Implantable medical devices and home monitors make use of wireless radio communication for both therapeutic functions and remote monitoring of patients' vital signs. While our past work showed that lack of cryptographic protection results in disclosure of private medical data and manipulation of therapies (Halperin et al., IEEE S&P, 2008) our present work shows that even using encryption is insufficient to protect the confidentiality of patient telemetry. Our experiment analyzes the security of data traffic patterns of two sets of real medical telemetry: a corpus from PhysioNet (an online biomedical research database) and a network trace of a live disaster drill using Harvard's CodeBlue medical sensor network (Chen et al., DCOSS, 2008). Our work shows that even if a wireless medical device uses encryption, patient data can leak to unauthorized parties who need not be near the patient. Our measurements show that data packet timing information and headers distinguish the types of medical and monitoring devices even if traditional cryptographic mechanisms are used. Furthermore, the highly repetitive nature of medical data, such as ECG or respiration signals, leads to additional privacy vulnerabilities that cannot be easily mitigated by means of encryption without significant modification. Data compression technology further exposes encrypted telemetry to cryptanalysis. The information leakage of telemetry could facilitate unauthorized tracking of a patient because an ECG is known to uniquely identify a person in a predetermined group (Biel et al., IEEE I&M, 2002). Moreover, our study shows that data packet padding, encryption, authentication, and other common defenses against security threats require significant energy, storage, and computation that impose on the already scarce battery and space resources. Two of our experiments show how to automatically recover data from encrypted telemetry using Bayesian classifiers. In one experiment, we encrypted an ECG signal. By observing only the length of the digitally encrypted data, we were able to reconstruct sufficient information about the original ECG data that we determined the patient's heart rate. Using similar techniques, we recovered a leaked respiration signal that visually matches the original signal. Our findings show the weakness of using common cryptographic techniques on highly periodic and often compressed medical telemetry. Our work further discusses techniques to mitigate these security and privacy risks in wireless medical telemetry systems. However, all known techniques require extra energy, computation, and bandwidth from the medical device. The lesson learned is that encryption is not enough to protect the privacy of medical telemetry, and that reasonable assurance for security and privacy will require an energy budget. Future design of medical devices will have to make difficult tradeoffs between battery life versus security and privacy. This work was supported by NSF grants CNS-0627529, CNS-0716386, and CNS-0831244.
Skip Nav Destination
Article navigation
Design Of Medical Devices Conference Abstracts
Home Telemedicine: Encryption is Not Enough
M. Salajegheh,
M. Salajegheh
University of Massachusetts
, Amherst, USA
Search for other works by this author on:
A. Molina,
A. Molina
University of Massachusetts
, Amherst, USA
Search for other works by this author on:
K. Fu
K. Fu
University of Massachusetts
, Amherst, USA
Search for other works by this author on:
M. Salajegheh
University of Massachusetts
, Amherst, USA
A. Molina
University of Massachusetts
, Amherst, USA
K. Fu
University of Massachusetts
, Amherst, USAJ. Med. Devices. Jun 2009, 3(2): 027503 (1 pages)
Published Online: June 29, 2009
Article history
Published:
June 29, 2009
Citation
Salajegheh, M., Molina, A., and Fu, K. (June 29, 2009). "Home Telemedicine: Encryption is Not Enough." ASME. J. Med. Devices. June 2009; 3(2): 027503. https://doi.org/10.1115/1.3134785
Download citation file:
Get Email Alerts
Cited By
Related Articles
Automatic Vibrotactile Device for Interruption of Apnea in Premature Infants
J. Med. Devices (June,2010)
Integrating Physicians, Researchers and Engineers— 60 Years of Medical Device Innovation at Mayo Clinic
J. Med. Devices (June,2008)
Cerebrospinal Fluid Volume Monitoring for Hydrocephalus Therapy
J. Med. Devices (June,2011)
Designing an Optical Bendloss Sensor for Clinical ForcMeasurement
J. Med. Devices (June,2009)
Related Proceedings Papers
Related Chapters
Fatpet: An Attack Tree-Based Framework of Penetration Tests in Distributed Environment
International Conference on Instrumentation, Measurement, Circuits and Systems (ICIMCS 2011)
A Priority Based Scheduling Technique for Multipath Routing in Wireless Sensor Networks
International Conference on Computer Engineering and Technology, 3rd (ICCET 2011)
Research on Security of Wireless Sensor Networks
Proceedings of the International Conference on Internet Technology and Security