Abstract
Recent advancements in computing systems and wireless communications have made healthcare systems more efficient than before. Modern healthcare devices can monitor and manage different health conditions of patients automatically without any manual intervention from medical professionals. Additionally, the use of implantable medical devices, body area networks, and Internet of Things technologies in healthcare systems improve the overall patient monitoring and treatment process. However, these systems are complex in software and hardware, and optimizing between security, privacy, and treatment is crucial for healthcare systems because any security or privacy violation can lead to severe effects on patients’ treatments and overall health conditions. Indeed, the healthcare domain is increasingly facing security challenges and threats due to numerous design flaws and the lack of proper security measures in healthcare devices and applications. In this article, we explore various security and privacy threats to healthcare systems and discuss the consequences of these threats. We present a detailed survey of different potential attacks and discuss their impacts. Furthermore, we review the existing security measures proposed for healthcare systems and discuss their limitations. Finally, we conclude the article with future research directions toward securing healthcare systems against common vulnerabilities.
- Alexandros Pantelopoulos and Nikolaos G. Bourbakis. 2010. A survey on wearable sensor-based systems for health monitoring and prognosis.IEEE Transactions on Systems, Man, and Cybernetics, Part C 40, 1 (2010), 1–12.Google Scholar
- Meng Zhang, Anand Raghunathan, and Niraj K. Jha. 2014. Trustworthiness of medical devices and body area networks.Proceedings of the IEEE 102, 8 (2014), 1174–1188.Google Scholar
- Aravind Kailas and Mary Ann Ingram. 2009. Wireless communications technology in telehealth systems. In Proceedings of the 2009 1st International Conference on Wireless Communication, Vehicular Technology, Information Theory, and Aerospace & Electronic Systems Technology.IEEE, Los Alamitos, CA, 926–930.Google Scholar
- Agusti Solanas, Constantinos Patsakis, Mauro Conti, Ioannis S. Vlachos, Victoria Ramos, Francisco Falcone, Octavian Postolache, et al. 2014. Smart health: A context-aware health paradigm within smart cities. IEEE Communications Magazine 52, 8 (2014), 74–81.Google Scholar
Cross Ref
- Abdul Razaque, Fathi Amsaad, Meer Jaro Khan, Salim Hariri, Shujing Chen, Chen Siting, and Xingchen Ji. 2019. Survey: Cybersecurity vulnerabilities, attacks and solutions in the medical domain. IEEE Access 7 (2019), 168774–168797.Google Scholar
Cross Ref
- Amit Kumar Sikder, Giuseppe Petracca, Hidayet Aksu, Trent Jaeger, and A. Selcuk Uluagac. 2018. A survey on sensor-based threats to Internet-of-Things (IoT) devices and applications. arxiv:1802.02041.Google Scholar
- Amit Kumar Sikder, Hidayet Aksu, and A. Selcuk Uluagac. 2019. A context-aware framework for detecting sensor-based threats on smart devices. IEEE Transactions on Mobile Computing 19, 2 (2019), 245–261.Google Scholar
Cross Ref
- Xiaoyu Zhang, Hanjun Jiang, Xinkai Chen, Lingwei Zhang, and Zhihua Wang. 2009. An energy efficient implementation of on-demand MAC protocol in medical Wireless Body Sensor Networks. In Proceedings of the International Symposium on Circuits and Systems. IEEE, Los Alamitos, CA.Google Scholar
- 24x7. 2018. Global Medical Device Market to Grow 4.5%. Retrieved May 25, 2021 from https://www.24x7mag.com/medical-equipment/global-medical-device-market-grow-4-5/Google Scholar
- Jay G. Ronquillo and Diana M. Zuckerman. 2017. Software-related recalls of health information technology and other medical devices: Implications for FDA regulation of digital health. Milbank Quarterly 95, 3 (2017), 535–553.Google Scholar
Cross Ref
- Lisa Vaas. 2013. Doctors disabled wireless in Dick Cheney’s pacemaker to thwart hacking. Naked Security by SOPHOS. Retrieved May 25, 2021 fromhttps://nakedsecurity.sophos.com/2013/10/22/doctors-disabled-wireless-in-dick-cheneys-pacemaker-to-thwart-hacking/Google Scholar
- Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, and William H. Maisel. 2008. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In Proceedings of the IEEE Symposium on Security and Privacy.Google Scholar
- Ahmed Hasnain Jalal, Amit Kumar Sikder, Fahmida Alam, Sharraf Samin, Sharmin S. Rahman, Md Morshed A. Khan, and Masudur R. Siddiquee. Early diagnosis with alternative approaches: Innovation in lung cancer care. Shanghai Chest 5 (2021), 1–14.Google Scholar
- Chunxiao Li, Anand Raghunathan, and Niraj K. Jha. 2011. Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system. In Proceedings of the Conference on e-Health Networking Applications and Services (Healthcom’11). IEEE, Los Alamitos, CA, 150–156.Google Scholar
- D. Benessa, M. Salajegheh, K. Fu, and S. Inoue. 2008. Protecting Global Medical Telemetry Infrastructure. Technical Report. Institute of Information Infrastructure Protection (I3P), Hanover, NH.Google Scholar
- Michael Rushanan, Aviel D. Rubin, Denis Foo Kune, and Colleen M. Swanson. 2014. Sok: Security and privacy in implantable medical devices and body area networks. In Proceedings of the IEEE Symposium on Security and Privacy (SP’14). IEEE, Los Alamitos, CA, 524–539.Google Scholar
- Nourhene Ellouze, Mohamed Allouche, Habib Ben Ahmed, Slim Rekhis, and Noureddine Boudriga. 2014. Security of implantable medical devices: Limits, requirements, and proposals. Security and Communication Networks 7, 12 (2014), 2475–2491.Google Scholar
Cross Ref
- Riham Altawy and Amr M. Youssef. 2016. Security tradeoffs in cyber physical systems: A case study survey on implantable medical devices. IEEE Access 4 (2016), 1.Google Scholar
- Heena Rathore, Amr Mohamed, Abdulla Al-Ali, Xiaojiang Du, and Mohsen Guizani. 2017. A review of security challenges, attacks and resolutions for wireless medical devices. In Proceedings of the 13th International Wireless Communications and Mobile Computing Conference. IEEE, Los Alamitos, CA, 1495–1501.Google Scholar
- Carmen Camara, Pedro Peris-Lopez, and Juan E. Tapiador. 2015. Security and privacy issues in implantable medical devices: A comprehensive survey. Journal of Biomedical Informatics 55 (2015), 272–289.Google Scholar
Digital Library
- Younghyun Kim, Woosuk Lee, Anand Raghunathan, Vijay Raghunathan, and Niraj K. Jha. 2015. Reliability and security of implantable and wearable medical devices. In Implantable Biomedical Microsystems. Elsevier, 167–199.Google Scholar
- Hande Alemdar and Cem Ersoy. 2010. Wireless sensor networks for healthcare: A survey. Computer Networks 54, 15 (2010), 2688–2710.Google Scholar
Digital Library
- D. Stalin David and A. Jeyachandran. 2016. A comprehensive survey of security mechanisms in healthcare applications. In Proceedings of the 2016 IEEE International Conference on Communications and Electronics Systems (ICCES’16).Google Scholar
