University of Birmingham > Talks@bham > Computer Security Seminars > On the feasibility of cryptography for a wireless insulin pump system

On the feasibility of cryptography for a wireless insulin pump system

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Gurchetan Grewal.

This paper analyses the security and privacy properties of a widely used insulin pump and its peripherals. We eavesdrop the wireless channel using Commercial Off-The-Shelf (COTS) software-based radios to intercept the messages sent between these devices; fully reverse-engineer the wireless communication protocol using a black-box approach; and document the message format and the protocol state-machine in use. The upshot is that no standard cryptographic mechanisms are applied and hence the system is shown to be completely vulnerable to replay and spoofing attacks. Furthermore, sensitive patient health-related information is sent unencrypted over the wireless channel. Motivated by the results of our attacks, we study the feasibility of applying cryptography to protect the data transmitted over the air and prevent unauthorized access to the insulin pump. We present a solution based on AES in combination with an updated message format optimized for energy consumption. We implement our solution on a 16-bit micro-controller and evaluate its security properties and energy requirements. Finally, we discuss potential strategies for further reducing the energy consumption.

This talk is part of the Computer Security Seminars series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

 

Talks@bham, University of Birmingham. Contact Us | Help and Documentation | Privacy and Publicity.
talks@bham is based on talks.cam from the University of Cambridge.