Researcher studying medical device cybersecurity
Improvements could enable better security for wearable and implantable medical devices
Mehran Mozaffari Kermani, a faculty member at Rochester Institute of Technology, recently received a grant to design security measures for computing systems that will protect wearable and implanted medical devices such as pacemakers from cyberattacks. It is work that could improve both patient safety and data integrity of deeply-embedded systems.
Mozaffari Kermani, an assistant professor of electrical engineering in RIT’s Kate Gleason College of Engineering, received $343,406 in funding from the National Institute of Standards and Technology—Measurement Science & Engineering Research Grant Program. He will develop cryptographic systems and technology that will further secure deeply-embedded computing systems—organizational networks connected to the internet.
“It is important to secure deeply-embedded systems. If you think of credit cards or cell phones, there have been security studies about these applications for years. If lost, this could be mostly financial loss,” he said. “But if we talk about security with medical devices, it could be life threatening. Instead of dollars, we could lose lives.”
Today, pacemakers, implantable cardiac defibrillators and insulin pumps, for example, are representative of wireless devices with deeply-embedded computing systems. Devices capture patient data then transmit that information via the internet to medical personnel. Yet data can also be intercepted unless secured, and access to the implantable device’s system can also compromise its functionality for a patient.
Security integration poses challenges to design and processing power. Current system security algorithms need to be integrated into highly sensitive environments, in small spaces and also have varying energy requirements to ensure optimal use. Researchers are looking for solutions to balance needed computing power with device longevity and security.
Mozaffari Kermani’s research, “Design for fault attack resiliency of lightweight cryptographic architectures for deeply-embedded systems,” ensures that security countermeasures for network attacks are more fully integrated into the overall design process of deeply-embedded systems. His approach is to include security as part of the original design process by developing a countermeasure for an analysis attack—described as a type of implementation attack in which the attacker injects intentional faults into the implementation of the cryptographical algorithms.
“The security aspects of these deeply-embedded systems are different than legacy embedded systems, such as smart cards or sensor networks. The usage models and applications we have for these deeply embedded systems are very sensitive. They deal with human health and the ability to diagnosis different diseases, for instance. If there is a security breach in those applications, this could be life-threatening,” he said.
Mozaffari Kermani is collaborating with researchers at Florida Atlantic University on this project and a related initiative in the area of post-quantum cryptography.