- Harsh Kupwade Patil and Ravi Seshadri. 2014. Big data security and privacy issues in healthcare. In Proceedings of the 2014 IEEE International Congress on Big Data.Google Scholar
Digital Library
- Adnan Qayyum, Junaid Qadir, Muhammad Bilal, and Ala Al-Fuqaha. 2020. Secure and robust machine learning for healthcare: A survey. arxiv:2001.08103.Google Scholar
- Johannes Sametinger, Jerzy W. Rozenblit, Roman L. Lysecky, and Peter Ott. 2015. Security challenges for medical devices.Communications of the ACM 58, 4 (2015), 74–82.Google Scholar
- Pijush Kanti Dutta Pramanik, Saurabh Pal, and Moutan Mukhopadhyay. 2019. Healthcare big data: A comprehensive overview. In Intelligent Systems for Healthcare Management and Delivery. IGI Global, 72–100.Google Scholar
- Karim Abouelmehdi, Abderrahim Beni-Hessane, and Hayat Khaloufi. 2018. Big healthcare data: Preserving security and privacy. Journal of Big Data 5 (2018), Article 1.Google Scholar
- Hadi Habibzadeh and Tolga Soyata. 2020. Toward uniform smart healthcare ecosystems: A survey on prospects, security, and privacy considerations. In Connected Health in Smart Cities. Springer, 75–112.Google Scholar
- S. M. Riazul Islam, Daehan Kwak, M. D. Humaun Kabir, Mahmud Hossain, and Kyung-Sup Kwak. 2015. The Internet of Things for health care: A comprehensive survey. IEEE Access 3 (2015), 678–708.Google Scholar
- Clemens Scott Kruse, Benjamin Frederick, Taylor Jacobson, and D. Kyle Monticone. 2017. Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care 25, 1 (2017), 1–10.Google Scholar
Cross Ref
- Tehreem Yaqoob, Haider Abbas, and Mohammed Atiquzzaman. 2019. Security vulnerabilities, attacks, countermeasures, and regulations of networked medical devices—A review. IEEE Communications Surveys & Tutorials 21, 4 (2019), 3723–3768.Google Scholar
Digital Library
- Somayeh Nasiri, Farahnaz Sadoughi, Mohammad Hesam Tadayon, and Afsaneh Dehnad. 2019. Security requirements of Internet of Things-based healthcare system: A survey study. Acta Informatica Medica 27, 4 (2019), 253.Google Scholar
- European Commission. 2010. MEDICAL DEVICES: Guidance Document—Classification of Medical Devices. Retrieved May 25, 2021 from https://ec.europa.eu/docsroom/documents/10337/attachments/1/translations/en/renditions/pdf.Google Scholar
- Kenneth A. Townsend, James W. Haslett, Tommy Kwong-Kin Tsang, Mourad N. El-Gamal, and Krzysztof Iniewski. 2005. Recent advances and future trends in low power wireless systems for medical applications. In Proceedings of the IEEE Workshop on System-on-Chip for Real-Time Applications (IWSOC’05).Google Scholar
- Min Chen, Sergio Gonzalez, Athanasios Vasilakos, Huasong Cao, and Victor C. Leung. 2011. Body area networks: A survey. Mobile Networks and Applications 16 (2011), 171–193.Google Scholar
Digital Library
- Gerhard Tröster. 2005. The agenda of wearable healthcare. Yearbook of Medical Informatics 14, 1 (2005), 125–138.Google Scholar
- Zigbee Alliance. n.d. Home Page. Retrieved May 25, 2021 from https://www.zigbee.org/Google Scholar
- Mehmet R. Yuce, Steven W. P. Ng, Naung L. Myo, Chin K. Lee, Jamil Y. Khan, and Wentai Liu. 2007. A MICS band wireless body sensor network. In Proceedings of the 2007 IEEE Wireless Communications and Networking Conference. IEEE, Los Alamitos, CA, 2473–2478.Google Scholar
- Wenyi Liu, A. Selcuk Uluagac, and Raheem Beyah. 2014. MACA: A privacy-preserving multi-factor cloud authentication system utilizing big data. In Proceedings of the Conference on Computer Communications Workshops (INFOCOM WKSHPS’14). IEEE, Los Alamitos, CA, 518–523.Google Scholar
- Steve Hanna, Rolf Rolles, Andrés Molina-Markham, Pongsin Poosankam, Jeremiah Blocki, Kevin Fu, and Dawn Song. 2011. Take two software updates and see me in the morning: The case for software security evaluations of medical devices. In Proceedings of the 2nd USENIX Conference on Health Security and Privacy (HealthSec’11).Google Scholar
- Vinu Moses and Ipeson Korah. 2015. Lack of security of networked medical equipment in radiology. American Journal of Roentgenology 204, 2 (2015), 343–353.Google Scholar
- Abbas Acar, Hidayet Aksu, A. Selcuk Uluagac, and Kemal Akkaya. 2018. WACA: Wearable-assisted continuous authentication. In Proceedings of the 2018 IEEE Security and Privacy Workshops (SPW’18).Google Scholar
- Imprivata. 2018. Getting Authentication—Right Considerations for Medical Device Security. Retrieved May 25, 2021 from https://www.imprivata.com/blog/getting-authentication-right-%E2%80%93-considerations-medical-device-security#: :text=%20Getting%20authentication%20right%20%E2%80%93%20considerations%20for%20medical,One%20of%20the%20largest%20roadblocks%20to...%20More%20.Google Scholar
- Melanie R. Rieback, Bruno Crispo, and Andrew S. Tanenbaum. 2006. Is your cat infected with a computer virus? In Proceedings of the 4th Annual IEEE International Conference on Pervasive Computing and Communications. IEEE, Los Alamitos, CA, 10.Google Scholar
- Kelvin Ly and Yier Jin. 2016. Security studies on wearable fitness trackers. In Proceedings of the 38th Annual International Conference of the IEEE Engineering in Medicine and Biology Society.Google Scholar
- Eric Clausing, Michael Schiefer, Ulf Lösche, and Maik Morgenstern. 2015. Security Evaluation of Nine Fitness Trackers. Independent IT–Security Institute.Google Scholar
- Mahmudur Rahman, Bogdan Carbunar, and Madhusudan Banik. 2013. Fit and vulnerable: Attacks and defenses for a health monitoring device. arxiv:1304.5672.Google Scholar
- Becker’s Clinical Leadership & Infection Control. 2016. Medical Devices at Risk of DoS Attacks—5 Insights. Retrieved May 26, 2021 from https://www.beckersasc.com/asc-quality-infection-control/medical-devices-at-risk-of-denial-of-service-attacks-5-insights.htmlGoogle Scholar
- Sasikanth Avancha, Amit Baxi, and David Kotz. 2012. Privacy in mobile technology for personal healthcare. ACM Computing Surveys 45, 1 (2012), Article 3.Google Scholar
- Ding Ding, Mauro Conti, and Agusti Solanas. 2016. A smart health application and its related privacy issues. In Proceedings of the IEEE SCSP Workshop.Google Scholar
- Linke Guo, Chi Zhang, Jinyuan Sun, and Yuguang Fang. 2014. A privacy-preserving attribute-based authentication system for mobile health networks. IEEE Transactions on Mobile Computing 13, 9 (2014), 1927–1941.Google Scholar
Cross Ref
- Peter Mell, Karen Scarfone, and Sasha Romanosky. 2007. A Complete Guide to the Common Vulnerability Scoring System Version 2.0, Vol. 1. FIRST.Google Scholar
- Taimour Wehbe, Vincent J. Mooney, Abdul Qadir Javaid, and Omer T. Inan. 2017. A novel physiological features-assisted architecture for rapidly distinguishing health problems from hardware Trojan attacks and errors in medical devices. In Proceedings of the 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST’17).Google Scholar
