IMD access control during emergencies

IMDs are widely used to treat chronic diseases. Many IMDs can communicate wirelessly with an outside programmer (reader). However, wireless access also introduces security concerns. An attacker may obtain an IMD reader and gain unauthorized access to a patient’s device. IMD security is an important issue, since attacks on IMDs may cause physical harm to the patient. A number of research groups have studied IMD security issues when the patient is in a non-emergency situation. However, these security schemes usually require the patient’s participation, and therefore may not work during emergencies (e.g., when the patient is in a coma). In this chapter, we present a light-weight secure access control scheme for IMDs during emergencies. Our scheme utilizes the patient’s biometric information to prevent unauthorized access to the IMD. The scheme consists of two levels: level 1 is a lightweight scheme using some basic biometric information about the patient; level 2 utilizes a patient’s iris for authentication in a very effective manner. We also make one contribution in human iris verification: we show that it is possible to perform iris verification by comparing partial iris data rather than using iris data of an entire eye. This significantly reduces the overhead of iris verification, which is critical for resource-limited IMDs. We evaluate the performance of our schemes by using real iris data sets. Our experimental results show that the secure access control scheme is very effective and has small overhead (hence feasible for IMDs). Specifically, the false acceptance rate (FAR) and false rejection rate (FRR) of our secure access control scheme are close to 0.000 % when suitable thresholds are used, and the memory and computation overheads are very small. Our analysis shows that the secure access control scheme reduces computation overhead by an average of 58 %.