Transiently Powered Computers

Demand for compact, easily deployable, energy-efficient computers has driven the development of general-purpose transiently powered computers (TPCs) that lack both batteries and wired power, operating exclusively on energy harvested from their surroundings. TPCs\u27 dependence solely on transient, harvested power offers several important design-time benefits. For example, omitting batteries saves board space and weight while obviating the need to make devices physically accessible for maintenance. However, transient power may provide an unpredictable supply of energy that makes operation difficult. A predictable energy supply is a key abstraction underlying most electronic designs. TPCs discard this abstraction in favor of opportunistic computation that takes advantage of available resources. A crucial question is how should a software-controlled computing device operate if it depends completely on external entities for power and other resources? The question poses challenges for computation, communication, storage, and other aspects of TPC design. The main idea of this work is that software techniques can make energy harvesting a practicable form of power supply for electronic devices. Its overarching goal is to facilitate the design and operation of usable TPCs. This thesis poses a set of challenges that are fundamental to TPCs, then pairs these challenges with approaches that use software techniques to address them. To address the challenge of computing steadily on harvested power, it describes Mementos, an energy-aware state-checkpointing system for TPCs. To address the dependence of opportunistic RF-harvesting TPCs on potentially untrustworthy RFID readers, it describes CCCP, a protocol and system for safely outsourcing data storage to RFID readers that may attempt to tamper with data. Additionally, it describes a simulator that facilitates experimentation with the TPC model, and a prototype computational RFID that implements the TPC model. To show that TPCs can improve existing electronic devices, this thesis describes applications of TPCs to implantable medical devices (IMDs), a challenging design space in which some battery-constrained devices completely lack protection against radio-based attacks. TPCs can provide security and privacy benefits to IMDs by, for instance, cryptographically authenticating other devices that want to communicate with the IMD before allowing the IMD to use any of its battery power. This thesis describes a simplified IMD that lacks its own radio, saving precious battery energy and therefore size. The simplified IMD instead depends on an RFID-scale TPC for all of its communication functions. TPCs are a natural area of exploration for future electronic design, given the parallel trends of energy harvesting and miniaturization. This work aims to establish and evaluate basic principles by which TPCs can operate

They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices

Wireless communication has become an intrinsic part of modern implantable medical devices (IMDs). Recent work, however, has demonstrated that wireless connectivity can be exploited to compromise the confidentiality of IMDs' transmitted data or to send unauthorized commands to IMDs---even commands that cause the device to deliver an electric shock to the patient. The key challenge in addressing these attacks stems from the difficulty of modifying or replacing already-implanted IMDs. Thus, in this paper, we explore the feasibility of protecting an implantable device from such attacks without modifying the device itself. We present a physical-layer solution that delegates the security of an IMD to a personal base station called the shield. The shield uses a novel radio design that can act as a jammer-cum-receiver. This design allows it to jam the IMD's messages, preventing others from decoding them while being able to decode them itself. It also allows the shield to jam unauthorized commands---even those that try to alter the shield's own transmissions. We implement our design in a software radio and evaluate it with commercial IMDs. We find that it effectively provides confidentiality for private data and protects the IMD from unauthorized commands.National Science Foundation (U.S.). (Grant number CNS-0831244)National Science Foundation (U.S.). Graduate Research Fellowship ProgramAlfred P. Sloan Foundation. FellowshipUnited States. Dept. of Health and Human Services. Cooperative Agreement (90TR0003/01

Mementos: System support for long-running computation on RFID-scale devices

Abstract Many computing systems include mechanisms designed to defend against sudden catastrophic losses of computational state, but few systems treat such losses as the common case rather than exceptional events. On the other end of the spectrum are transiently powered computing devices such as RFID tags and smart cards; these devices are typically paired with code that must complete its task under tight time constraints before running out of energy. Mementos is a software system that transforms general-purpose programs into interruptible computations that are protected from frequent power losses by automatic, energy-aware state checkpointing. Mementos comprises a collection of optimization passes for the LLVM compiler infrastructure and a linkable library that exercises hardware support for energy measurement while managing state checkpoints stored in nonvolatile memory. We evaluate Mementos against diverse test cases and find that, although it introduces time overhead of up to 60% in our tests versus uninstrumented code executed without power failures, it effectively spreads program execution across zero or more complete losses of power and state. Other contributions of this work include

Arfid: A Reconfigurable Fabric of Input Devices for the Internet of Things

Abstract Low-cost, easily deployable, reconfigurable, movable input devices can enable adaptive workflows in commercial, industrial, and home environments. A key limitation of previous reconfigurable control systems is their high cost or maintenance burden (e.g., battery changes or wiring setup). Our poster presents Arfid, a "fabric" for reconfigurable input devices that connects low-cost, battery-free inputs to arbitrarily specified functions in their surroundings via a buildingwide network of RFID readers. Users can reassign controllers' functions using a simple web interface

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

Background: Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods: We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results: Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions: Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware

Cybersecurity and medical devices: A practical guide for cardiac electrophysiologists

Medical devices increasingly depend on software. While this expands the ability of devices to perform key therapeutic and diagnostic functions, reliance on software inevitably causes exposure to hazards of security vulnerabilities. This article uses a recent high‐profile case example to outline a proactive approach to security awareness that incorporates a scientific, risk‐based analysis of security concerns that supports ongoing discussions with patients about their medical devices.Peer Reviewedhttps://deepblue.lib.umich.edu/bitstream/2027.42/138357/1/pace13102_am.pdfhttps://deepblue.lib.umich.edu/bitstream/2027.42/138357/2/pace13102.pd

WISPCam: A battery-free RFID camera

Abstract—Energy-scavenging devices with general-purpose microcontrollers can support arbitrarily complex sensing tasks in theory, but in practice, energy limitations impose severe constraints on the application space. Richer sensing such as image capture would enable many new applications to take advantage of energy scavenging. Richer sensing faces two key challenges: efficiently retaining the necessary amount of harvested energy, and storing and communicating large units of sensor data. This paper presents the WISPCam, a passive UHF RFID camera tag based on the Wireless Identification and Sensing Platform that overcomes these two challenges to support reliable image capture and transmission while powered by an RFID reader. The WISPCam uses a novel charge-storage scheme designed specifi-cally to match the image sensor’s needs. This scheme optimally balances capacitance and leakage to improve the sensitivity and efficiency of the power harvester. The WISPCam also uses a novel data storage and communication scheme to reliably support the transfer of complete images to an RFID reader application. The WISPCam makes battery-free image capture practical for applications such as mechanical gauge reading and surveillance, both demonstrated in this paper, and opens the door to richer sensing applications on battery-free devices