- IEEE Cybersecurity. 2016. WearFit: Security Design Analysis of a Wearable Fitness Tracker. Retrieved May 25, 2021 from https://cybersecurity.ieee.org/blog/2016/02/17/wearfit-security-design-analysis-of-a-wearable-fitness-tracker/Google Scholar
- U.S. Food and Drug Administration. 2016. Postmarket Management of Cybersecurity in Medical Devices Draft Guidance for Industry and Food and Drug Administration Staff. U.S. Food and Drug Administration, Silver Spring, MD.Google Scholar
- Taimour Wehbe, Vincent J. Mooney, Omer T. Inan, and David C. Keezer. 2018. Securing medical devices against hardware trojan attacks through analog-, digital-, and physiological-based signatures. Journal of Hardware and Systems Security 2 (2018), 251–265.Google Scholar
Cross Ref
- Kevin Fu and James Blum. 2014. Controlling for cybersecurity risks of medical device software. Biomedical Instrumentation & Technology 2014 (2014), 38–41.Google Scholar
- Christopher Weaver. 2013. Patients Put at Risk By Computer Viruses. Retrieved May 25, 2021 from https://www.wsj.com/articles/SB10001424127887324188604578543162744943762/Google Scholar
- AAMI. 2018. Orangeworm Cyberattack Group Puts Healthcare Industry in the Crosshairs. Retrieved May 25, 2021 from http://www.aami.org/newsviews/newsdetail.aspx?ItemNumber=6205/Google Scholar
- Guy Martin, Paul Martin, Chris Hankin, Ara Darzi, and James Kinross. 2017. Cybersecurity and healthcare: How safe are we?BMJ 358 (2017), j3179.Google Scholar
- Steve Mansfield-Devine. 2016. Ransomware: Taking businesses hostage. Network Security 2016, 10 (2016), 8–17.Google Scholar
- Broadcom. 2018. 4 Emerging Threats to Healthcare Providers. Retrieved May 25, 2021 from https://www.symantec.com/blogs/expert-perspectives/4-emerging-threats-healthcare-providers/Google Scholar
- Hacker News. 2019. New Zeppelin Ransomware Targeting Tech and Health Companies. Retrieved May 25, 2021 from https://thehackernews.com/2019/12/zeppelin-ransomware-attacks.htmlGoogle Scholar
- 2019. LifeLabs Paid Hackers to Recover Stolen Medical Data of 15 Million Canadians. https://thehackernews.com/2019/12/lifelabs-data-breach.htmlGoogle Scholar
- Health IT Security. 2019. 56% of Health Providers Still Rely on Legacy Windows 7 Systems. Retrieved May 25, 2021 from https://healthitsecurity.com/news/56-of-health-providers-still-rely-on-legacy-windows-7-systems/Google Scholar
- Ivan Martinovic, Doug Davies, Mario Frank, Daniele Perito, Tomas Ros, and Dawn Song. 2012. On the feasibility of side-channel attacks with brain-computer interfaces. In Proceedings of the 2012 USENIX Security Symposium. 143–158.Google Scholar
- Billy Rios and Jonathan Butts. 2017. Security Evaluation of the Implantable Cardiac Device Ecosystem Architecture and Implementation Interdependencies. Retrieved May 25, 2021 from https://www.ledecodeur.ch/wp-content/uploads/2017/05/Pacemaker-Ecosystem-Evaluation.pdfGoogle Scholar
- Jakob Rieck. 2016. Attacks on fitness trackers revisited: A case-study of unfit firmware security. arxiv:1604.03313.Google Scholar
- Dongkwan Kim, Suwan Park, Kibum Choi, and Yongdae Kim. 2015. BurnFit: Analyzing and exploiting wearable devices. In Proceedings of the International Workshop on Information Security Applications. 227–239.Google Scholar
- Jaewoo Shim, K. H. Lim, J. M. Jung, S. J. Cho, M. K. Park, and S. C. Han. 2017. A case study on vulnerability analysis and firmware modification attack for a wearable fitness tracker. IT Convergence Practice 5, 4 (2017), 25–33.Google Scholar
- Jiska Classen, Daniel Wegemer, Paul Patras, Tom Spink, and Matthias Hollick. 2018. Anatomy of a vulnerable fitness tracking system: Dissecting the Fitbit cloud, app, and firmware. In Proceedings of the ACM on Interactive, Mobile, and Ubiquitous Technologies. Article 5.Google Scholar
- Orlando Arias, Jacob Wurm, Khoa Hoang, and Yier Jin. 2015. Privacy and security in Internet of Things and wearable devices. IEEE Transactions on Multi-Scale Computing Systems 1, 2 (2015), 99–109.Google Scholar
Digital Library
- Yinhao Xiao, Yizhen Jia, Xiuzhen Cheng, Jiguo Yu, Zhenkai Liang, and Zhi Tian. 2019. I can see your brain: Investigating home-use electroencephalography system security. IEEE Internet of Things Journal 6, 4 (2019), 6681–6691.Google Scholar
- U.S. Food and Drug Administration. 2018. Most Dangerous Hacked Medical Devices. Retrieved May 25, 2021 from https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htmGoogle Scholar
- CISION. 2019. Vulnerabilities Disclosed by CyberMDX Allow Attackers to Take Over Infusion Pumps. Retrieved May 25, 2021 from https://www.prnewswire.com/il/news-releases/vulnerabilities-disclosed-by-cybermdx-allow-attackers-to-take-over-infusion-pumps-300867517.htmlGoogle Scholar
- Cybersecurity & Infrastructure Security Agency. 2019. GE Aestiva and Aespire Anesthesia Vulnerabilities. Retrieved May 25, 2021 from https://www.us-cert.gov/ics/advisories/icsma-19-190-01/Google Scholar
- Emma McMahon, Ryan Williams, Malaka El, Sagar Samtani, Mark Patton, and Hsinchun Chen. 2017. Assessing medical device vulnerabilities on the Internet of Things. In Proceedings of the International Conference on Intelligence and Security Informatics (ISI’17). IEEE, Los Alamitos, CA, 176–178.Google Scholar
- Cybersecurity & Infrastructure Security Agency. 2019. Change Healthcare McKesson and Horizon Cardiology Vulnerabilities. Retrieved May 25, 2021 from https://www.us-cert.gov/ics/advisories/icsma-19-241-01/Google Scholar
- Cybersecurity & Infrastructure Security Agency. 2020. Medtronic Conexus Radio Frequency Protocol Vulnerabilities. Retrieved May 25, 2021 from https://www.us-cert.gov/ics/advisories/ICSMA-19-080-01/Google Scholar
- Cybersecurity & Infrastructure Security Agency. 2018. Philips iSite/IntelliSpace PACS Vulnerabilities. Retrieved May 25, 2021 from https://www.us-cert.gov/ics/advisories/ICSMA-18-088-01/Google Scholar
- Tom Mahler, Nir Nissim, Erez Shalom, Israel Goldenberg, Guy Hassman, Arnon Makori, Itzik Kochav, Yuval Elovici, and Yuval Shahar. 2018. Know your enemy: Characteristics of cyber-attacks on medical imaging devices. arxiv:1801.05583.Google Scholar
- Talos Intelligence. 2018. Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilities. Retrieved May 25, 2021 from https://blog.talosintelligence.com/2018/04/vulnerability-spotlight-natus.html.Google Scholar
- Christian D’Orazio and Kim-Kwang Raymond Choo. 2015. A generic process to identify vulnerabilities and design weaknesses in iOS healthcare apps. In Proceedings of the 2015 48th Hawaii International Conference on System Sciences. IEEE, Los Alamitos, CA, 5175–5184.Google Scholar
- vpnMentor. 2019. Thousands of Pharmaceutical Records Leaked in Possible HIPAA Violation. Retrieved May 25, 2021 from https://www.vpnmentor.com/blog/report-vascepa-leak/Google Scholar
