A Low-Power Dual-Factor Authentication Unit for Secure Implantable
  Devices by Maji, Saurav et al.
A Low-Power Dual-Factor Authentication Unit
for Secure Implantable Devices
Saurav Maji1, Utsav Banerjee1, Samuel H. Fuller1,2, Mohamed R. Abdelhamid1,
Phillip M. Nadeau2, Rabia Tugce Yazicigil3, and Anantha P. Chandrakasan1
1 Massachusetts Institute of Technology, Cambridge, MA USA
2 Analog Devices Inc., Boston, MA USA
3 Boston University, Boston, MA USA
Abstract. This paper presents a dual-factor authentication protocol and its low-power implementation for
security of implantable medical devices (IMDs). The protocol incorporates traditional cryptographic first-factor
authentication using Datagram Transport Layer Security – Pre-Shared Key (DTLS-PSK) followed by the user’s
touch-based voluntary second-factor authentication for enhanced security. With a low-power compact always-on
wake-up timer and touch-based wake-up circuitry, our test chip consumes only 735 pW idle state power at 20.15
Hz and 2.5 V. The hardware accelerated dual-factor authentication unit consumes 8 µW at 660 kHz and 0.87
V. Our test chip was coupled with commercial Bluetooth Low Energy (BLE) transceiver, DC-DC converter,
touch sensor and coin cell battery to demonstrate standalone implantable operation and also tested using in-vitro
measurement setup.
Keywords: Dual-factor authentication; Implantable Medical Devices (IMDs); Hardware Security; Cryptography;
Transport Layer Security (TLS); Wake-up oscillator; Touch Detector
1 Introduction
Implantable medical devices (IMDs), such as cardiac defibrillators, pacemakers, cochlear implants, bladder stim-
ulators and pressure sensors, are widely used to improve the quality of lives of patients. Recent advances in
microelectronics and medical technology have enabled Internet-connected IMDs which can be controlled by the
patients/users through external handheld or wearable devices. However, several proof-of-concept attacks have been
demonstrated on such devices by exploiting weaknesses in authentication protocols or their implementations [1].
While such connected implantable devices have the potential to enable many emerging medical applications such as
on-command implantable drug delivery, security concerns pose a threat to their widespread deployment. To address
this challenge, we present a secure low-power IC with sub-nW sleep-state power, energy-efficient cryptographic
acceleration and a novel dual factor authentication mechanism which ensures that the ultimate security of the IMD
lies in the hands of the user.
2 Dual-Factor Authentication Protocol
A typical wireless implantable system (exemplified by on-command drug-delivery system) comprises the following
parties – the user, their IMD and a secure cloud server. The user requires the IMD to perform a desired action
as per their command (e.g. deliver drug with specified dosage). To securely execute this action, the server must
authenticate the IMD and then communicate the drug dosage and associated parameters as set by the physician. The
server performs the following critical functions:
– Authenticate the IMD before the execution of any action.
– Approve legitimate commands by the user, e.g., the server verifies whether the drug dose requested by the user
lies within the prescribed limits set by the physician.
– Maintain a record of transactions between the user and the server, which can be accessed by the physician later
for diagnostic purposes.
ar
X
iv
:2
00
4.
13
70
9v
1 
 [c
s.C
R]
  2
8 A
pr
 20
20
2 Maji et al.
However, the resource-constrained IMD cannot directly communicate with the server. Therefore, a cellphone is
used as a relay between the IMD and the server. The IMD connects with the cellphone using Bluetooth Low Energy
(BLE) and the cellphone is connected to the server through the Internet. To secure the authentication and the
communication scenario, we consider the following threat model:
1. An adversary having control over the cellphone through malware, ransomware or physical possession can force
the IMD to execute malicious actions without the user’s knowledge. Traditional single factor cryptographic-
based authentication protocols are not sufficient to prevent such attacks since the IMD cannot distinguish
whether it has received a command from a legitimate user or an adversary.
2. If the cellphone is also used to wake up the IMD (through the BLE connection), an adversary having control
over the cellphone can also attempt to wake up the system repeatedly and drain its energy, requiring frequent
battery replacement.
As a solution, we propose a dual-factor authentication scheme where cryptographic authentication is supple-
mented with a voluntary response from the user [2]. The voluntary response serves as a guarded action from the user,
that is, it represents consent from the user for executing the desired action without causing much inconvenience to
the user. In our protocol, we have selected a touch-based voluntary response where the user taps on their skin near
the IMD. Since most implants are subcutaneous, they can easily detect the tap-pattern and authenticate using this
second-factor response. Clearly, it is difficult for an adversary to provide correct second-factor response to the IMD
without alerting the user, hence providing higher security guarantees. In addition to second factor authentication,
the human voluntary factor (human touch) is also used for waking up the system. This provides dual benefits of
achieving extremely low-power wake-up as well as protection against energy-drainage attacks.
