Increasingly medical devices are dependent on software and the wireless channel for their operations, which also pose new vulnerabilities to their safe, dependable, and trustworthy operations. Medical devices such as implantable insulin pumps, which are in wide use today, continuously monitor and manage a patient's diabetes without the need for frequent daily patient interventions. These devices, not originally designed against cyber security threats, must now mitigate these threats. This project examines security vulnerabilities in these implantable medical device systems and offers new insights and understanding to protect these devices and prevent their misuse by users and abuse by hackers. Specifically, this research addresses how to detect and defend against man-in-the-middle and replay attacks between the glucose sensor and the insulin pump or monitor device held by patients. Detection of such an attack is addressed via a personalized model to calculate and recognize abnormal glucose levels. To remotely secure the dosage setting over a wireless link, a bio-key based on personalized parameters unique to each patient with diabetes mellitus, is used. Authentication is carried out via an acoustic-based fingerprint scheme coupled with voice pattern recognition technology. A mixed acoustic and radio wave-based secure channel in an artificial pancreas is being developed to test and validate this approach. While this project focuses on glucose sensors and insulin pumps, these security schemes can be applied broadly to other wireless medical devices. This project is being carried out at Delaware State University, a historically black college or university, and leverages collaborations with the University of Pennsylvania and University of Alabama to design a secure wireless insulin pumping system, and will support diverse undergraduate and graduate students for two years. The research results will also be used to design and implement course materials on cyber-physical systems security and will help train students to become tomorrow's cyber security professionals.
Continuation of Award #: 1566166
CRII: SaTC CPS: RUI: Cyber-Physical System Security in Implantable Insulin Injection Systems