Volume 5 - Issue 2
Securing Implantable Cardioverter Defibrillators Using Smartphones
- Jiwan Ninglekhu
The University of Texas at San Antonio, One UTSA Circle, San Antonio, TX 78256, USA
iiw057@my.utsa.edu
- Ram Krishnan
The University of Texas at San Antonio, One UTSA Circle, San Antonio, TX 78256, USA
ram.krishnan@utsa.edu
- Eugene John
The University of Texas at San Antonio, One UTSA Circle, San Antonio, TX 78256, USA
eugene.john@utsa.edu
- Manoj Panday
University of Texas Health Science Center, San Antonio, TX, USA
manojpanday@hotmail.com
Keywords: Implantable Cardioverter Defibrillator (ICD), Implantable Medical devices (IMD), security, safety, Smartphones
Abstract
In this paper, we propose a novel security framework to protect Implantable Cardioverter Defibrillators
(ICDs) using Smartphones. ICDs are small battery powered Implantable Medical Devices
(IMDs) that are introduced in the patient’s body to treat irregular heartbeats known as arrhythmias.
These devices are programmed and accessed wirelessly for diagnosis and therapy by a programming
device known as External Programmer (EP). Previous studies have demonstrated that ICDs are susceptible
to attacks via unauthorized EPs. These attacks may not only pose privacy concerns, but can
also do serious physical harm to a patient. While it is crucial that these devices need to be secured by
all means possible, a medical practitioner should be allowed to access ICDs when needed, especially
under emergency situations. In this paper, we investigate techniques for using a patient’s smartphone
for authenticated and authorized communication between the patient’s ICD and the EP operated by a
physician treating the patient. An application running in the smartphone serves two major purposes.
(1) mediates secure communication, and (2) keeps the patient in-the-loop by providing an audiovisual
interface, to be aware of and take control over the communication occurring between the ICD
and EP. Due to the fact that smartphones are becoming more cheaper and their versatility becoming
greater, using smartphones as a security device is a feasible option. As a proof-of-concept, the
proposed Kerberos based security scheme is implemented using simulated EP, ICD, and an Androidbased
smartphone.