seminar: Implantable Medical Devices
 |
Monday, March 23, 2009 |
 |
Implantable Medical Devices: Security and Privacy for Pervasive, Wireless Healthcare |
 |
Kevin Fu, Assistant Professor, University of Massachusetts Amherst |
 |
12:00pm |
Talk Abstract
Millions of patients benefit from implantable medical devices that treat chronic ailments such as cardiac arrhythmia, diabetes, and Parkinson's disease with various combinations of electrical therapy and drug infusion. The latest devices utilize unlicensed radio communication for diagnostic and therapeutic functions --- allowing doctors to remotely monitor patients' vital signs via the Web and provide a new level of care not feasible in the old model of purely clinical checkups. However, the rapid convergence of medical devices with wireless communication and Internet connectivity gives rise to an increased risk to security and privacy. Such devices must now defend against *intentional* malfunctions caused by malevolence. Our interdisciplinary research team used a software radio to test in vitro the security and privacy of a real implantable cardioverter defibrillator. Our findings demonstrate a variety of threats to patient privacy and device safety. For instance, an unauthenticated wireless command causes a shock that is known to induce a fatal heart rhythm. Our zero-power approaches use cryptography, acoustic communication, and RF power harvesting to help mitigate the risk of such intentional malfunctions without exposing the implanted battery to denial of service (See IEEE Symp. on Security & Privacy 2008). This research is joint with the University of Massachusetts Amherst, the University of Washington, and the Beth Israel Deaconess Medical Center. More information appears on http://secure-medicine.org/
Speaker Bio
Kevin Fu is an assistant professor in the Department of Computer Science at the University of Massachusetts Amherst, where he leads the Security and Privacy Research group (SPQR). Prof. Fu investigates how to ensure the security and privacy of pervasive devices that must withstand determined, malicious parties. His primary focus is on improving the security and privacy of pervasive healthcare and energy-constrained computational architectures such as RFIDs and implantable medical devices. Prof. Fu's contributions include the security and threat model analysis of several systems ranging from contactless no-swipe credit cards and implantable medical devices to access-controlled Web sites and automated software updates. His research received best paper awards from USENIX Security and the IEEE Symposium on Security and Privacy, and appeared in The New York Times and The Wall Street Journal. He served on numerous program committees of prestigious conferences in computer security and cryptography, and has given dozens of invited talks world-wide to industry, government, and academia. Prof. Fu serves as director of the RFID Consortium on Security and Privacy (RFID-CUSP.org) and co-director of the Medical Device Security Center. Prof. Fu received his Ph.D. in Electrical Engineering and Computer Science from the Massachusetts Institute of Technology. He also holds a certificate of achievement in artisanal bread making from the French Culinary Institute. For more information, visit http://www.cs.umass.edu/~kevinfu/