- UpGuard. 2019. Medical Procedure: How a Misconfigured Storage Bucket Exposed Medical Data. Retrieved May 25, 2021 from https://www.upguard.com/breaches/data-leak-hipaa-medico-s3/Google Scholar
- Renchi Yan, Teng Xu, and Miodrag Potkonjak. 2014. Semantic attacks on wireless medical devices. In Proceedings of the 2014 IEEE SENSORS Conference. IEEE, Los Alamitos, CA.Google Scholar
- Denis Foo Kune, John Backes, Shane S. Clark, Daniel Kramer, Matthew Reynolds, Kevin Fu, Yongdae Kim, and Wenyuan Xu. 2013. Ghost talk: Mitigating EMI signal injection attacks against analog sensors. In In Proceedings of the IEEE Conference on Security and Privacy (SP’13). IEEE, Los Alamitos, CA, 145–159.Google Scholar
- David L. Hayes, Paul J. Wang, Dwight W. Reynolds, N. A. Mark Estes, John L. Griffith, Rebecca A. Steffens, George L. Carlo, Gretchen K. Findlay, and Claudine M. Johnson. 1997. Interference with cardiac pacemakers by cellular telephones. New England Journal of Medicine 336, 21 (1997), 1473–1479.Google Scholar
Cross Ref
- Clemens Jilek, Stylianos Tzeis, Tilko Reents, Heidi-Luise Estner, Stephanie Fichtner, Sonia Ammar, Jinjin Wu, Gabriele Hessling, Isabel Deisenhofer, and Christof Kolb. 2010. Safety of implantable pacemakers and cardioverter defibrillators in the magnetic field of a novel remote magnetic navigation system. Journal of Cardiovascular Electrophysiology 21, 10 (2010), 1136–1141.Google Scholar
Cross Ref
- Youngseok Park, Yunmok Son, Hocheol Shin, Dohyun Kim, and Yongdae Kim. 2016. This ain’t your dose: Sensor spoofing attack on medical infusion pump. In Proceedings of the 10th USENIX Workshop on Offensive Technologies.Google Scholar
- Meng Zhang, Anand Raghunathan, and Niraj K. Jha. 2013. Towards trustworthy medical devices and body area networks. In Proceedings of the 50th Annual Design Automation Conference. 1–6.Google Scholar
- Threat Post. 2011. Blind Attack on Wireless Insulin Pumps Could Deliver Lethal Dose. Retrieved May 25, 2021 from https://threatpost.com/blind-attack-wireless-insulin-pumps-could-deliver-lethal-dose-102711/75808/Google Scholar
- Tod Beardsley. 2016. R7-2016-07: Multiple Vulnerabilities in Animas OneTouch Ping Insulin Pump. Retrieved May 25, 2021 from https://blog.rapid7.com/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump/Google Scholar
- Jenny Knackmuß, Thomas Möller, Wilfried Pommerien, and Reiner Creutzburg. 2015. Security risk of medical devices in IT networks: The case of an infusion pump unit. In Proceedings of the 2015 SPIE Conference. 9411.Google Scholar
- Brian Cusack, Bryce Antony, Gerard Ward, and Shaunak Mody. 2017. Assessment of security vulnerabilities in wearable devices. In Proceedings of the Australian Information Security Management Conference.Google Scholar
- Eduard Marin, Dave Singelée, Flavio D. Garcia, Tom Chothia, Rik Willems, and Bart Preneel. 2016. On the (in)security of the latest generation implantable cardiac defibrillators and how to secure them. In Proceedings of the 32nd Annual Conference on Computer Security Applications. 226.Google Scholar
Digital Library
- Tamara Bonaci, Jeffrey Herron, Charlie Matlack, and Howard Jay Chizeck. 2014. Securing the exocortex: A twenty-first century cybernetics challenge. In Proceedings of the Conference on Norbert Wiener in the 21st Century (21CW’14). IEEE, Los Alamitos, CA, 1–8.Google Scholar
- Tamara Bonaci, Ryan Calo, and Howard Jay Chizeck. 2014. App stores for the brain: Privacy & security in Brain-Computer Interfaces. In Proceedings of the International Symposium on Ethics in Science, Technology, and Engineering. IEEE, Los Alamitos, CA, 1–7.Google Scholar
- Qiaoyang Zhang and Zhiyao Liang. 2017. Security analysis of bluetooth low energy based smart wristbands. In Proceedings of the 2017 2nd International Conference on Frontiers of Sensors Technologies (ICFST’17).Google Scholar
- Younghyun Kim, Woo Suk Lee, Vijay Raghunathan, Niraj K. Jha, and Anand Raghunathan. 2015. Vibration-based secure side channel for medical devices. In Proceedings of the 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC’15). IEEE, Los Alamitos, CA, 1–6.Google Scholar
- Kassem Fawaz, Kyu-Han Kim, and Kang G. Shin. 2016. Protecting privacy of BLE device users. In Proceedings of the 25th USENIX Security Symposium.Google Scholar
- Tzipora Halevi and Nitesh Saxena. 2010. On pairing constrained wireless devices based on secrecy of auxiliary channels: The case of acoustic eavesdropping. In Proceedings of the 17th ACM Conference on Computer and Communications Security.Google Scholar
Digital Library
- Kerolos Lotfy and Matthew L. Hale. 2016. Assessing pairing and data exchange mechanism security in the wearable Internet of Things. In Proceedings of the International Conference on Mobile Services (MS’16). IEEE, Los Alamitos, CA, 25–32.Google Scholar
- Daniel Wood, Noah Apthorpe, and Nick Feamster. 2017. Cleartext data transmissions in consumer IoT medical devices. In Proceedings of the 2017 Workshop on Internet of Things Security and Privacy. 7–12.Google Scholar
- QianQian Li, Ding Ding, and Mauro Conti. 2015. Brain-computer interface applications: Security and privacy challenges. In Proceedings of the 2015 IEEE Conference on Communications and Network Security (CNS’15).Google Scholar
- Jerome Radcliffe. 2011. Hacking medical devices for fun and insulin: Breaking the human SCADA system. In Proceedings of the Black Hat Conference.Google Scholar
- Talon Flynn, George Grispos, William Glisson, and William Mahoney. 2020. Knock! Knock! Who is there? Investigating data leakage from a medical Internet of Things hijacking attack. In Proceedings of the 53rd Hawaii International Conference on System Sciences.Google Scholar
- Benjamin Ransford, Daniel B. Kramer, Denis Foo Kune, Julio Auto de Medeiros, Chen Yan, Wenyuan Xu, Thomas Crawford, and Kevin Fu. 2017. Cybersecurity and medical devices: A practical guide for cardiac electrophysiologists. Pacing and Clinical Electrophysiology 40, 8 (2017), 913–917.Google Scholar
- Hacker News. 2020. A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices. Retrieved May 25, 2021 from https://thehackernews.com/2020/02/hacking-bluetooth-vulnerabilities.htmlGoogle Scholar
- Faisal Alsubaei, Abdullah Abuhussein, and Sajjan Shiva. 2017. Security and privacy in the Internet of Medical Things: Taxonomy and risk assessment. In Proceedings of the 42nd Conference on Local Computer Networks Workshops (LCN Workshops’17). IEEE, Los Alamitos, CA, 112–120.Google Scholar
- Zhiqiang Wang, Pingchuan Ma, Xiaoxiang Zou, and Tao Yang. 2019. Security of medical cyber-physical systems: An empirical study on imaging devices. arxiv:1904.00224.Google Scholar
- Nils Ole Tippenhauer, Luka Malisa, Aanjhan Ranganathan, and Srdjan Capkun. 2013. On limitations of friendly jamming for confidentiality. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP’13). IEEE, Los Alamitos, CA, 160–173.Google Scholar
Digital Library
