The Risks of Bio-IoT

Bio-IoT: Internet of Things applied to biological systems, such as pharmaceutical delivery systems, implanted medical devices, intelligent prosthetics, surgical assistants, and remote patient monitoring.

IoT 2.0, with ample processing resources and OSI-conformant networking, promises vast improvements in health care. A recent paper from the IEEE describes a bright future for medical IoT (The Internet of Things for Health Care: A Comprehensive Survey, S. M. R. Islam et al., Digital Object Identifier 10.1109/ACCESS.2015.2437951, June 4, 2015)

Without adequate information security, these devices will expose patients to dangerous vulnerabilities.

Former Vice President Dick Cheney disconnected his implanted pacemaker from the Internet for safety. This was prudent. While the internet connection gave his caregivers real-time information about his condition, it also opened an attack surface. Last fall, the FDA recalled 465,000 pacemakers having that precise vulnerability (https://www.engadget.com/2017/08/31/fda-pacemakers-abbott-hacking/).

IoT devices arose from industrial control systems (ICS). ICSs have two primary design criteria: safety and reliability. Safety means they leave the system stable when they fail, or while they are inactive. Reliability means they do not spew inaccurate or misleading information when faulty. Neither of these architectural constraints corresponds to any principle in information security.

A recent article “Securing Wireless Neurostimulators” from the ACM (In Proceedings of Eighth ACM Conference on Data and Application Security and Privacy, Tempe, AZ, USA, March 19–21, 2018 (CODASPY ’18), 12 pages. https://doi.org/10.1145/3176258.3176310 discusses an attack on implantable medical devices. The specific devices are placed in the patient’s brain. They provide a carefully targeted low-voltage electrical stimulation to manage chronic pain, and control movement disorders such as Parkinson’s. The paper warns:

“If strong security mechanisms are not in place, adversaries could send malicious commands to the neurostimulator in order to deliver undesired electrical signals to the patient’s brain. For example, adversaries could change the settings of the neurostimulator to increase the voltage of the signals that are continuously delivered to the patient’s brain. This could prevent the patient from speaking or moving, cause irreversible damage to his brain, or even worse, be life-threatening.”

Solving this problem requires information security. The primary functions of information security (from ISO 7498-2) are: identification, authorization, data confidentiality, data integrity, and non-repudiation. These functions require processing power, memory, and network bandwidth. In the paper, the authors propose an encryption mechanism that uses biological signals as a source for random numbers. Random numbers are useful to seed private key encryption. In this scenario, BioIot would exploit the patient’s own locally available information to help protect them.

A complete solution would use identification to screen out rogue signals, authentication to verify the sender’s permission to modify the device (with logging), data confidentiality to preserve the patient’s privacy, data integrity to guarantee the correctness of any unencrypted signals, and non-repudiation to validate the transmission and receipt of commands and responses.

Only by merging the primary architectural directives of Industrial Control Systems with those of Information Security can we fulfill BioIot’s promise. Hybrid, cross-domain development teams can deliver – with mature processes and collaboration.

Let me know what you think! Post your comments below, or follow me on Twitter: @WilliamMalikTM .