Fig. 1. Proposed dual-factor authentication protocol to secure internet-connected implantable medical devices (IMDs).
A Low-Power Dual-Factor Authentication Unit for Secure Implantable Devices 3
As shown in Fig. 1, our proposed dual-factor authentication protocol consists of the following steps:
1. The user follows a pre-defined tap pattern (e.g. 4 taps) to wake up the IMD.
2. The IMD, after being woken up, connects with the server through the user’s cellphone acting as a relay.
3. The user enters their credentials through the cellphone and connects to the server.
4. The server performs first factor authentication using Datagram Transport Layer Security – Pre-Shared Key
(DTLS-PSK) [3–5]. The DTLS-PSK protocol provides end-to-end security using only symmetric cryptography
and the handshake involves exchange of only∼ 200 bytes of data, making it ideal for low-power applications [6].
The pre-shared key (PSK), used for authentication, is known only to the IMD and the server, both configured
when the IMD was implanted inside the user.
5. The server sends a text message to the user with a random tap-pattern which acts as a one-time password, and
the same pattern is also sent to the IMD through the DTLS-encrypted channel along with control information.
The user follows this pattern to perform the touch-based second factor response which gets verified by the IMD.
The IMD notifies the server about the authentication result, which the server acknowledges back. The server
also informs the user about the authentication result through another text message.
6. Upon successful authentication of both factors, the IMD executes drug delivery and then goes back to the idle
state.
During every handshake, the DTLS-PSK protocol derives fresh encryption keys from the PSK and additional
randomness obtained from handshake messages [4]. This ensures the use of different keys for each session and thus
avoiding any potential side-channel attacks.
3 System Architecture
Fig. 2 shows our implantable security chip architecture, which consists of three main circuit blocks -– (A) an
always-on wake-up timer, (B) a touch detection circuit to recognize tap patterns for wake-up and second factor
response and (C) an authentication block which performs post-wake-up dual factor authentication. The complete
test system, powered by a battery and a DC-DC converter, consists of an off-chip Bluetooth Low Energy (BLE)
module to handle wireless communications and a force sensitive resistor (FSR) to detect tap patterns, connected to
our test chip through SPI (Serial Peripheral Interface) and touch input pins respectively. As an example, this test
setup can be integrated with an implantable drug-delivery unit to securely authenticate its operation.
3.1 Always-On Wake-Up Timer
The always-on wake-up unit needs to have sub-nW power consumption because of its continuous operation, thus
motivating the need for an energy-efficient timer. The timer must also occupy small area for resource-constrained
IMD. In our design, a gate-leakage based timer is chosen because of its low power consumption. The wide variation
of gate-leakage current with temperature is not a major concern to our design because the temperature inside
human body is well regulated. Also, inaccuracies in timing do not affect operation as its output is only used for
wake-up purposes. Fig. 3 shows the topology of our low-frequency oscillator (Osc-LF) with the following key
design optimizations:
Table 1. Comparison of Core Oscillator with State-of-the-Art Hz-Range Oscillators
Metric [7] [8] [9] This Work
Process (nm) 180 180 65 65
Voltage (V) 0.6 0.6 0.5 0.4 0.85
Freq (CKA) (Hz) 11.11 18 2.8 1.36 10.07
Power (pW) 100 4.2 44.4 0.246 9.59
Energy (pJ/cyc) 9.0 0.23 15.8 0.181 0.952
Area (µm2) 19000 180000 25500 745
4 Maji et al.
Fig. 2. Prototype secure implantable device with system components and details of security chip architecture.
1. The core oscillator topology (marked gray in Fig. 3) comprises two back-to-back identical self-timed stages,
each providing self-resetting logic to the other. The reduction in number of stages leads to reduction in area.
2. Each stage consists of a two-transistor gate-leakage-based differential structure for generating the time constant.
This further removes the need for any external current/voltage references leading to further area savings.
3. The incorporation of stack effect at every node removes short-circuit current and provides power savings.
The core oscillator, when characterised separately, runs at 1.36 Hz with 246 fW power consumption at 0.4 V. As
shown in Table 1, it achieves better power and power-efficiency with significantly lower area as compared to [7], [8]
and [9]. The four-phased clock generated by the core oscillator is further used to double the output frequency at the
node LCLK using an XOR gate. The supply voltage (VDI) is tuned to 0.85 V to obtain LCLK frequency 20.15 Hz
(CKA frequency 10.07 Hz, shown in Table 1) for the IMD operation.