- Cas Cremers, Kasper B. Rasmussen, Benedikt Schmidt, and Srdjan Capkun. 2012. Distance hijacking attacks on distance bounding protocols. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP’12). IEEE, Los Alamitos, CA, 113–127.Google Scholar
Digital Library
- Vahab Pournaghshband, Majid Sarrafzadeh, and Peter Reiher. 2012. Securing legacy mobile medical devices. In Proceedings of the International Conference on Wireless Mobile Communication and Healthcare. 163–172.Google Scholar
- Xiali Hei, Xiaojiang Du, Shan Lin, Insup Lee, and Oleg Sokolsky. 2014. Patient infusion pattern based access control schemes for wireless insulin pump system. IEEE Transactions on Parallel and Distributed Systems 26, 11 (2014), 3108–3121.Google Scholar
Digital Library
- Jagmohan Chauhan, Suranga Seneviratne, Mohamed Ali Kaafar, Anirban Mahanti, and Aruna Seneviratne. 2016. Characterization of early smartwatch apps. In Proceedings of the International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops’16). IEEE, Los Alamitos, CA.Google Scholar
- Nicola Paoletti, Zhihao Jiang, Md Ariful Islam, Houssam Abbas, Rahul Mangharam, Shan Lin, Zachary Gruber, and Scott A. Smolka. 2019. Synthesizing stealthy reprogramming attacks on cardiac devices. In Proceedings of the 10th International Conference on Cyber-Physical Systems. IEEE, Los Alamitos, CA.Google Scholar
- A. K. M. Iqtidar Newaz, Amit Kumar Sikder, Leonardo Babun, and A. Selcuk Uluagac. 2020. Heka: A novel intrusion detection system for attacks to personal medical devices. In Proceedings of the 2020 IEEE Conference on Communications and Network Security (CNS’20). IEEE, Los Alamitos, CA, 1–9.Google Scholar
- David R. Raymond, Randy C. Marchany, Michael I. Brownfield, and Scott F. Midkiff. 2009. Effects of denial-of-sleep attacks on wireless sensor network MAC protocols. IEEE Transactions on Vehicular Technology 58, 1 (2009), 367–380.Google Scholar
Cross Ref
- Xiali Hei and Xiaojiang Du. 2013. Security for Wireless Implantable Medical Devices. Springer.Google Scholar
- Seyedmostafa Saf. and Zarina Shuk.2014. Improving Google glass security and privacy by changing the software structure. Life Science Journal 11, 5 (2014), 109–117.Google Scholar
- Mohammad Tehranipoor and Farinaz Koushanfar. 2010. A survey of hardware Trojan taxonomy and detection. IEEE Design & Test of Computers 27, 1 (2010), 10–25.Google Scholar
Digital Library
- Becker’s Health IT. 2019. Patient Medical Records Sell for $1K on Dark Web. Retrieved May 25, 2021 from https://www.beckershospitalreview.com/cybersecurity/patient-medical-records-sell-for-1k-on-dark-web.htmlGoogle Scholar
- Tony F. Wu, Karthik Ganesan, Yunqing Alexander Hu, H.-S. Philip Wong, S. Simon Wong, and Subhasish Mitra. 2016. TPAD: Hardware Trojan prevention and detection for trusted integrated circuits.IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 35, 4 (2016), 521–534.Google Scholar
- Julien Francq and Florian Frick. 2015. Introduction to hardware Trojan detection methods. In Proceedings of the Automation & Test in Europe Conference.Google Scholar
- Charles Herder, Meng-Day Yu, Farinaz Koushan., and Srinivas Dev.2014. Physical unclonable functions and applications: A tutorial. Proceedings of the IEEE 102, 8 (2014), 1126–1141.Google Scholar
Cross Ref
- Najwa Aaraj, Anand Raghunathan, and Niraj K. Jha. 2008. Analysis and design of a hardware/software trusted platform module for embedded systems. ACM Transactions on Embedded Computing Systems 8, 1 (2008), 8.Google Scholar
- Jacob M. Sorber, Minho Shin, Ron Peterson, and David Kotz. 2012. Plug-n-Trust: Practical trusted sensing for mhealth. In Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. ACM, New York, NY, 309–322.Google Scholar
- Chunxiao Li, Anand Raghunathan, and Niraj K. Jha. 2010. Secure virtual machine execution under an untrusted management OS. In Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing (CLOUD’10). IEEE, Los Alamitos, CA, 172–179.Google Scholar
- Raoul Praful Jetley, Paul L. Jones, and Paul Anderson.2008. Static analysis of medical device software using CodeSonar. In Proceedings of the ACM Workshop on Static Analysis.Google Scholar
- Najwa Aaraj, Anand Raghunathan, and Niraj K. Jha. 2008. Dynamic binary instrumentation-based framework for malware defense. In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment.Google Scholar
- Chunxiao Li, Anand Raghunathan, and Niraj K. Jha. 2013. Improving the trustworthiness of medical device software with formal verification methods. IEEE Embedded Systems Letters 5, 3 (2013), 50–53.Google Scholar
Cross Ref
- Lucas Cordeiro, Bernd Fischer, Huan Chen, and Joao Marques-Silva. 2009. Semiformal verification of embedded software in medical devices considering stringent hardware constraints. In Proceedings of the 2009 International Conference on Embedded Software and Systems. IEEE, Los Alamitos, CA, 396–403.Google Scholar
Digital Library
- Raoul Jetley, S. Purushothaman Iyer, Paul L. Jones, and William Spees. 2006. A formal approach to pre-market review for medical device software. In Proceedings of the 30th Annual InternationalComputer Software and Applications Conference, Vol. 1. IEEE, Los Alamitos, CA, 169–177.Google Scholar
- Tamara Denning, Alan Borning, Batya Friedman, Brian T. Gill, Tadayoshi Kohno, and William H. Maisel. 2010. Patients, pacemakers, and implantable defibrillators: Human values and security for wireless implantable medical devices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, New York, NY, 917–926.Google Scholar
- Stuart Schechter. 2010. Security that is meant to be skin deep using ultraviolet micropigmentation to store emergency-access keys for implantable medical devices. Microsoft. Retrieved May 25, 2021 from https://www.microsoft.com/en-us/research/publication/security-that-is-meant-to-be-skin-deep-using-ultraviolet-micropigmentation-to-store-emergency-access-keys-for-implantable-medical-devicesGoogle Scholar
- Christophe De Canniere, Orr Dunkelman, and Miroslav Knežević. 2009. KATAN and KTANTAN—A family of small and efficient hardware-oriented block ciphers. In Cryptographic Hardware and Embedded Systems—CHES 2009. Springer, 272–288.Google Scholar
- Nachiketh R. Potlapally, Srivaths Ravi, Anand Raghunathan, and Niraj K. Jha. 2003. Analyzing the energy consumption of security protocols. In Proceedings of the 2003 International Symposium on Low Power Electronics and Design. ACM, New York, NY, 30–35.Google Scholar
- Andrey Bogdanov, Lars R. Knudsen, Gregor Leander, Christof Paar, Axel Poschmann, Matthew J. B. Robshaw, Yannick Seurin, and Charlotte Vikkelsoe. 2007. PRESENT: An ultra-lightweight block cipher. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems.Google Scholar
- David L Donoho. 2006. Compressed sensing. IEEE Transactions on Information Theory 52, 4 (2006), 1289–1306.Google Scholar
Digital Library
- Simon Heron. 2009. Advanced encryption standard (AES). Network Security 2009, 12 (2009), 8–12.Google Scholar
Digital Library
- Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. 2013. Keccak. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques. 313–314.Google Scholar
- Lu Shi, Jiawei Yuan, Shucheng Yu, and Ming Li. 2013. ASK-BAN: Authenticated secret key extraction utilizing channel characteristics for body area networks. In Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, New York, NY.Google Scholar
- Syed Taha Ali, Vijay Sivaraman, and Diethelm Ostry. 2012. Zero reconciliation secret key generation for body-worn health monitoring devices. In Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, New York, NY, 39–50.Google Scholar
Digital Library
- Suman Jana, Sriram Nandha Premnath, Mike Clark, Sneha K. Kasera, Neal Patwari, and Srikanth V. Krishnamurthy. 2009. On the effectiveness of secret key extraction from wireless signal strength in real environments. In Proceedings of the ACM International Conference on Mobile Computing and Networking.Google Scholar
- Suhas Mathur, Wade Trappe, Narayan Mandayam, Chunxuan Ye, and Alex Reznik. 2008. Radio-telepathy: Extracting a secret key from an unauthenticated wireless channel. In Proceedings of the 14th ACM International Conference on Mobile Computing and Networking.Google Scholar
- Saied Hosseini-Khayat. 2011. A lightweight security protocol for ultra-low power ASIC implementation for wireless implantable medical devices. In Proceedings of the 5th International Symposium on Medical Information and Communication Technology. IEEE, Los Alamitos, CA.Google Scholar
- Masoud Rostami, Wayne Burleson, Farinaz Koushanfar, and Ari Juels. 2013. Balancing security and utility in medical devices? In Proceedings of the 50th Annual Design Automation Conference. ACM, New York, NY, 13.Google Scholar
Digital Library
- Christoph Beck, Daniel Masny, Willi Geiselmann, and Georg Bretthauer. 2011. Block cipher based security for severely resource-constrained implantable medical devices. In Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies. ACM, New York, NY, Article 62, 5 pages.Google Scholar
Digital Library
- Meng Zhang, Mehran Mozaffari Kermani, Anand Raghunathan, and Niraj K. Jha. 2013. Energy-efficient and secure sensor data transmission using encompression. In Proceedings of the 26th International Conference on VLSI Design. IEEE, Los Alamitos, CA, 31–36.Google Scholar
- Lake Bu, Mark G. Karpovsky, and Michel A. Kinsy. 2019. Bulwark: Securing implantable medical devices communication channels. Computers & Security 86 (2019), 498–511.Google Scholar
Digital Library
- Kubra Saeedi. 2019. Machine Learning for Ddos Detection in Packet Core Network for IoT. Retrieved May 25, 2021 from https://www.diva-portal.org/smash/get/diva2:1360486/FULLTEXT02.pdfGoogle Scholar
- Sudip Vhaduri and Christian Poellabauer. 2017. Wearable device user authentication using physiological and behavioral metrics. In Proceedings of the 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC’17). IEEE, Los Alamitos, CA.Google Scholar
- A. K. M. Iqtidar Newaz, Amit Kumar Sikder, Mohammad Ashiqur Rahman, and A. Selcuk Uluagac. 2019. Healthguard: A machine learning-based security framework for smart healthcare systems. In Proceedings of the 2019 6th International Conference on Social Networks Analysis, Management, and Security (SNAMS’19). IEEE, Los Alamitos, CA, 389–396.Google Scholar
- Heena Rathore, Amr Mohamed, and Mohsen Guizani. 2020. Deep learning-based security schemes for implantable medical devices. In Energy Efficiency of Medical Devices and Healthcare Applications. Elsevier, 109–130.Google Scholar
- Jinyuan Sun, Xiaoyan Zhu, Chi Zhang, and Yuguang Fang. 2011. HCPP: Cryptography based secure EHR system for patient privacy and emergency healthcare. In Proceedings of the 2011 31st International Conference on Distributed Computing Systems. IEEE, Los Alamitos, CA, 373–382.Google Scholar
- Huang Lin, Jun Shao, Chi Zhang, and Yuguang Fang. 2013. CAM: Cloud-assisted privacy preserving mobile health monitoring. IEEE Transactions on Information Forensics and Security 8, 6 (2013), 985–997.Google Scholar
Digital Library
- Ming Li, Wenjing Lou, and Kui Ren. 2010. Data security and privacy in wireless body area networks. IEEE Wireless Communications 17, 1 (2010), 51–58.Google Scholar
Digital Library
- Ming Li, Shucheng Yu, Yao Zheng, Kui Ren, and Wenjing Lou. 2012. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems 24, 1 (2012), 131–143.Google Scholar
Digital Library
- Zhitao Guan, Tingting Yang, and Xiaojiang Du. 2015. Achieving secure and efficient data access control for cloud-integrated body sensor networks. International Journal of Distributed Sensor Networks 11, 8 (2015), 101287.Google Scholar
- Xiali Hei, Xiaojiang Du, Jie Wu, and Fei Hu. 2010. Defending resource depletion attacks on implantable medical devices. In Proceedings of the 2010 IEEE Global Telecommunications Conference (GLOBECOM’10).Google Scholar
- Meng Zhang, Anand Raghunathan, and Niraj K. Jha. 2013. MedMon: Securing medical devices through wireless monitoring and anomaly detection. IEEE Transactions on Biomedical Circuits and Systems 7, 6 (2013), 871–881.Google Scholar
Cross Ref
- Chenglong Fu, Xiaojiang Du, Longfei Wu, Qiang Zeng, Amr Mohamed, and Mohsen Guizani. 2019. POKs based secure and energy-efficient access control for implantable medical devices. In Security and Privacy in Communication Systems. Springer, 105–125.Google Scholar
- Yi Chen, Shuai Ding, Zheng Xu, Handong Zheng, and Shanlin Yang. 2019. Blockchain-based medical records secure storage and medical service framework. Journal of Medical Systems 43, 1 (2019), 5.Google Scholar
Digital Library
- Ashutosh Dhar Dwivedi, Gautam Srivastava, Shalini Dhar, and Rajani Singh. 2019. A decentralized privacy-preserving healthcare blockchain for IoT. Sensors (Basel) 19, 2 (2019), 326.Google Scholar
- Gautam Srivastava, Jorge Crichigno, and Shalini Dhar. 2019. A light and secure healthcare blockchain for IoT medical devices. In Proceedings of the 2019 IEEE Canadian Conference of Electrical and Computer Engineering (CCECE’19). IEEE, Los Alamitos, CA, 1–5.Google Scholar
- Gautam Srivastava, Reza M. Parizi, Ali Dehghantanha, and Kim-Kwang Raymond Choo. 2019. Data sharing and privacy for patient IoT devices using blockchain. In Proceedings of the International Conference on Smart City and Informatization. 334–348.Google Scholar
- Swarup Bhunia, Michael S. Hsiao, Mainak Banga, and Seetharam Narasimhan. 2014. Hardware Trojan attacks: Threat analysis and countermeasures. Proceedings of the IEEE 102, 8 (2014), 1229–1247.Google Scholar
Cross Ref
- Jim Aarestad, Dhruva Acharyya, Reza Rad, and Jim Plusquellic. 2010. Detecting Trojans through leakage current analysis using multiple supply pads. IEEE Transactions on Information Forensics and Security 5, 4 (2010), 893–904.Google Scholar
Digital Library
