Multidisciplinary Approaches and Challenges in Integrating Emerging Medical Devices Security Research and Education

Citation data:

American Society of Engineering Education Annual Conference

Publication Year:
2016
Usage 349
Abstract Views 201
Downloads 148
Social Media 4
Tweets 4
Repository URL:
https://scholarcommons.usf.edu/esb_facpub/38; http://scholarworks.rit.edu/other/860; https://scholarworks.rit.edu/other/859
Author(s):
Kermani, Mehran Mozaffari; Azarderakhsh, Reza; Mirakhorli, Mehdi
Tags:
Multidisciplinary; Medical Devices Security; Research; Education
Most Recent Tweet View All Tweets
conference paper description
Traditional embedded systems such as secure smart cards and nano-sensor networks have been utilized in various usage models. Nevertheless, emerging secure deeply-embedded systems, e.g., implantable and wearable medical devices, have comparably larger “attack surface”. Specifically, with respect to medical devices, a security breach can be life-threatening (for which adopting traditional solutions might not be practical due to tight constraints of these often-battery-powered systems), and unlike traditional embedded systems, it is not only a matter of financial loss. Unfortunately, although emerging cryptographic engineering research mechanisms for such deeply-embedded systems have started solving this critical, vital problem, university education (at both graduate and undergraduate level) lags comparably. One of the pivotal reasons for such a lag is the multi-disciplinary nature of the emerging security bottlenecks. Based on the aforementioned motivation, in this work, at Rochester Institute of Technology, we present an effective research and education integration strategy to overcome this issue in one of the most critical deeply-embedded systems, i.e., medical devices. Moreover, we present the results of two years of implementation of the presented strategy at graduate-level through fault analysis attacks, a variant of side-channel attacks. We note that the authors also supervise an undergraduate student and the outcome of the presented work has been assessed for that student as well; however, the emphasis is on graduate-level integration. The results of the presented work show the success of the presented methodology while pinpointing the challenges encountered compared to traditional embedded system security research/teaching integration of medical devices security. We would like to emphasize that our integration approaches are general and scalable to other critical infrastructures as well.