joe Skinner, Ryan Halter, and David Kotz. All six are in Dartmouth College's Department of Computer Science, Thayer School of Engineering, or Geisel School of Medicine.

Read full article