- Sheng Wei and Miodrag Potkonjak. 2013. The undetectable and unprovable hardware Trojan horse. In Proceedings of the 50th Annual Design Automation Conference. ACM, New York, NY, 144.Google Scholar
Digital Library
- Charles Lamech and Jim Plusquellic. 2012. Trojan detection based on delay variations measured using a high-precision, low-overhead embedded test structure. In Proceedings of the 2012 Conference on Hardware-Oriented Security and Trust (HOST’12). IEEE, Los Alamitos, CA, 75–82.Google Scholar
- Sheng Wei, Kai Li, Farinaz Koushanfar, and Miodrag Potkonjak. 2012. Hardware Trojan horse benchmark via optimal creation and placement of malicious circuitry. In Proceedings of the 49th Annual Design Automation Conference. ACM, New York, NY, 90–95.Google Scholar
Digital Library
- Jie Li and John Lach. 2008. At-speed delay characterization for IC authentication and Trojan horse detection. In Proceedings of the International Workshop on Hardware-Oriented Security and Trust. IEEE, Los Alamitos, CA, 8–14.Google Scholar
- Kyung Sup Kwak, Sana Ullah, and Niamat Ullah. 2010. An overview of IEEE 802.15. 6 standard. In Proceedings of the Applied Sciences in Biomedical and Communication Technologies (ISABEL’10). IEEE, Los Alamitos, CA, 1–6.Google Scholar
- Kris Tiri, Moonmoon Akmal, and Ingrid Verbauwhede. 2002. A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards. In Proceedings of the 2020 Solid-State Circuits Conference. IEEE, Los Alamitos, CA.Google Scholar
- Kris Tiri and Ingrid Verbauwhede. 2004. Charge recycling sense amplifier based logic: Securing low power security ICs against DPA. In Proceedings of the 30th European Conference on Solid-State Circuits. 179–182.Google Scholar
- Muhammad Ali Siddiqi, Christian Doerr, and Christos Strydis. 2020. IMDfence: Architecting a secure protocol for implantable medical devices. arxiv:2002.09546.Google Scholar
- Muhammad Ali Siddiqi and Christos Strydis. 2019. Towards realistic battery-DoS protection of implantable medical devices. In Proceedings of the 16th ACM International Conference on Computing Frontiers. 42–49.Google Scholar
Digital Library
- Shane S. Clark, Benjamin Ransford, Amir Rahmati, Shane Guineau, Jacob Sorber, Wenyuan Xu, Kevin Fu, et al. 2013. WattsUpDoc: Power side channels to nonintrusively discover untargeted malware on embedded medical devices. In Proceedings of the 2013 USENIX Conference on Safety, Security, Privacy, and Interoperability of Health Information Technologies (HealthTech’13).Google Scholar
- Jean-Jacques Quisquater and David Samyde. 2001. Electromagnetic analysis (EMA): Measures and counter-measures for smart cards. In Smart Card Programming and Security. Springer, 200–210.Google Scholar
- Girish B. Ratanpal, Ronald D. Williams, and Travis N. Blalock. 2004. An on-chip signal suppression countermeasure to power analysis attacks. IEEE Transactions on Dependable and Secure Computing 1, 3 (2004), 179–189.Google Scholar
Digital Library
- M. Anwarul Hasan. 2001. Power analysis attacks and algorithmic approaches to their countermeasures for Koblitz curve cryptosystems. IEEE Transactions on Computers10 (2001), 1071–1083.Google Scholar
- Radu Muresan and Stefano Gregori. 2008. Protection circuit against differential power analysis attacks for smart cards. IEEE Transactions on Computers 57, 11 (2008), 1540.Google Scholar
Digital Library
- Po-Chun Liu, Hsie-Chia Chang, and Chen-Yi Lee. 2010. A low overhead DPA countermeasure circuit based on ring oscillators. IEEE Transactions on Circuits and Systems II: Express Briefs 57, 7 (2010), 546–550.Google Scholar
Digital Library
- Carmen C. Y. Poon, Yuan-Ting Zhang, and Shu-Di Bao. 2006. A novel biometrics method to secure wireless body area sensor networks for telemedicine and m-health. IEEE Communications Magazine 44, 4 (2006), 73–81.Google Scholar
Digital Library
- Cory Cornelius, Jacob Sorber, Ronald Peterson, Joe Skinner, Ryan Halter, and David Kotz. 2012. Who wears me? Bioimpedance as a passive biometric. In Proceedings of the 3rd USENIX Conference on Health Security and Privacy (HealthSec’12).Google Scholar
Digital Library
- Chunqiang Hu, Xiuzhen Cheng, Fan Zhang, Dengyuan Wu, Xiaofeng Liao, and Dechang Chen. 2013. OPFKA: Secure and efficient ordered-physiological-feature-based key agreement for wireless body area networks. In Proceedings of the 2013 IEEE INFOCOM Conference. IEEE, Los Alamitos, CA, 2274–2282.Google Scholar
- Krishna K. Venkatasubramanian, Ayan Banerjee, and Sandeep Kumar S. Gupta. 2010. PSKA: Usable and secure key agreement scheme for body area networks. IEEE Transactions on Information Technology in Biomedicine 14, 1 (2010), 60–68.Google Scholar
Digital Library
- Sang-Yoon Chang, Yih-Chun Hu, Hans Anderson, Ting Fu, and Evelyn Y. L. Huang. 2012. Body area network security: Robust key establishment using human body channel. In Proceedings of the 3rd USENIX Conference on Health Security and Privacy (HealthSec’12). 5.Google Scholar
- Masoud Rostami, Ari Juels, and Farinaz Koushanfar. 2013. Heart-to-heart (H2H): Authentication for implanted medical devices. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS’13). 1099–1112.Google Scholar
Digital Library
- Andrew D. Jurik and Alfred C. Weaver. 2011. Securing mobile devices with biotelemetry. In Proceedings of the 20th International Conference on Computer Communications and Networks (ICCCN’11).Google Scholar
- Sriram Cherukuri, Krishna K. Venkatasubramanian, and Sandeep K. S. Gupta. 2003. Biosec: A biometric based approach for securing communication in wireless networks of biosensors implanted in the human body. In Proceedings of the International Conference on Parallel Processing Workshops. IEEE, Los Alamitos, CA.Google Scholar
- Hassan Chizari and Emil C. Lupu. 2019. Extracting randomness from the trend of IPI for cryptographic operators in implantable medical devices. IEEE Transactions on Dependable and Secure Computing 18, 2 (2019), 875–888.Google Scholar
- Taha Belkhouja, Xiaojiang Du, Amr Mohamed, Abdulla K. Al-Ali, and Mohsen Guizani. 2019. Biometric-based authentication scheme for Implantable Medical Devices during emergency situations. Future Generation Computer Systems 98 (2019), 109–119.Google Scholar
Digital Library
- Hang Cai and Krishna K. Venkatasubramanian. 2019. Data-driven detection of sensor-hijacking attacks on electrocardiogram sensors. In Mission-Oriented Sensor Networks and Systems: Art and Science. Springer, 757–781.Google Scholar
- Hang Cai and Krishna K. Venkatasubramanian. 2016. Detecting signal injection attack-based morphological alterations of ECG measurements. In Proceedings of the International Conference on Distributed Computing in Sensor Systems (DCOSS’16). IEEE, Los Alamitos, CA, 127–135.Google Scholar
- Ming Li, Shucheng Yu, Joshua D. Guttman, Wenjing Lou, and Kui Ren. 2013. Secure ad hoc trust initialization and key management in wireless body area networks. ACM Transactions on Sensor Networks 9, 2 (2013), 18.Google Scholar
