It is time to start thinking of our hearts as random number generators. That’s so they can serve as passwords to secure medical devices that are vulnerable to hacking, researchers at Rice University have proposed.
In their paper on the authentication technique – called Heart-to-Heart (H2H) – the researchers note that the use of implantable medical devices (IMDs) is growing in the US: for example, each year, over 100,000 patients receive implantable cardioverter defibrillators that detect dangerous heart rhythms and administer electric shocks to restore normal activity.
Other IMDs – a category that includes devices either partially or fully implanted into patients’ bodies – include pacemakers, neurostimulators, and insulin or other drug pumps.
The researchers at the US university in Houston, Texas, say that H2H addresses a fundamental tension between two critical requirements for IMDs:
- Emergency responders have to be able to swiftly reprogram or extract data from the devices, lest treatment delays prove fatal to patients as they hunt for keys or passwords, and
- The devices’ wireless access must be protected from hackers who might harm patients or expose their medical data.
The researchers – Rice electrical and computer engineer Farinaz Koushanfar, graduate student Masoud Rostami, and collaborator Ari Juels, former chief scientist at RSA Laboratories – describe H2H as implementing a “touch-to-access” control policy.
H2H involves a medical instrument that the researchers generically call a programmer. This is allowed to wirelessly access a patient’s medical device only when it has direct contact with a patient’s body.
A medical technician uses the programmer to pick up a waveform generated by the patient’s beating heart – i.e., an electrocardiogram (ECG) signature.
The external device – that is, the programmer – compares the ECG details with the internal medical device. Only if the signals collected by both at the same time match up is access granted.
Rostami told Softpedia’s Eduard Kovacs that, in essence, given a heartbeat’s variability, the heart can function as something of a random number generator:
The signal from your heartbeat is different every second, so the password is different each time. You can’t use it even a minute later.
Hacking of medical devices is, at this point, demonstrably feasible.
The US government in October 2012 told the US Food and Drug Administration (FDA) to finally start taking medical device security seriously, whether we’re talking about intentional hacking, unencrypted data transfer that can be manipulated or a host of other threat vectors.
In June 2013, the FDA complied, calling on medical device manufacturers and health care facilities to start addressing medical devices’ vulnerability to cyberattack.
Koushanfar and Rostami will present the system in November at the Conference on Computer and Communications Security in Berlin.
Before we see H2H debut, it will need to obtain FDA approval. After that, it’s up to medical device manufacturers to adopt the technology.
It’s a fascinating approach to authentication.
My insulin pump and I look forward to seeing whether it wins approval and achieves adoption in the medical device industry.
After that, who knows?
Perhaps our beating hearts will someday be a viable alternative to the easily guessable, completely hackable security questions that are now used to supposedly verify that we are, indeed, who we say we are.
Image of heartbeat courtesy of Shutterstock.
5 comments on “Using heartbeats as passwords to secure medical devices”
You probably shouldn't use it to encrypt your will…
Interesting idea! However, I still do not believe that the heartbeat can be qualified as a good source of randomness (maybe for a PRNG). Maybe it is impractical or infeasible in real-life, however I believe that the heartbeat can be controlled mentally and psychologically. Also, I am not sure if it is a very good distinguishable characteristic. For instance, I think that it is still possible for people to have, for a good span of time, the same heartbeat signal example when in meditative state or for instance if people are related genetically. Well, however, I cannot prove this nor the inverse 🙂
Um,.. fine till the poor sod flat-lines and they can't identify which patient cos there's no output code,.. this really hasn't been though through. Certainly not by anyone who's spent time in ICU.
Arguably Lisa could have outlined this scenario – it is briefly covered in 'their paper' on page 3 (just follow the link): In an emergency (i.e. absence of a suitable ECG waveform) H2H will permit access. To quote from the paper "For these acute events, the risks of medical failure greatly outweigh those of malicious attack."
Anyone bothering to actually read the paper would have noticed that the researchers did actually consider what would happen if the patient's heard stopped:
"The ECG waveform goes flat when an acute heart attack occurs. Similarly, in some late-stage terminal diseases, the parasympathetic network collapses and as a result, the ECG waveform loses most of its entropy. The hugely distorted ECG waveform resulting from such conditions is readily identifiable. In such cases, H2H is designed to enter a promiscuous mode in which any Programmer may access the IMD: For these acute events, the risks of medical failure greatly outweigh those of malicious attack. Additionally, these extreme medical conditions occur rarely."
@Joseph Bugeja, whether the patient is able to effect their own heartbeat is irreverent. The idea behind the paper is that if the implanted device is measuring the patient's heart beat, and the external programmer is measuring the same patient's heartbeat at the same time, the two readings should be significantly similar. A hacker might be able to produce a similar heart rate to the patient, but multiple studies have shown that the actual rhythm is unique. What you're suggesting is equivalent to saying that if two people have a similar cut or scar on their finger, their fingerprints will match.