Peak misdetection in heart-beat-based security: Characterization and tolerance

Abstract — The Inter-Pulse-Interval (IPI) of heart beats has previously been suggested for security in mobile health (mHealth) applications. In IPI-based security, secure communi-cation is facilitated through a security key derived from the time difference between heart beats. However, there currently exists no work which considers the effect on security of imperfect heart-beat (peak) detection. This is a crucial aspect of IPI-based security and likely to happen in a real system. In this paper, we evaluate the effects of peak misdetection on the security performance of IPI-based security. It is shown that even with a high peak detection rate between 99.9 % and 99.0%, a significant drop in security performance may be observed (between-70 % and-303%) compared to having perfect peak detection. We show that authenticating using smaller keys yields both stronger keys as well as potentially faster authentication in case of imperfect heart beat detection. Finally, we present an algorithm which tolerates the effect of a single misdetected peak and increases the security performance by up to 155%. I

Adaptive entity-identifier generation for IMD emergency access

Recent work on wireless Implantable Medical Devices (IMDs) has revealed the need for secure communication in order to prevent data theft and implant abuse by malicious attackers. However, security should not be provided at the cost of patient safety and an IMD should, thus, remain accessible during an emergency regardless of device security. In this paper, we present a novel method of providing IMD emergency access, based on generating Entity Identifiers (EI) using the Inter-Pulse Intervals (IPIs) of heartbeats. We evaluate the current state-of-the-art in EI-generation in terms of security and accessibility for healthy subjects with a wide range of heart rates. Subsequently, we present an adaptive EI-generation algorithm which takes the heart rate into account, maintaining an acceptable emergency-mode activation time (between 5-55.4 s) while improving security by up to 3.4x for high heart rates. Finally, we show that activating emergency mode may consume as little as 0.24μJ from the IMD battery

Adaptive entity-identifier generation for IMD emergency access

Recent work on wireless Implantable Medical Devices (IMDs) has revealed the need for secure communication in order to prevent data theft and implant abuse by malicious attackers. However, security should not be provided at the cost of patient safety and an IMD should, thus, remain accessible during an emergency regardless of device security. In this paper, we present a novel method of providing IMD emergency access, based on generating Entity Identifiers (EI) using the Inter-Pulse Intervals (IPIs) of heartbeats. We evaluate the current state-of-the-art in EI-generation in terms of security and accessibility for healthy subjects with a wide range of heart rates. Subsequently, we present an adaptive EI-generation algorithm which takes the heart rate into account, maintaining an acceptable emergency-mode activation time (between 5-55.4 s) while improving security by up to 3.4x for high heart rates. Finally, we show that activating emergency mode may consume as little as 0.24μJ from the IMD battery. Copyright \ua9 2014 ACM