This Article 
 Bibliographic References 
 Add to: 
Security and Privacy for Implantable Medical Devices
January-March 2008 (vol. 7 no. 1)
pp. 30-39
Daniel Halperin, University of Washington
Thomas S. Heydt-Benjamin, University of Massachusetts Amherst
Kevin Fu, University of Massachusetts Amherst
Tadayoshi Kohno, University of Washington
William H. Maisel, Beth Israel Deaconess Medical Center and Harvard Medical School
Implantable medical devices, such as pacemakers and implantable cardiac defibrillators, can save lives and greatly improve a patient’s quality of life. As the use of wireless IMDs increases and as these devices begin to interoperate in vivo, the need to address IMD security and patient privacy under adversarial conditions will increase. A new framework for evaluating the security and privacy of wireless IMDs attempts to balance the tensions between these goals and traditional IMD design goals such as safety and utility. Proposed research directions can help mitigate conflicts between these goals, but solutions will require design trade-offs and the collective expertise of the medical community, security community, and regulatory bodies. This article is part of a special issue on implantable electronics.

1. K. Hanna et al., eds., Innovation and Invention in Medical Devices: Workshop Summary, US Nat'l Academy of Sciences, 2001.
2. S. Cherukuri, K. Venkatasubramanian, and S. Gupta, "BioSec: A Biometricthe Based Approach for Securing Communication in Wireless Networks of Biosensors Implanted in the Human Body," Proc. Int'l Conf. Parallel Processing (ICPP) Workshops, IEEE CS Press, 2003, pp. 432–439.
3. US Food and Drug Administration, "Unique Device Identification; Request forComments," Federal Register, vol. 71, no. 155, 2006, pp. 46,233–46,236; .
4. T. Drew and M. Gini, "Implantable Medical Devices as Agents and Part of Multiagent Systems," Proc. 5th Int'l Joint Conf. Autonomous Agents and Multiagent Systems (AAMAS06), ACM Press, 2006, pp. 1534–1541.
5. S. Gupta, T. Mukherjee, and K. Venkatasubramanian, "Criticality Aware Access Control Model for Pervasive Applications," Proc. 4th Ann. IEEE Int'l Conf. Pervasive Computing and Comm. (PERCOM06), IEEE CS Press, 2006, pp. 251–257.
6. A. Juels, "RFID Security and Privacy: A Research Survey," IEEE J. Selected Areas in Comm., Feb. 2006, pp. 381–394.
7. M. Jakobsson and S. Wetzel, "Security Weaknesses in Bluetooth," Progress in Cryptology—CT-RSA 2001: The Cryptographers' Track at RSA Conf. 2001, LNCS 2020, Springer, 2001, pp. 176–191.
8. M. Gruteser and D. Grunwald, "A Methodological Assessment of Location Privacy Risks in Wireless Hotspot Networks," First Int'l Conf. Security in Pervasive Computing, Springer, 2003, pp. 10–24.
9. L. Bauer et al., "Device-Enabled Authorization in the Grey System," Proc. 8th Int'l Conf. Information Security (ISC 05), Springer, 2005, pp. 431–445.
10. B. Schneier and J. Kelsey, "Cryptographic Support for Secure Logs on Untrusted Machines," Proc. Usenix Security Symp., Usenix Press, 1998, pp. 53–62.
11. A. Juels and J. Brainard, "Client Puzzles: A Cryptographic Countermeasure against Connection Depletion Attacks," Proc. Network and System Security Symp. (NDSS 99), Internet Soc., 1999, pp. 151–165.
12. A. Juels, P. Syverson, and D. Bailey, "High-Power Proxies for Enhancing RFID Privacy and Utility," Privacy Enhancing Technologies, LNCS 3856, Springer, 2005, pp. 210–226.
13. M. Rieback, B. Crispo, and A. Tanenbaum, "RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management," Proc. 10th Australasian Conf. Information Security and Privacy (ACISP05), LNCS 3574, Springer, 2005, pp. 184–194.
1. W. Maisel, "Safety Issues Involving Medical Devices," J. Am. Medical Assoc., vol. 294, no. 8, 2005, pp. 955–958.
2. M. Carlson et al., "Recommendations from the Heart Rhythm Society Task Force on Device Performance Policies and Guidelines," Heart Rhythm, vol. 3, no. 10, 2006, pp. 1250–1273.
3. C. Israel and S. Barold, "Pacemaker Systems as Implantable Cardiac Rhythm Monitors," Am. J. Cardiology, Aug. 2001, pp. 442–445.
4. J. Webster, ed., Design of Cardiac Pacemakers, IEEE Press, 1995.
5. H. Savci et al., "MICS Transceivers: Regulatory Standards and Applications [Medical Implant Communications Service]," Proc. IEEE SoutheastCon 2005, IEEE Press, 2005, pp. 179–182.
6. W. Maisel et al., "Recalls and Safety Alerts Involving Pacemakers and Implantable Cardioverter-Defibrillator Generators," J. Am. Medical Assoc., vol. 286, no. 7, 2001, pp. 793–799.
1. N.G. Leveson and C.S. Turner, "An Investigation of the Therac-25 Accidents," Computer, vol. 26, no. 7, 1993, pp. 18–41.
2. K. Venkatasubramanian and S. Gupta, "Security for Pervasive Healthcare," Security in Distributed, Grid, Mobile, and Pervasive Computing, Y. Xiao, ed., CRC Press, 2007, pp. 349–366.
3. M. Meingast, T. Roosta, and S. Sastry, "Security and Privacy Issues with Health Care Information Technology," Proc. Int'l Conf. Eng. Medicine and Biology Soc. (EMBS 06), IEEE Press, 2006, pp. 5453–5458.
4. J. Halamka et al., "The Security Implications of VeriChip Cloning," J. Am. Medical Informatics Assoc., vol. 13, no. 6, 2006, pp. 601–607.
5. J. Hong et al., "Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems," Proc. 5th Conf. Designing Interactive Systems (DIS 04), ACM Press, 2004, pp. 91–100.
6. P. Gould and A. Krahn, "Complications Associated with Implantable Cardioverter-Defibrillator Replacement in Response to Device Advisories," J. Am. Medical Assoc., vol. 295, no. 16, 2006, pp. 1907–1911.

Index Terms:
medical safety, implantable medical devices, security, privacy, pervasive computing
Daniel Halperin, Thomas S. Heydt-Benjamin, Kevin Fu, Tadayoshi Kohno, William H. Maisel, "Security and Privacy for Implantable Medical Devices," IEEE Pervasive Computing, vol. 7, no. 1, pp. 30-39, Jan.-March 2008, doi:10.1109/MPRV.2008.16
Usage of this product signifies your acceptance of the Terms of Use.