Understanding the security of interoperable medical devices using attack graphs

Curtis R. Taylor, Krishna Venkatasubramanian, Craig A. Shue

Research output: Contribution to conferencePaperpeer-review

15 Scopus citations

Abstract

Medical device interoperability is an increasingly prevalent example of how computing and information technology will revolutionize and streamline medical care. The overarching goal of interoperable medical devices (IMDs) is increased safety, usability, decision support, and a decrease in false alarms and clinician cognitive workload. One aspect that has not been considered thus far is ensuring IMDs do not inadvertently harm patients in the presence of malicious adversaries. Security for medical devices has gained some traction in the recent years following some well-publicized attacks on individual devices, such as pacemakers and insulin pumps. This has resulted in solutions being proposed for securing these devices, usually in stand-alone mode. However, the introduction of interoperability makes medical devices increasingly connected and dependent on each other. Therefore, security attacks on IMDs becomes easier to mount in a stealthy manner with potentially devastating consequences. This work outlines our effort in understanding the threats faced by IMDs, an important first step in eventually designing secure interoperability architectures. In this regard, we present: (1) a detailed attack graph-based analysis of threats on a specific interoperability environment based on providing a patient pain medication (PCA), under various levels of interoperability from simple data aggregation to fully closed loop control; (2) a description of the mitigation approaches possible for each of class of attack vectors identified; and (3) lessons learned from this experience which can be leveraged for improving existing IMD architectures from a security point-of-view. Our analysis demonstrates that even if we use provably safe medical systems in an interoperable setting with a safe interoperability engine, the presence of malicious behavior may render the entire setup unsafe for the patients, unless security is explicitly considered.

Original languageEnglish
Pages31-40
Number of pages10
DOIs
StatePublished - 2014
Externally publishedYes
Event2014 3rd ACM International Conference on High Confidence Networked Systems, HiCoNS 2014, Part of CPSWeek 2014 - Berlin, Germany
Duration: Apr 15 2014Apr 17 2014

Conference

Conference2014 3rd ACM International Conference on High Confidence Networked Systems, HiCoNS 2014, Part of CPSWeek 2014
Country/TerritoryGermany
CityBerlin
Period04/15/1404/17/14

Keywords

  • Infusion pump
  • Interoperable medical devices
  • PCA
  • Security

Fingerprint

Dive into the research topics of 'Understanding the security of interoperable medical devices using attack graphs'. Together they form a unique fingerprint.

Cite this