Lead Institution: University of Massachusetts Amherst

Project Leader: Kevin Fu

Research Progress

• Abstract
  Malware running on a medical device can negatively affect its performance and availability for patient care. Simultaneously, those medical devices are not getting patched in time and any changes in software including the installation of an antivirus package could lead to a voided warranty. This project measures the power consumption pattern of a computer or medical device and determines if a machine is infected with malware.

• Focus of the research/Market need for this project
  Hospitals seek simple technology that can rapidly identify infected medical devices without having to modify the medical device itself. The VA Medical Centers alone have over 600,000 connected computing devices. A common reason for unavailability of care is downtime due to unawareness incoming waves of conventional malware.

• Project Aims/Goals
  Develop a novel method of detecting running malware by observing the power consumption of the medical device.

• Key Conclusions/Significant Findings/Milestones reached/Deliverables
  Using fine granularity measurements of the power consumption of a medical device with machine learning algorithms to classify the resulting signal, we can get some information on the current processing load on the CPU. By using the processing patterns that we see as power consumption spikes, we can deduce the running processes on the target machine including malware. Using machine-learning algorithms, we can classify readings appropriately based on previous training sets of normal operation. This method can be used to identify machines infected with malware. The method can also be effective in passively detecting malware running on other devices including SCADA and cyber-physical systems.

• Materials Available for Other Investigators/interested parties
  We have tested the technology on a compounder and a process control system. Details of the unobtrusive malware detection method and results are available through publications, and contacts with interested manufacturers. A poster of a low cost prototype was presented as a poster at the 2013 USENIX HealthTech workshop. Prototype design and notes are available at the following URLs:

  • https://spqr.eecs.umich.edu/slpa/
  • http://kasiaspqr.wordpress.com/

• Market entry strategies
  The Virta Laboratories startup company was founded to commercialize this technology. The founders of the company are composed of SHARPS members Kevin Fu, Ben Ransford, Shane Clark and Denis Foo Kune. The company has developed a prototype and is in the early stages of looking for seed funding.

Bibliography
WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices
Shane S. Clark, Benjamin Ransford, Amir Rahmati, Shane Guineau, Jacob Sorber, Wenyuan Xu, and Kevin Fu
USENIX Workshop on Health Information Technologies, August 2013

Current Events: Identifying Webpages by Tapping the Electrical Outlet
Shane S. Clark, Hossen Mustafa, Benjamin Ransford, Jacob Sorber, Kevin Fu, and Wenyuan Xu
Proceedings of the 18th European Symposium on Research in Computer Security (ESORICS), September 2013