Research Article
BibTex RIS Cite

Security Analysis of Medical Devices within Wireless Body Area Networks and Mobile Health Applications

Year 2018, , 1 - 8, 31.01.2018
https://doi.org/10.17671/gazibtd.301668

Abstract

Body Area Networks (BAN) consisting of medical devices that interact
with human body have been developed in accordance with technical developments
in healthcare area. Providing this, devices automatically measuring human blood
pressure or insulin value and feeding data into hospital management systems have
started being used in daily-life. These medical devices help to improve health status
of patients, however they are also subject to risks caused by unauthorized
intervention. In this study, medical devices used in Wireless Body Area
Networks (WBAN) and mobile health applications have been analyzed according to different
security requirements and aspects. Initially, all threats and risks faced by
remotely accessible medical devices in WBAN have been identified by applying WBAN
threat modeling. Security analysis and penetration testing of mobile health
applications running on smart devices have been conducted. In addition, secure
architecture principles for WBAN design have been specified in detail.

References

  • H. F. Rashvand, V. T. Salcedo, E. M. Sanchez, D. Iliescu, “Ubiquitous Wireless Telemedicine”, Communications, IET, 2(2), pp.237-254, 2008.
  • R. Bults, K. Wac, A. Van Halteren, D. Konstantas, V. Jones, I. Widya, “Body Area Networks for Ambulant Patient Monitoring Over Next Generation Public Wireless Networks”, 3rd IST Mobile and Wireless Communications Summit, Lyon, France, 27/30, 27-30 June, 2004.
  • M. Li, W. Lou, K. Ren, “Data Security and Privacy in Wireless Body Area Networks”, IEEE Wireless Communications, ISSN 1536-1284, 17(1), pp.51-58, 2010, doi: 10.1109/MWC.2010.5416350.
  • IEEE Standard for Local and metropolitan area networks - Part 15.6: Wireless Body Area Networks, IEEE Std 802.15.6-2012, pp.1-271, Feb. 29 2012, doi: 10.1109/IEEESTD.2012.6161600.
  • Internet: Microsoft STRIDE Threat Model, https://msdn.microsoft.com/library/ms954176.aspx, 19.04.2016.
  • Internet: D. Galpin, I. Lewis, Google I/O 2012 - Ten Things Game Developers Should Know, https://www.youtube.com/watch?v=WDDgoxvQsrQ, 13.12.2015.
  • A. Demir, Vücut Alan Ağlarındaki Medikal Cihazların ve Mobil Sağlık Uygulamalarının Güvenlik Analizleri, Master Thesis, Istanbul Sehir University, Graduate School of Natural and Applied Sciences, 2016.
  • C. s. Jang, D. G. Lee, J. w. Han, “A Proposal of Security Framework for Wireless Body Area Network”, Security Technology, International Conference on’08, Los Alamitos, CA, USA, pp. 202-205, December, 2008, doi: 10.1109/SecTech.2008.32.
  • O. Garcia-Morchon, T. Falck, T. Heer, K. Wehrle, "Security for Pervasive Medical Sensor Networks," 2009 6th Annual International Mobile and Ubiquitous Systems: Networking & Services, MobiQuitous, Toronto, ON, pp. 1-10, July, 2009, doi: 10.4108/ICST.MOBIQUITOUS2009.6832.
  • C. Li, A. Raghunathan and N. K. Jha, "Hijacking an Insulin Pump: Security Attacks and Defenses for a Diabetes Therapy System," 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services, Columbia, MO, pp. 150-156, June, 2011, doi: 10.1109/HEALTH.2011.6026732.
  • W. Burleson, S. S. Clark, B. Ransford, K. Fu, "Design Challenges for Secure Implantable Medical Devices," DAC Design Automation Conference 2012, San Francisco, CA, pp. 12-17, June, 2012, doi: 10.1145/2228360.2228364.
  • D. Halperin et al., "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses," 2008 IEEE Symposium on Security and Privacy (sp 2008), Oakland, CA, pp. 129-142, May, 2008, doi: 10.1109/SP.2008.31.
  • L. C. Silva et al., “A Baseline Patient Model to Support Testing of Medical Cyber-Physical Systems”, MedInfo, Studies in Health Technology and Informatics, vol:216, Editor: Indra Neil Sarkar et al., IOS Press, pp. 549-553, 2015, doi: 10.3233/978-1-61499-564-7-549.
  • S. N. Ramli, R. Ahmad, M. F. Abdollah, E. Dutkiewicz, "A Biometric-based Security for Data Authentication in Wireless Body Area Network (WBAN)," 2013 15th International Conference on Advanced Communications Technology (ICACT), PyeongChang, pp. 998-1001, January, 2013.
  • S. N. Ramli, R. Ahmad, M. F. Abdollah, "Electrocardiogram (ECG) Signals as Biometrics in Securing Wireless Body Area Network," 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013), London, pp. 536-541, December, 2016,doi: 10.1109/ICITST.2013.6750259

Vücut Alan Ağlarındaki Medikal Cihazların ve Mobil Sağlık Uygulamaların Güvenlik Analizleri

