Telemedicine Cluster

Cluster Leader: David Kotz

Goal: assuring the security and privacy of emerging systems of sensors and actuators for healthcare and wellness.

Overview of Contributions
At one time almost all of the data collected by the medical system was collected inside hospitals and clinics. This began to change with the introduction of devices like defibrillators and CPAP machines that contain computers that collect telemetry about patients outside the provider facility. This telemetry is increasingly communicated by digital wireless links. At the same time there has been an explosion of interest in wireless fitness devices that collect information like the number of calories used or the locations visited (by runners for instance) by monitored subjects. Currently the fitness systems commonly use communications with cell phones. The boundary between medical devices like defibrillators and fitness devices like pedometers has begun to blur with, for example, the introduction of devices that measure vitals like blood pressure and pulse. Many of these trends raise concerns about security and privacy with respect to these devices. At the time SHARPS began some members of the SHARPS team had shown security vulnerabilities of wireless communications with defibrillators. The SHARPS project enabled a wide range of progress beyond the demonstration of these threats both in terms of the depth of analysis, such as the development of effective counter-measures and new platforms, and the breadth of analysis, such as studies for fitness devices, insulin pumps, and biosensors.

Projects
The Telemedicine Cluster is the largest of the SHARPS project clusters and comprises 28 projects.

  1. AMULET developed a first-generation platform for programming third party mHealth applications without the need for a connected cell phone. The aim of the platform, which is called Amulet, is support three challenging requirements: (1) the device must be consistently present (that is, collecting data more or less continuously), (2) secure and highly available and (3) programmable with a well-specified open interface that supports a rich collection of third-party application developers. The project built a prototype ultra-low-power hardware platform that achieves these goals. A key next step will be to make the device wearable.

  2. ZEBRA developed a novel technology for authentication based on a strategy that respected challenging requirements for hospital personnel. The technology focused on the problem of locking clinical workstations when the user walks away, using a wrist-watch like device that uses a motion detector to end sessions. The device verifies whether the motion of the user matches the use of the computer system where the user is logged in.

  3. HIDE-n-SENSE developed technology for securing a Body-Area Health Network (BAHN). The project developed insights into the requirements and suitability of Bluetooth, which is commonly envisioned as the basis for BAHNs and used experience with these studies to propose a new protocol called Hide-n-Sense which was shown to be privacy-protecting while also having good network performance and energy efficiency.

  4. SAME-BODY DETECTION developed an algorithm and prototype to tell if two devices are physically on the same body using motion detectors.

  5. RIGHT-BODY DETECTION developed bioimpedance as biometric that can be used to determine whether a device is collecting data from the right user. The project produced a prototype that showed promise for usable and reliable application. The project also investigated other potential biometrics such as vocal resonance.

  6. mHEALTH PROVENANCE studied requirements and techniques for enabling recipients of mHealth data to assure its integrity. The project resulted in the development of a framework around the idea of what contextual evidence derived from meta-data. This was explored in a software platform prototype that enables the attachment of such meta-data.

  7. mHEALTH USER STUDY (mHEALTH PRIVACY PRACTICES) used a collection of user studies to explore the attitudes of mHealth data collectors to share their data based on data collected from wearing an activity monitor. Two findings of this study was that subjects share differently with different recipients and that their sharing behavior changes over time.

  8. mHEALTH PRIVACY LITERATURE SURVEY carried out an extensive literature survey to consolidate the literature on mHealth privacy. The resulting survey distilled a collection of principles that serve as a good basic set of guidelines for this area.

  9. PLUG-n-TRUST developed support for managing trusted base on smart phones using a plug-in smart card. The project yielded a prototype and its validation for secure processing on an untrusted cell phone.

  10. SECURE IN VIVO MEDICAL COMMUNICATION worked on developing better standards for security researchers to use for simulating human tissue for studies, aiming to migrate the community toward standards more like those of the biomedical community. The study demonstrated limitations of using food grade meats rather than calibrated saline solutions.

  11. MEDICAL DEVICE LIBRARY supported work with the Archimedes organization as a continuation of what was called the (Open Medical Device Research Library (OMRDL). The project developed a library of medical devices, such as implants, that could be used for research.

  12. UMASS MOO built a battery-less programmable RFID sensor device usable as a medical device called the Moo. The Moo was designed to be able to do biomedical things that many implants require while also providing cryptographic operations such as authentication and key exchange. The project resulted in a prototype and more than 200 have been shipped to interested parties for study.

  13. MALICIOUS ELECTROMAGNETIC MEDICAL INTERFERENCE showed how intentional wireless electromagnetic interference can be used to alter analog inputs to medical devices generating a risk of integrity violations.

  14. ZERO-POWER SECURITY FOR MEDICAL DEVICES was discontinued to provide more time for work on other projects, including the UMASS MOO project, which provided relevant technology.

