This research project advances the understanding of security and privacy in pervasive healthcare by testing technological methods of securing implantable medical devices and by evaluating human factors through patient studies. The most fundamental question is how to balance the opposing goals of safety and effectiveness with security and privacy of wireless, implantable medical devices. Future pervasive healthcare devices --- including prescription-based devices like pacemakers, drug pumps, and neurostimulators --- will not only contain long-range wireless capabilities, but will have sophisticated processors and the ability to interact with other devices on the person or in the person's environment. These innovations could vastly improve healthcare, but also introduce unique security and privacy risks not well understood from the perspectives of cyber security, medicine, public policy, and society. A primary challenge is understanding how to overcome the fundamental tension between security and privacy and traditional goals of safety and effectiveness. A second challenge is learning how to design usable, intuitive security mechanisms that patients and doctors will accept and understand. Approaches include novel, zero-power security mechanisms that do not drain the healthcare device's battery, and surveys of patients and other users of pervasive healthcare technologies to learn about patient perceptions and expectations. Blending computer science with healthcare, the project prepares computer science students for interdisciplinary security research via both research and coursework. Further demonstrating broader impact, the project reaches out to under-represented minorities and women in computing at community colleges in Western Massachusetts.
CT-ISG: Improving Security and Privacy in Pervasive Healthcare