We present an electrocardiogram (ECG)-based data encryption (EDE) scheme for implantable medical devices (IMDs). IMDs, including pacemakers and cardiac defibrillators, perform therapeutic or even life-saving functions and store sensitive data; therefore, it is important to prevent adversaries from having access to them. The EDE is designed with the ability to provide information-theoretically unbreakable encryption where two well-known techniques of classic one-time pads (OTPs) and error correcting codes are combined to achieve a cryptographic primitive for IMDs. Unlike other ECG-based key agreement schemes where ECG features are used to facilitate a key distribution, in the EDE scheme, random binary strings generated from ECG signals are directly used as keys for encryption. OTP keys are generated by the IMD and the programmer, respectively, before each encryption attempt; thus, the EDE does not require a cryptographic infrastructure to support a key distribution, storage, revocation, and refreshment. Protected by the EDE, IMDs could not be accessed by adversaries; however, medical personnel can have access to them by measuring real-time ECG data in emergencies. Therefore, the EDE design achieves a balance of high security and high accessibility for the IMD. Our data and security analysis shows that the EDE is a viable scheme for protecting IMDs.
Bibliographical noteVersion archived for private and non-commercial use with the permission of the author/s and according to publisher conditions. For further rights please contact the publisher.
- Implantable medical devices (IMDs)
- wireless security
- electrocardiogram (ECG)
- one-time pads (OTPs)
- error correcting codes