  15. MALWARE DETECTION IN MEDICAL DEVICES developed techniques for detecting running malware on a medical device by observing patterns of power consumption. The technology was spun out to a startup company that has developed a prototype.

  16. PREDICTING MALWARE IN HEALTH IT SYSTEMS investigated techniques for quantifying the prevalence of malware in hospital systems. The project focused on what could be detected for the University of Michigan health system based on observing network traffic. The system was found to be relatively clean but it will be important to carry out more complete studies at a wider range of institutions.

  17. SECURING BIOSENSERS developed threat models and countermeasures for the security and privacy of biosensors. The target was to develop ways to support a range of cryptographic functions such as hashing and random number generation on implantable and disposable devices.

  18. OUTREACH ON HIT SECURITY AND PRIVACY carried out various efforts to make the medical device community more aware of threats to medical devices. The output of the project included more than two dozen talks to diverse audiences, a pair of workshops, and a two day training session at the headquarters of a medical device vendor.

  19. JAMMING MEDICAL DEVICES developed and tested a technology for a device that uses jamming to prevent access to an implanted medical device. The idea is that this jammer can be worn like a piece of jewelry until there is a need to access the implant at which time it can be moved away from the medical device to enable communication.

  20. MEDICAL DEVICE SECURITY RESEARCH SURVEY involved developing a pair of survey articles to enable researchers with an interest in work in this area to get a basic foundation on prior work. The study covered both medical devices and body area networks.

  21. POST-MARKET SURVEILLANCE OF SECURITY AND PRIVACY PROBLEMS reviewed the information about medical devices that could be had through databases at FDA to determine whether they could be effectively used to detect security and privacy violations. The study focused on recalls and found significant limitations in the available data, suggesting the need for better collection.

  22. FORENSICS IN CONTEXT-AWARE INSULIN PUMP SYSTEMS addressed the problem that medical devices do not provide enough forensic data with a study on the problem for insulin pumps. The project identified attack risks and the data that would be needed to detect them in an audit. A novel result of the study was its highlighting of the desirability of additional bio information such as bowel sounds, for which the project built a prototype.

  23. ANALYSIS OF DEVICE AND PATIENT DATA THROUGH HIGH PERFORMANCE COMPUTING ALGORITHMS TO FIND SECURITY EVENTS identified issues in treating diabetes data and developed approaches to analyze this data. The focus was on the artificial pancreas and sensor data that might identify patients suffering from hypoglycemia. Key outputs were algorithms and biometrics for gaining higher assurance about the analyzed data.

  24. SECURITY RISK MEASUREMENT PLATFORM FOR MEDICAL DEVICES developed requirements and addressed key emulation issues for testing harnesses for medical implants. The general idea was to bring constraint solver testing to real time embedded devices like medical implants by addressing the problem of how to emulate the environment (inputs) of the device to enable rigorous testing. The project resulted in a series of studies to reveal challenges with the harness and strategies to solve key problems like latencies in hardware that limited the effectiveness of emulation using the device under test itself rather than a simulated device.

  25. PATIENT-, PROVIDER-, AND MANUFACTURER-FOCUSED SECURITY SOLUTIONS conducted a series of workshops with medical providers and other individuals involved in providing care for patients with implantable cardiac devices. The workshops collected data on what the participants find important with respect to providing care and performing their jobs, their reactions to potential security system concepts, and their opinions on what security system properties should be sought or avoided due to negative side effects. These project synthesized this feedback into conclusions about design considerations for future technical security systems and suggest directions for further research.

  26. PORTAL PRIVACY PREFERENCES (ACTIVITY MONITORING OF PATIENTS WITH HEART FAILURE) developed a smartphone based system for remote real-time tele-monitoring of physical activity for patients with chronic heart failure and tested the hypothesis that information from these devices enable targeted interventions for at-risk patients that reduce their probabilities for hospital admission or of receiving emergency care. There were two sides to the study, one in which providers obtained patient activity data by near-continuous wireless monitoring and one in which subjects filled out surveys that included questions about privacy concerns the subjects might have about being monitored. Preliminary pragmatic experience with pilot subjects are being applied to further studies in ongoing research.

  27. FUSION studied issues with privacy and security for medical applications and devices connected to smartphones. The project focused on smartphones using the Android operating system and revealed potential vulnerabilities arising in many apps and problems with the Android system itself. Outputs of the project included surveys of security and privacy issues with fitness and medical apps in the Google Play store, demonstrations of Android platform vulnerabilities, and strategies for addressing these issues.

  28. NoCF, Network on a Chip Firewall, developed methodology and design for isolation in hardware through a protection mechanism that stands between high and low security portions of a Network on a Chip (NoC). NoC systems are a common foundation for cell phone hardware and the aim of this project was to address smartphone use with medical devices or applications by protecting them at a hardware level. Outputs of the project included a design, FPGA prototype, and development of techniques for formal specification and verification of security properties of the system.