From WannaCry to WannaDie: Security trade-offs and design for implantable medical devices
Institute of Electrical and Electronics Engineers Inc.
School of Science
Healthcare sectors are increasingly facing cyber security challenges and threats from adversaries due to numerous security flaws and the lack of security safeguards in medical devices. Among these medical devices and systems, security issues that concern implantable medical devices (IMDs) have attracted attention from both academia and the industry. In this paper, we discuss security vulnerabilities in current IMD products by presenting security tests and demonstrations performed by researchers. Based on this, three critical trade-offs in the IMD security design are analyzed, namely security vs. accessibility in medical emergencies, emergency access vs. checkup access and strong security requirements vs. limited IMD resources. Biometrics based security solutions can provide support for emergency access and thus are surveyed, including those using electrocardiogram signals, iris and fingerprints. During the design, we propose to adopt the concept of decoupled design and usable security in order to develop a viable security solution for the IMDs.