- Michael T. Goodrich, Michael Sirivianos, John Solis, Gene Tsudik, and Ersin Uzun. 2006. Loud and clear: Human-verifiable authentication based on audio. In Proceedings of the IEEE International Conference on Distributed Computing Systems. IEEE, Los Alamitos, CA, 10.Google Scholar
- Carsten W. Israel and S. Serge Barold. 2001. Pacemaker systems as implantable cardiac rhythm monitors. American Journal of Cardiology 88, 4 (2001), 442–445.Google Scholar
Cross Ref
- Eric Freudenthal, David Herrera, Frederick Kautz, Carlos Natividad, Alexandria Ogrey, Justin Sipla, Abimael Sosa, Carlos Betancourt, and Leonardo Estevez. 2007. Suitability of NFC for medical device communication and power delivery. In Proceedings of the 2007 Engineering in Medicine and Biology Workshop. IEEE, Los Alamitos, CA, 51–54.Google Scholar
- Heribert Baldus, Steven Corroy, Alberto Fazzi, Karin Klabunde, and Tim Schenk. 2009. Human-centric connectivity enabled by body-coupled communications. IEEE Communications Magazine 47, 6 (2009), 172–178.Google Scholar
Digital Library
- Priyanka Bagade, Ayan Banerjee, Joseph Milazzo, and Sandeep K. S. Gupta. 2013. Protect your BSN: No handshakes, just namaste! In In Proceedings of the 2013 IEEE International Conference on Body Sensor Networks.Google Scholar
- Kasper Bonne Rasmussen, Claude Castelluccia, Thomas S. Heydt-Benjamin, and Srdjan Capkun. 2009. Proximity-based access control for implantable medical devices. In Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM, New York, NY.Google Scholar
Digital Library
- Lu Shi, Ming Li, Shucheng Yu, and Jiawei Yuan. 2013. BANA: Body area network authentication exploiting channel characteristics. IEEE Journal on Selected Areas in Communications 31, 9 (2013), 1803–1816.Google Scholar
Cross Ref
- Tamara Denning, Kevin Fu, and Tadayoshi Kohno. 2008. Absence makes the heart grow fonder: New directions for implantable medical device security. In Proceedings of the 3rd Conference on Hot Topics in Security (HOTSEC’08). Article 5, 7 pages.Google Scholar
- Shyamnath Gollakota, Haitham Hassanieh, Benjamin Ransford, Dina Katabi, and Kevin Fu. 2011. They can hear your heartbeats: Non-invasive security for implantable medical devices. ACM SIGCOMM Computer Communication Review 41, 4 (2011), 1–12.Google Scholar
- Fengyuan Xu, Zhengrui Qin, Chiu C. Tan, Baosheng Wang, and Qun Li. 2011. IMDGuard: Securing IMD with the external wearable guardian. In Proceedings of the 2011 IEEE INFOCOM Conference.Google Scholar
- Amit Kumar Sikder, Hidayet Aksu, and A. Selcuk Uluagac. 2017. 6thSense: A context-aware sensor-based attack detector for smart devices. In Proceedings of the 26th USENIX Security Symposium (USENIX Security’17). 397–414.Google Scholar
- Amit Kumar Sikder, Leonardo Babun, Hidayet Aksu, and A. Selcuk Uluagac. 2019. Aegis: A context-aware security framework for smart home systems. In Proceedings of the 35th Annual Computer Security Applications Conference. 28–41.Google Scholar
- Yana Petlovana. 2018. Privacy and Security in Healthcare: A Must-Read for Healthtech Entrepreneurs. Retrieved May 25, 2021 from https://steelkiwi.com/blog/privacy-and-security-in-healthcare/Google Scholar
- Kriangsiri Malasri and Lan Wang. 2009. Design and implementation of a securewireless mote-based medical sensor network. Sensors (Basel) 9, 8 (2009), 6273–6297.Google Scholar
- Mandeep Khera. 2017. Think like a hacker: Insights on the latest attack vectors (and security controls) for medical device applications. Journal of Diabetes Science and Technology 11, 2 (2017), 207–212.Google Scholar
- Patricia A. H. Williams and Andrew J. Woodward. 2015. Cybersecurity vulnerabilities in medical devices: A complex environment and multifaceted problem. Medical Devices (Auckland, NZ) 8 (2015), 305.Google Scholar
- Brian Randell. 1975. System structure for software fault tolerance. IEEE Transactions on Software Engineering 1, 2 (1975), 220–232.Google Scholar
Digital Library
- Robert E. Lyons and Wouter Vanderkulk. 1962. Use of triple-modular redundancy to improve reliability. IBM Journal of Research and Development 6, 2 (1962), 200–209.Google Scholar
Digital Library
- Ioannis Chatzigiannakis and Andreas Strikos. 2007. A decentralized intrusion detection system for increasing security of wireless sensor networks. In Proceedings of the 2007 IEEE Conference on Emerging Technologies and Factory Automation (EFTA’17). IEEE, Los Alamitos, CA, 1408–1411.Google Scholar
- Md Hasan Shahriar, Nur Imtiazul Haque, Mohammad Ashiqur Rahman, and Miguel Alonso. 2020. G-IDS: Generative adversarial networks assisted intrusion detection system. In Proceedings of the 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC’20). IEEE, Los Alamitos, CA, 376–385.Google Scholar
- Amit Kumar Sikder, Leonardo Babun, Z. Berkay Celik, Abbas Acar, Hidayet Aksu, Patrick McDaniel, Engin Kirda, and A. Selcuk Uluagac. 2020. Kratos: Multi-user multi-device-aware access control system for the smart home. In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec’20). 1–12.Google Scholar
- Min Chen, Yixue Hao, Kai Hwang, Lu Wang, and Lin Wang. 2017. Disease prediction by machine learning over big data from healthcare communities. IEEE Access 5 (2017), 8869–8879.Google Scholar
Cross Ref
- Samuel G. Finlayson, Hyung Won Chung, Isaac S. Kohane, and Andrew L. Beam. 2018. Adversarial attacks against medical deep learning systems. arxiv:1804.05296.Google Scholar
- A. K. M. Newaz, Nur Imtiazul Haque, Amit Kumar Sikder, Mohammad Ashiqur Rahman, and A. Selcuk Uluagac. 2020. Adversarial attacks to machine learning-based smart healthcare systems. In Proceedings of the IEEE Global Communications Conference (GLOBECOM’20).Google Scholar
Index Terms
A Survey on Security and Privacy Issues in Modern Healthcare Systems: Attacks and Defenses
Recommendations
An exhaustive survey on security and privacy issues in Healthcare 4.0
AbstractThe healthcare industry has revolutionized from 1.0 to 4.0 where Healthcare 1.0 was more doctor centric and Healthcare 2.0 replaced manual records with electronic healthcare records (EHRs). Healthcare 3.0 was patient-centric and ...
Healthcare systems quality: development and use
SEHS '16: Proceedings of the International Workshop on Software Engineering in Healthcare SystemsMedical Software Quality Regulations have been developed through a concern for patient safety, outcome and care. From our research on a variety of projects, which includes observation within hospitals and clinics, we can demonstrate that there are many ...
Big Data Security and Privacy Issues in Healthcare
BIGDATACONGRESS '14: Proceedings of the 2014 IEEE International Congress on Big DataWith the ever-increasing cost for healthcare and increased health insurance premiums, there is a need for proactive healthcare and wellness. In addition, the new wave of digitizing medical records has seen a paradigm shift in the healthcare industry. As ...






Comments