3.2 Touch-Detection Unit
The touch detection circuit, shown in Fig. 4, uses a commercially available Force Sensitive Resistor (FSR) which
changes its resistance in response to applied pressure. The resistance of this sensor, which will also be implanted
under the skin, is compared with an appropriate fixed resistance (2 kΩ) to detect the user’s tap patterns. The
difference in resistance of the pull-down path causes regenerative feedback to produce a rail-to-rail differential
output, thus consuming only dynamic power.
The low-frequency oscillator, the touch detector and the wake-up logic are powered by a 2-transistor version of
the voltage reference from [10] operating from the main supply (VDD). The entire wake-up block consumes sleep
power of 735 pW with Osc-LF running at 20.15 Hz at VDD = 2.5 V, as shown in Fig. 5.
A Low-Power Dual-Factor Authentication Unit for Secure Implantable Devices 5
Fig. 3. Topology and characteristics of the low-frequency oscillator (Osc-LF), with simulation waveform of nodes in OSC
BLOCK #1 (marked above).
Fig. 4. Topology and characteristics of the touch detection circuit.
3.3 Dual-Factor Authentication Unit
Fig. 6 shows the architecture of the dual-factor authentication block which is clocked by a 660 kHz ring oscillator
(Osc-HF) and consists of a cryptographic accelerator, a second factor authentication unit and a control state machine,
all powered by the external DC-DC converter (VDC). The cryptographic accelerator implements the DTLS-PSK
cipher suite with AES-128-GCM for authenticated encryption/decryption and SHA2-256 for hashing. Embedded
software implementations of DTLS typically require 60-80 KB of program memory and 20-30 KB of data memory,
6 Maji et al.
Fig. 5. Characteristics and distribution of components of idle state power.
Fig. 6. Architecture of the authentication module consisting of the DTLS-PSK cryptographic accelerator and the second factor
verification unit.
which pose prohibitively large area overheads. In order to reduce such overheads of DTLS, [11] proposed a full
hardware implementation of DTLS with elliptic curve cryptography (ECC) cipher suites. Although we do not
use any public key cryptography (e.g., ECC), we follow a similar approach for DTLS-PSK by implementing the
entire protocol as an optimized micro-coded state machine requiring only 23k-gate logic and 2.75 KB SRAM, thus
reducing the area requirement by ∼ 3×. Energy consumption of the DTLS-PSK protocol is further minimized by
implementing full data-path AES and SHA round functions in hardware [12], with AES-128-GCM and SHA2-256
consuming 14.1 pJ/bit and 5.3 pJ/bit respectively at VDC = 0.87 V. The second factor authentication unit is a simple
pattern-matching logic which verifies whether the user’s taps match the pattern sent by the server. The system can
also be configured to skip the second factor authentication as a trade-off between security and ease of use.
The DTLS-PSK-based first factor authentication consumes only 8 µW at VDC = 0.87 V, which is two orders of
magnitude lower than a software implementation. The authentication process takes 12 s and 660 ms respectively in
presence and absence of second factor authentication (Fig. 7). Our test chip consumes 5.28 µJ for the first-factor
authentication while operating at SPI speed of 125 kbps.
A Low-Power Dual-Factor Authentication Unit for Secure Implantable Devices 7
Fig. 7. Measured performance of the authentication unit: (left) scaling of power with supply voltage (right) time of execution of
authentication protocol without and with touch-based second factor authentication respectively.
4 Measurement Results
The test chip, shown in Fig. 8, was fabricated in TSMC 65nm low-power CMOS process, and all measurements are
reported at the following supply voltage combination: VDD = 2.5 V and VDC = 0.87 V, with the low-frequency
and high-frequency oscillators operating at 20.15 Hz and 660 kHz respectively. Waveforms of the entire operation
with touch input and other relevant signals are shown in Fig. 9. Power measurements were performed using the
setup shown in Fig. 10. In order to demonstrate in-vitro operation of the IMD, we replicated the subcutaneous
environment by covering our test system with wet paper and placing it underneath a synthetic glove which acts as a
replica of human skin, as shown in Fig. 11.
Fig. 8. Chip micrograph (labelled with key design blocks).
8 Maji et al.
Fig. 9. Waveform of system operation with wake-up, first factor cryptographic authentication and second factor touch-based
authentication and final output.
Fig. 10. Measurement setup showing the test chip (in socket), the FSR-based touch sensor, the BLE module, the DC-DC converter
and all peripheral components integrated into a test board. An Arduino micro-controller platform is used for initial configuration
of the test chip.
A Low-Power Dual-Factor Authentication Unit for Secure Implantable Devices 9
Fig. 11. In-vitro measurement setup (IMD system shown as inset).
