Fingerprint access control for wireless insulin pump systems using cancelable Delaunay triangulations
Security Research Institute
An insulin pump is a small wearable medical gadget which can mimic the way a healthy pancreas functions by providing continuous subcutaneous insulin infusion for the patient. However, in the current products, the access to the pump is not securely controlled, rendering the pump insecure to harmful or even lethal attacks, such as those that lead to the privacy breach of the patient and the delivery of abnormal dosage of insulin to the patient. In a conventional symmetric key-based security solution, how to distribute and manage the key is quite challenging, since the patient bearing an insulin pump may visit any hospital or clinic to receive treatment from any qualified doctor. In order to prevent malicious access to the pump, in this paper, we propose a Fingerprint-based Insulin Pump security (FIPsec) scheme which requires an entity to first pass the fingerprint authentication process before it is allowed to access the insulin pump. With this scheme, the request from an adversary to access the pump will be blocked thereby protecting the pump from the possibility of being subjected to serious attacks during the post-request period. In the scheme, a cancelable Delaunay triangle-based fingerprint matching algorithm is proposed for the insulin pump, which has capabilities to resist against nonlinear fingerprint image distortion and the influence of missing or spurious minutiae. In order to evaluate the performance of the proposed fingerprint matching algorithm, we perform comprehensive experiments on FVC2002 DB1 and DB2 fingerprint databases. The results show that the FIPsec scheme can achieve a reasonably low equal error rate and thus becomes a viable solution to thwarting unauthorized access to the insulin pump.