Lead Institution: University of Massachusetts Amherst

Project Leader: Kevin Fu

Research Progress

• Abstract
  Security and privacy researchers have limited access to medical devices. This project aims at building a library of devices that can be made available to members of the research community.

• Focus of the research/Market need for this project
  Lack of access to devices is one of the greatest limiting factors for conducting meaningful and reproducible security and privacy research on health IT systems. The Medical Device Library at Archimedes enables the recycling of otherwise discarded resources, putting them to good use in research and development towards enhancing health security and privacy.

• Project Aims/Goals
  Build a repository of medical devices that researchers can borrow for health IT security and privacy.

• Key Conclusions/Significant Findings/Milestones reached/Deliverables
  Established the framework for collecting and sterilizing devices, finished a pilot program with initial members from MIT, Berkeley, Symantec Corp, and McAfee Inc. The medical device library moved under the Archimedes umbrella, which is a self-sustaining organization with current members including Medtronic, WelchAllyn and UL.

  Devices have been checked out to security and privacy researchers at universities including ETH Zurich, the University of Minnesota and MIT, as well as members of the industry.

• Materials Available for Other Investigators/interested parties
  This library focuses on medical devices, and devices can donated and checked out for other security and health IT studies at the following link: http://www.secure-medicine.org/

• Market entry strategies
  There is an annual Archimedes workshop in Ann Arbor, MI bringing together members of the academic research community, standards bodies, regulatory organizations and industry, where the library to commercial and educational institutions is being promoted. http://www.secure-medicine.org/workshop/2014

Bibliography
The following publications have been made possible because of the support of the medical device library of Archimedes (formerly OMDRL).
Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors
Denis Foo Kune, John Backes, Shane S. Clark, Daniel B. Kramer, Matthew Reynolds, Kevin Fu, Yongdae Kim, and Wenyuan Xu
Proceedings of the 34th Annual IEEE Symposium on Security and Privacy, May 2013

They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices
Shyamnath Gollakota, Haitham Hassanieh, Benjamin Ransford, Dina Katabi, and Kevin Fu
(Best Paper award). Proceedings of ACM SIGCOMM, August 2011

Take Two Software Updates and See Me in the Morning: The Case for Software Security Evaluations of Medical Devicesdfgdfg
Steve Hanna, Rolf Rolles, Andres Molina-Markham, Pongsin Poosankam, Kevin Fu, and Dawn Song
Proceedings of 2nd USENIX Workshop on Health Security and Privacy (HealthSec), August 2011