Designing novel proxy-based access control scheme for implantable medical devices

Abstract

Implantable medical devices (IMDs) are small medical devices implanted within the human body, performing diagnostic, monitoring, and therapeutic functions. Modern IMDs are equipped with a radio transmitter and can communicate with a specialized external programmer device (i.e., IMD programmer) through the wireless channel. IMDs are extremely limited in computation power, storage and battery capacity, hence can only afford lightweight cryptographic operations. This makes IMDs vulnerable to adversarial attacks especially on the wireless interface. In this paper, we propose a novel proxy-based fine-grained access control scheme for IMDs, which can prolong the IMD’s lifetime by delegating the heavy cryptographic computations to a proxy device (e.g., smartphone). Additionally, we use the ciphertext-policy attribute-based encryption (CP-ABE) to enforce fine-grained access control so that only the qualified and/or authorized individuals can access the IMDs. The proposed scheme is implemented on real emulator devices. The experimental results show that the proposed scheme is lightweight and effective.