University of Birmingham > Talks@bham > Computer Security Seminars > On the Difficulty of Using Patient's Physiological Signals in Cryptographic Protocols

On the Difficulty of Using Patient's Physiological Signals in Cryptographic Protocols

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Isra Ahmed.

With the increasing capabilities of wearable sensors and implantable medical devices, new opportunities arise to diagnose, control and treat several chronic conditions. Unfortunately, these advancements also open new attack vectors, making security an essential requirement for the further adoption of these devices. Researchers have already developed security solutions tailored to their unique requirements and constraints. However, a fundamental problem yet unsolved is how to securely and efficiently establish and manage cryptographic keys. A promising area that has received significant attention is the use of patient’s physiological signals as a means for establishing cryptographic keys.

This paper aims at identifying common pitfalls in physiological-signal-based cryptographic protocols. These solutions are very fragile because errors can be introduced at different stages, including the choice of the physiological signal, the design of the protocol or its implementation. We start by reviewing previous work that has succeeded in measuring various physiological signals remotely. Subsequently, we conduct a thorough security analysis of two cryptographic solutions well-accepted by the security community, namely the H2H protocol (Rostami et al. – CCS 2013 ) and the Biosec protocol (Cherukuri et al. – ICISIP 2006 ). Our evaluation reveals that these protocols have serious design and implementation security weaknesses.

Driven by our findings, we then describe the process for securely and efficiently use patients’ physiological signals in cryptographic solutions. Finally, we discuss research directions for future work.

This talk is part of the Computer Security Seminars series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


Talks@bham, University of Birmingham. Contact Us | Help and Documentation | Privacy and Publicity.
talks@bham is based on from the University of Cambridge.