Security and Interoperable Medical Device Systems, Part 2: Failures, Consequences and Classifications

Interoperable medical devices (IMDs) face threats due to the increased attack surface presented by interoperability and the corresponding infrastructure. Introducing networking and coordination functionalities fundamentally alters medical systems\u27 security properties. Understanding the threats is an important first step in eventually designing security solutions for such systems. Part 2 of this two-part article defines a failure model, or the specific ways in which IMD environments might fail when attacked. An attack-consequences model expresses the combination of failures experienced by IMD environments for each attack vector. This analysis leads to interesting conclusions about regulatory classes of medical devices in IMD environments subject to attacks

Biomedical Devices and Systems Security

Medical devices have been changing in revolutionary ways in recent years. One is in their form-factor. Increasing miniaturization of medical devices has made them wearable, light-weight, and ubiquitous; they are available for continuous care and not restricted to clinical settings. Further, devices are increasingly becoming connected to external entities through both wired and wireless channels. These two developments have tremendous potential to make healthcare accessible to everyone and reduce costs. However, they also provide increased opportunity for technology savvy criminals to exploit them for fun and profit. Consequently, it is essential to consider medical device security issues. In this paper, we focused on the challenges involved in securing networked medical devices. We provide an overview of a generic networked medical device system model, a comprehensive attack and adversary model, and describe some of the challenges present in building security solutions to manage the attacks. Finally, we provide an overview of two areas of research that we believe will be crucial for making medical device system security solutions more viable in the long run: forensic data logging, and building security assurance cases

Identifying Opioid Withdrawal Using Wearable Biosensors

Wearable biosensors can be used to monitor opioid use, a problem of dire societal consequence given the current opioid epidemic in the US. Such surveillance can prompt interventions that promote behavioral change. Prior work has focused on the use of wearable biosensor data to detect opioid use. In this work, we present a method that uses machine learning to identify opioid withdrawal using data collected with a wearable biosensor. Our method involves developing a set of machine-learning classifiers, and then evaluating those classifiers using unseen test data. An analysis of the best performing model (based on the Random Forest algorithm) produced a receiver operating characteristic (ROC) area under the curve (AUC) of 0.9997 using completely unseen test data. Further, the model is able to detect withdrawal with just one minute of biosensor data. These results show the viability of using machine learning for opioid withdrawal detection. To our knowledge, the proposed method for identifying opioid withdrawal in OUD patients is the first of its kind

Functional Alarms for Systems of Interoperable Medical Devices

Alarms are essential for medical systems in order to ensure patient safety during deteriorating clinical situations and inevitable device malfunction. As medical devices are connected together to become interoperable, alarms become crucial part in making them high-assurance, in nature. Traditional alarm systems for interoperable medical devices have been patient-centric. In this paper, we introduce the need for an alarm system that focuses on the correct functionality of the interoperability architecture itself, along with several considerations and design challenges in enabling them

Security and Interoperable Medical Device Systems: Part 1

Interoperable medical devices (IMDs) face threats due to the increased attack surface presented by interoperability and the corresponding infrastructure. Introducing networking and coordination functionalities fundamentally alters medical systems\u27 security properties. Understanding the threats is an important first step in eventually designing security solutions for such systems. Part 1 of this two-part article provides an overview of the IMD environment and the attacks that can be mounted on it

A Trust Model for Vehicular Network-Based Incident Reports

Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) networks are ephemeral, short-duration wireless networks that have the potential to improve the overall driving experience through the exchange of information between vehicles. V2V and V2I networks operate primarily by distributing real-time incident reports regarding potential traffic problems such as traffic jams, accidents, bad roads and so on to other vehicles in their vicinity over a multi-hop network. However, given the presence of malicious entities, blindly trusting such incident reports (even the one received through a cryptographically secure channel) can lead to undesirable consequences. In this paper, we propose an approach to determine the likelihood of the accuracy of V2V incident reports based on the trustworthiness of the report originator and those vehicles that forward it. The proposed approach takes advantage of existing road-side units (RSU) based V2I communication infrastructure deployed and managed by central traffic authorities, which can be used to collect vehicle behavior information in a crowd-sourcedfashion for constructing a more comprehensive view of vehicle trustworthiness. For validating our scheme, we implemented a V2V/V2I trust simulator by extending an existing V2V simulator with trust management capabilities. Preliminary analysis of the model shows promising results. By combining our trust modeling technique with a threshold-based decision strategy, we observed on average 85% accuracy

Trust in Collaborative Web Applications

Collaborative functionality is increasingly prevalent in web applications. Such functionality permits individuals to add - and sometimes modify - web content, often with minimal barriers to entry. Ideally, large bodies of knowledge can be amassed and shared in this manner. However, such software also provide a medium for nefarious persons to operate. By determining the extent to which participating content/agents can be trusted, one can identify useful contributions. In this work, we define the notion of trust for Collaborative Web Applications and survey the state-of-the-art for calculating, interpreting, and presenting trust values. Though techniques can be applied broadly, Wikipedia\u27s archetypal nature makes it a focal point for discussion

Requirement Engineering for Functional Alarm System for Interoperable Medical Devices

This paper addresses the problem of high-assurance operation for medical cyber-physical systems built from interoperable medical devices. Such systems are diferent from most cyber-physical systems due to their plug-and-play nature: they are assembled as needed at a patient\u27s bedside according to a specification that captures the clinical scenario and required device types. We need to ensure that such a system is assembled correctly and operates according to its specification. In this regard, we aim to develop an alarm system that would signal interoperability failures. We study how plug-and-play interoperable medical devices and systems can fail by means of hazard analysis that identify hazardous situations that are unique to interoperable systems. The requirements for the alarm system are formulated as the need to detect these hazardous situations. We instantiate the alarm requirement generation process through a case-study involving an interoperable medical device setup for airway-laser surgery

HMM-Based Characterization of Channel Behavior for Networked Control Systems

We study the problem of characterizing the behavior of lossy and data corrupting communication channels in a networked control setting, where the channel\u27s behavior exhibits temporal correlation. We propose a behavior characterization mechanism based on a hidden Markov model (HMM). The use of a HMM in this regard presents multiple challenges including dealing with incomplete observation sequences (due to data losses and corruptions) and the lack of a priori information about the model complexity (number of states in the model). We address the first challenges by using the plant state information and history of received/applied control inputs to fill in the gaps in the observation sequences, and by enhancing the HMM learning algorithm to deal with missing observations . Further, we adopt two model quality criteria for determining behavior model complexity. The contributions of this paper include: (1) an enhanced learning algorithm for refining the HMM model parameters to handle missing observations, and (2) simultaneous use of two well-defined model quality criteria to determine the model complexity. Simulation results demonstrate over 90\% accuracy in predicting the output of a channel at a given time step, when compared to a traditional HMM based model that requires complete knowledge of the model complexity and observation sequence