Access Control Schemes for Implantable Medical Devices: A Survey

Abstract

Implantable medical devices (IMDs) are electronic devices implanted within human body for diagnostic, monitoring, and therapeutic purposes. It is imperative to guarantee that IMDs are completely secured since the patient’s life is closely bound to the robustness and effectiveness of IMDs. Intuitively, we have to ensure that only the authorized medical personnel and IMD programmer can access the IMD. However, in recent years, several attacks have been reported which can successfully compromise a number of IMD products, e.g., stealing the sensitive health data and issuing fake commands. Up to now, there is no commonly agreed and well-recognized security standards and the protection of IMD is still an open problem. In this paper, we present a comprehensive survey of the existing literature on IMD security, with a focus on the access control schemes to prevent unauthorized access. Specifically, we first reviewed the security incidents, IMD threat model and the development of regulations for IMD security. Next, we classified existing IMD access control schemes based on architecture, type of keys used, access control channel, and logic. We also analyzed how different access control models can be adopted to secure IMD. Besides, we particularly discussed the viability of online authentication and low/zero power authentication in the IMD context.