A mobile health monitoring system generates and monitors data related to a patient?s health using a wireless or wired channel. It may also control dosages of medicine or alter the behavior of medical devices to preserve a patient?s health. Such continuous monitoring and control gives mobile health monitoring systems the promise of improving health for lower costs than traditional methods. The security of mobile health monitoring systems is critical because of the importance of their tasks and the vulnerability of the devices and their operating environments. Such devices are sometimes used in hospitals or other health care facilities, but more often in patients? homes, offices, and other ordinary environments whose physical and cyber security cannot be controlled. The security of widely used mobile health monitoring devices is badly flawed. This danger will be addressed by adding security mechanisms to the overall system and environment in which mobile medical health devices operate. While less effective and efficient than designing such devices properly in the first place, there are reasonable low-cost solutions that can substantially improve the safety and security of such devices.
This project investigated a new approach to improving the security of the increasing number of wireless-connected medical devices. Such devices have offered tremendous advantages to patients and doctors, allowing more careful monitoring of health conditions and more rapid adjustment of treatments, based on providing information from the patient to the doctor over a wireless network link and giving the doctor the ability to adjust the behavior of the device in response. However, many of the early generations of these devices had poor network and computer security features. They did not necessarily verify that commands came from the real health care provider, they did not encrypt the sensitive medical data they sent over open wireless networks, and they generally did not consider bad things that malicious people could do to medical devices and the data they carry. Other researchers had demonstrated serious security flaws in real wireless medical devices that could lead to very severe consequences, up to and including death of the patient. Unfortunately, it is often hard to change deployed medical devices, and there are many such insecure devices already in patients' hands. Our approach to improving their security is to create a special device that is aware of the shortcomings of the medical devices and takes actions to fix them and thus improve their security. This Personal Security Device (PSD) would be carried by a patient using insecure medical devices and would take various actions to observe interactions with the medical devices, prevent attackers from succeeding, and take preventative actions to make certain attacks hard or impossible. We developed defense mechanisms that such a PSD could use for this purpose, working with real wireless medical devices. For example, we can intercept unencrypted data sent from the medical device, encrypt it to provide confidentiality as it travels over the wireless network, and decrypt it once it has arrived at a trusted computer. We then developed two prototypes of the PSD, one based on embedding the functionality into a smart phone, the other based on building a specialized PSD from commodity components. We implemented the sample defenses in both prototypes and demonstrated their ability to prevent the attacks on the medical devices. This approach can clearly help defend vulnerable medical devices. Further, the approach could be applied to other types of embedded computer systems, where a small computer controls some process without regular oversight from system administrators, often using wireless networks to communicate. In many cases, such control systems also have serious security flaws and are difficult to change, so using an external specialized device to augment their security may be a fruitful approach to improving our ability to protect them.
