A critical analysis of ECG-based key distribution for securing wearable and implantable medical devices

Guanglou Zheng, Rajan Shankaran, Wencheng Yang, Craig Valli, Li Qiao, Mehmet A. Orgun, Subhas Chandra Mukhopadhyay

Research output: Contribution to journalArticleResearchpeer-review

Abstract

Wearable and Implantable Medical Devices (WIMDs) perform critical health monitoring and therapeutic functions. However, current WIMD products lack security safeguards to protect patients from fatal cyber-attacks. In the recent past, electrocardiogram (ECG) signals based security techniques have been widely explored to secure such devices by using two cryptographic primitives, the fuzzy commitment and the fuzzy vault, respectively. Nonetheless, differences, as well as similarities between these two primitives, have not been well investigated, making it difficult to decide which one would be appropriate for a particular setting. In this paper, we perform a critical analysis on both primitives and discuss their merits and drawbacks in the context of ECG-based key distribution. We analyze the critical challenges within each primitive-based key distribution technique, such as binary sequence generation and polynomial computations. Experimental results show that the technique based on the fuzzy commitment has a better false acceptance rate due to the randomness of ECG binary sequences. On the other hand, the fuzzy vault based scheme can achieve an acceptable false reject rate (5%) with less cost to the WIMDs. Future research is suggested to enhance the precision of ECG signal processing, to improve the efficacy of binary sequence generation process as well as to suggest ways to reduce polynomial computations.

LanguageEnglish
Pages1186-1198
Number of pages13
JournalIEEE Sensors Journal
Volume19
Issue number3
DOIs
Publication statusPublished - 1 Feb 2019

Fingerprint

electrocardiography
Electrocardiography
Binary sequences
polynomials
Polynomials
acceptability
attack
health
signal processing
Signal processing
Health
costs
Monitoring
products
Costs

Cite this

@article{f5a2a732c31b4aeb9cafb77973920a0a,
title = "A critical analysis of ECG-based key distribution for securing wearable and implantable medical devices",
abstract = "Wearable and Implantable Medical Devices (WIMDs) perform critical health monitoring and therapeutic functions. However, current WIMD products lack security safeguards to protect patients from fatal cyber-attacks. In the recent past, electrocardiogram (ECG) signals based security techniques have been widely explored to secure such devices by using two cryptographic primitives, the fuzzy commitment and the fuzzy vault, respectively. Nonetheless, differences, as well as similarities between these two primitives, have not been well investigated, making it difficult to decide which one would be appropriate for a particular setting. In this paper, we perform a critical analysis on both primitives and discuss their merits and drawbacks in the context of ECG-based key distribution. We analyze the critical challenges within each primitive-based key distribution technique, such as binary sequence generation and polynomial computations. Experimental results show that the technique based on the fuzzy commitment has a better false acceptance rate due to the randomness of ECG binary sequences. On the other hand, the fuzzy vault based scheme can achieve an acceptable false reject rate (5{\%}) with less cost to the WIMDs. Future research is suggested to enhance the precision of ECG signal processing, to improve the efficacy of binary sequence generation process as well as to suggest ways to reduce polynomial computations.",
author = "Guanglou Zheng and Rajan Shankaran and Wencheng Yang and Craig Valli and Li Qiao and Orgun, {Mehmet A.} and Mukhopadhyay, {Subhas Chandra}",
year = "2019",
month = "2",
day = "1",
doi = "10.1109/JSEN.2018.2879929",
language = "English",
volume = "19",
pages = "1186--1198",
journal = "IEEE Sensors Journal",
issn = "1530-437X",
publisher = "Institute of Electrical and Electronics Engineers (IEEE)",
number = "3",

}

A critical analysis of ECG-based key distribution for securing wearable and implantable medical devices. / Zheng, Guanglou; Shankaran, Rajan; Yang, Wencheng; Valli, Craig; Qiao, Li; Orgun, Mehmet A.; Mukhopadhyay, Subhas Chandra.

In: IEEE Sensors Journal, Vol. 19, No. 3, 01.02.2019, p. 1186-1198.

Research output: Contribution to journalArticleResearchpeer-review

TY - JOUR

T1 - A critical analysis of ECG-based key distribution for securing wearable and implantable medical devices

AU - Zheng, Guanglou

AU - Shankaran, Rajan

AU - Yang, Wencheng

AU - Valli, Craig

AU - Qiao, Li

AU - Orgun, Mehmet A.

AU - Mukhopadhyay, Subhas Chandra

PY - 2019/2/1

Y1 - 2019/2/1

N2 - Wearable and Implantable Medical Devices (WIMDs) perform critical health monitoring and therapeutic functions. However, current WIMD products lack security safeguards to protect patients from fatal cyber-attacks. In the recent past, electrocardiogram (ECG) signals based security techniques have been widely explored to secure such devices by using two cryptographic primitives, the fuzzy commitment and the fuzzy vault, respectively. Nonetheless, differences, as well as similarities between these two primitives, have not been well investigated, making it difficult to decide which one would be appropriate for a particular setting. In this paper, we perform a critical analysis on both primitives and discuss their merits and drawbacks in the context of ECG-based key distribution. We analyze the critical challenges within each primitive-based key distribution technique, such as binary sequence generation and polynomial computations. Experimental results show that the technique based on the fuzzy commitment has a better false acceptance rate due to the randomness of ECG binary sequences. On the other hand, the fuzzy vault based scheme can achieve an acceptable false reject rate (5%) with less cost to the WIMDs. Future research is suggested to enhance the precision of ECG signal processing, to improve the efficacy of binary sequence generation process as well as to suggest ways to reduce polynomial computations.

AB - Wearable and Implantable Medical Devices (WIMDs) perform critical health monitoring and therapeutic functions. However, current WIMD products lack security safeguards to protect patients from fatal cyber-attacks. In the recent past, electrocardiogram (ECG) signals based security techniques have been widely explored to secure such devices by using two cryptographic primitives, the fuzzy commitment and the fuzzy vault, respectively. Nonetheless, differences, as well as similarities between these two primitives, have not been well investigated, making it difficult to decide which one would be appropriate for a particular setting. In this paper, we perform a critical analysis on both primitives and discuss their merits and drawbacks in the context of ECG-based key distribution. We analyze the critical challenges within each primitive-based key distribution technique, such as binary sequence generation and polynomial computations. Experimental results show that the technique based on the fuzzy commitment has a better false acceptance rate due to the randomness of ECG binary sequences. On the other hand, the fuzzy vault based scheme can achieve an acceptable false reject rate (5%) with less cost to the WIMDs. Future research is suggested to enhance the precision of ECG signal processing, to improve the efficacy of binary sequence generation process as well as to suggest ways to reduce polynomial computations.

UR - http://www.scopus.com/inward/record.url?scp=85056312379&partnerID=8YFLogxK

U2 - 10.1109/JSEN.2018.2879929

DO - 10.1109/JSEN.2018.2879929

M3 - Article

VL - 19

SP - 1186

EP - 1198

JO - IEEE Sensors Journal

T2 - IEEE Sensors Journal

JF - IEEE Sensors Journal

SN - 1530-437X

IS - 3

ER -