Year 2018, , 1 - 8, 31.01.2018
https://doi.org/10.17671/gazibtd.301668

Abstract

Sağlık
alanındaki teknolojik gelişmelerle birlikte insan vücudu ile etkileşimde
bulunan medikal cihazlardan oluşan Vücut Alan Ağları (BAN) geliştirildi. Bu
sayede örneğin insan kan basıncını ya da insülin değerini otomatik ölçen ve
hastane yönetim sistemlerine aktaran mobil cihazlar günlük hayatta kullanılmaya
başlandı. Bu medikal cihazlar bir yandan sağlık yönetimini iyileştirirken diğer
taraftan bunlara yapılacak izinsiz müdahale ile insan sağlığını riske
atabilmekte hatta ölümlere neden olabilmektedirler. Bu çalışmamızda Kablosuz
Vücut Alan Ağları (WBAN)’nda kullanılan medikal cihazların ve mobil sağlık
uygulamalarının güvenlik analizleri gerçekleştirildi. Öncelikle WBAN’ın tehdit
modellemesi yapılarak WBAN’da ki özellikle uzaktan erişilebilir medikal
cihazların karşı karşıya kaldıkları bütün tehditler ve riskler belirlendi. Akıllı
cihazlar üzerinde çalışan mobil sağlık uygulamaları için güvenlik analizleri ve
güvenlik sızma testleri gerçekleştirildi. Ayrıca, WBAN sistem tasarımı için
güvenli mimari prensipleri belirlendi.

References

  • H. F. Rashvand, V. T. Salcedo, E. M. Sanchez, D. Iliescu, “Ubiquitous Wireless Telemedicine”, Communications, IET, 2(2), pp.237-254, 2008.
  • R. Bults, K. Wac, A. Van Halteren, D. Konstantas, V. Jones, I. Widya, “Body Area Networks for Ambulant Patient Monitoring Over Next Generation Public Wireless Networks”, 3rd IST Mobile and Wireless Communications Summit, Lyon, France, 27/30, 27-30 June, 2004.
  • M. Li, W. Lou, K. Ren, “Data Security and Privacy in Wireless Body Area Networks”, IEEE Wireless Communications, ISSN 1536-1284, 17(1), pp.51-58, 2010, doi: 10.1109/MWC.2010.5416350.
  • IEEE Standard for Local and metropolitan area networks - Part 15.6: Wireless Body Area Networks, IEEE Std 802.15.6-2012, pp.1-271, Feb. 29 2012, doi: 10.1109/IEEESTD.2012.6161600.
  • Internet: Microsoft STRIDE Threat Model, https://msdn.microsoft.com/library/ms954176.aspx, 19.04.2016.
  • Internet: D. Galpin, I. Lewis, Google I/O 2012 - Ten Things Game Developers Should Know, https://www.youtube.com/watch?v=WDDgoxvQsrQ, 13.12.2015.
  • A. Demir, Vücut Alan Ağlarındaki Medikal Cihazların ve Mobil Sağlık Uygulamalarının Güvenlik Analizleri, Master Thesis, Istanbul Sehir University, Graduate School of Natural and Applied Sciences, 2016.
  • C. s. Jang, D. G. Lee, J. w. Han, “A Proposal of Security Framework for Wireless Body Area Network”, Security Technology, International Conference on’08, Los Alamitos, CA, USA, pp. 202-205, December, 2008, doi: 10.1109/SecTech.2008.32.
  • O. Garcia-Morchon, T. Falck, T. Heer, K. Wehrle, "Security for Pervasive Medical Sensor Networks," 2009 6th Annual International Mobile and Ubiquitous Systems: Networking & Services, MobiQuitous, Toronto, ON, pp. 1-10, July, 2009, doi: 10.4108/ICST.MOBIQUITOUS2009.6832.
  • C. Li, A. Raghunathan and N. K. Jha, "Hijacking an Insulin Pump: Security Attacks and Defenses for a Diabetes Therapy System," 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services, Columbia, MO, pp. 150-156, June, 2011, doi: 10.1109/HEALTH.2011.6026732.
  • W. Burleson, S. S. Clark, B. Ransford, K. Fu, "Design Challenges for Secure Implantable Medical Devices," DAC Design Automation Conference 2012, San Francisco, CA, pp. 12-17, June, 2012, doi: 10.1145/2228360.2228364.
  • D. Halperin et al., "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses," 2008 IEEE Symposium on Security and Privacy (sp 2008), Oakland, CA, pp. 129-142, May, 2008, doi: 10.1109/SP.2008.31.
  • L. C. Silva et al., “A Baseline Patient Model to Support Testing of Medical Cyber-Physical Systems”, MedInfo, Studies in Health Technology and Informatics, vol:216, Editor: Indra Neil Sarkar et al., IOS Press, pp. 549-553, 2015, doi: 10.3233/978-1-61499-564-7-549.
  • S. N. Ramli, R. Ahmad, M. F. Abdollah, E. Dutkiewicz, "A Biometric-based Security for Data Authentication in Wireless Body Area Network (WBAN)," 2013 15th International Conference on Advanced Communications Technology (ICACT), PyeongChang, pp. 998-1001, January, 2013.
  • S. N. Ramli, R. Ahmad, M. F. Abdollah, "Electrocardiogram (ECG) Signals as Biometrics in Securing Wireless Body Area Network," 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013), London, pp. 536-541, December, 2016,doi: 10.1109/ICITST.2013.6750259
There are 15 citations in total.

Details

Primary Language English
Subjects Computer Software, Engineering
Journal Section Articles
Authors

Abdulkerim Demir

Emin İslam Tatlı This is me

Publication Date January 31, 2018
Submission Date March 28, 2017
Published in Issue Year 2018

Cite

APA Demir, A., & Tatlı, E. İ. (2018). Security Analysis of Medical Devices within Wireless Body Area Networks and Mobile Health Applications. Bilişim Teknolojileri Dergisi, 11(1), 1-8. https://doi.org/10.17671/gazibtd.301668