Table 2. Comparison with State-of-the-Art Security Processors for Biomedical Applications
Metric [13] [14] [15] This Work
Technology (nm) 180 130 90 65
Voltage (V) 0.7 1.0 0.5 0.87
Operating Frequency 360 Hz 847.5 kHz 25 MHz 660 kHz
Power 1.26 µW 50.4 µW 215 µW a 8 µW b
Area 2.25 mm2 - 1.17 mm2 315 µm2
1st Factor / Data Encryption Authentication Key Ex. / Auth. DTLS-PSK
Cryptographic Auth. (AES) (ECC) (AES, SHA2, ECC) (AES, SHA2)
2nd Factor Auth. No No No Yes
a Calculated from cryptographic computation energy per cycle and operating frequency in [15]
b Includes both computation and oscillator power
We compare the performance of our authentication unit with previous work on secure biomedical processors in
Table 2. Our chip is significantly smaller than [13, 15], and has 1-2 orders of lower power consumption compared
to [14, 15]. Most importantly, ours is the first design to employ dual-factor authentication for security of IMDs.
5 Conclusion
In this work, we demonstrate a low-power dual-factor authentication unit to secure implantable medical devices
(IMDs). Apart from traditional cryptography using the Datagram Transport Layer Security (DTLS) protocol, our
design also employs a touch-based authentication scheme to provide stronger security guarantees. Total power
consumption of the dual-factor authentication is only 8 µW. The touch detector, along with a compact leakage-based
oscillator, are used as the always-on wake-up circuitry with 735 pW idle state power consumption. Through
circuit-level optimizations, energy-efficient architecture and a novel dual-factor authentication mechanism, this
work demonstrates a low-power IC for securing connected biomedical devices of the near future.
Acknowledgment
The authors would like to thank Analog Devices Inc. for funding and TSMC University Shuttle Program for chip
fabrication support.
10 Maji et al.
A revised version of this paper was published in the 2020 IEEE Custom Integrated Circuits Conference (CICC) -
DOI: 10.1109/CICC48029.2020.9075945
References
1. M. Zhang, et. al., “Trustworthiness of Medical Devices and Body Area Networks,” in Proc. IEEE, vol. 102, no. 8, pp.
1174-1188, Aug. 2014.
2. S. Maji, “Energy-Efficient Protocol and Hardware for Security of Implantable Devices,” S.M. Thesis, Massachusetts
Institute of Technology, June 2019.
3. E. Rescorla, “The Transport Layer Security (TLS) Protocol Version 1.3,” IETF RFC 8446, Aug. 2018.
4. P. Eronen, et al., “Pre-Shared Key Ciphersuites for TLS,” IETF RFC, vol. 4279, Dec. 2005.
5. M. Badra, “Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode,” IETF RFC, vol.
5487, Mar. 2009.
6. U. Banerjee, et al., “eeDTLS: Energy-Efficient Datagram Transport Layer Security for the Internet of Things,” IEEE
GLOBECOM, pp. 1-6, Dec. 2017.
7. Y. Lin, et al., “A 150pW program-and-hold timer for ultra-low-power sensor platforms,” in IEEE ISSCC, pp. 326-327, Feb.
2009.
8. P. M. Nadeau, et al., “Ultra Low-Energy Relaxation Oscillator With 230 fJ/cycle Efficiency,” in IEEE J. Solid-State Circuits,
vol. 51, no. 4, pp. 789-799, April. 2016.
9. H. Wang, et al., “A Reference-Free Capacitive-Discharging Oscillator Architecture Consuming 44.4 pW/75.6 nW at 2.8
Hz/6.4 kHz,” in IEEE J. Solid-State Circuits, vol. 51, no. 6, pp. 1423-1435, Jun. 2016.
10. M. Seok, et al., “A Portable 2-Transistor Picowatt Temperature-Compensated Voltage Reference Operating at 0.5 V,” in
IEEE J. Solid-State Circuits, vol. 47, no.10, pp. 2534–2545, Oct. 2012.
11. U. Banerjee, et al., “An Energy-Efficient Reconfigurable DTLS Cryptographic Engine for End-to-End Security in IoT
Applications,” in IEEE ISSCC, pp. 42-44, Feb. 2018.
12. U. Banerjee, et al., “An Energy-Efficient Reconfigurable DTLS Cryptographic Engine for Securing Internet-of-Things
Applications,” in IEEE J. Solid-State Circuits, vol. 54, no. 8, pp. 2339-2352, Aug. 2019.
13. H. Kim, et al., “A Low Power ECG Signal Processor for Ambulatory Arrhythmia Monitoring System,” in IEEE VLSIC, pp.
19-20, Jun. 2010.
14. J. Fan, et. al, “Low-Energy Encryption for Medical Devices: Security Adds an Extra Design Dimension,” in ACM/IEEE
DAC, pp. 1-6, Jun. 2013.
15. S. Hsu, et al., “A Micropower Biomedical Signal Processor for Mobile Healthcare Applications,” in IEEE ASSCC, pp.
301-304, Nov. 2011.
