CRII: SaTC CPS: RUI: Cyber-Physical System Security in Implantable Insulin Injection Systems

CRII：SaTC CPS：RUI：植入式胰岛素注射系统中的网络物理系统安全

• 批准号: 1812553
• 负责人: Xiali Hei
• 金额: $ 14.3万
• 依托单位: University of Louisiana at Lafayette
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-12-01 至 2019-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1812553&HistoricalAwards=false
• 关键词: CRII; SaTC; CPS; RUI; Cyber

Increasingly medical devices are dependent on software and the wireless channel for their operations, which also pose new vulnerabilities to their safe, dependable, and trustworthy operations. Medical devices such as implantable insulin pumps, which are in wide use today, continuously monitor and manage a patient's diabetes without the need for frequent daily patient interventions. These devices, not originally designed against cyber security threats, must now mitigate these threats. This project examines security vulnerabilities in these implantable medical device systems and offers new insights and understanding to protect these devices and prevent their misuse by users and abuse by hackers.Specifically, this research addresses how to detect and defend against man-in-the-middle and replay attacks between the glucose sensor and the insulin pump or monitor device held by patients. Detection of such an attack is addressed via a personalized model to calculate and recognize abnormal glucose levels. To remotely secure the dosage setting over a wireless link, a bio-key based on personalized parameters unique to each patient with diabetes mellitus, is used. Authentication is carried out via an acoustic-based fingerprint scheme coupled with voice pattern recognition technology. A mixed acoustic and radio wave-based secure channel in an artificial pancreas is being developed to test and validate this approach. While this project focuses on glucose sensors and insulin pumps, these security schemes can be applied broadly to other wireless medical devices. This project is being carried out at Delaware State University, a historically black college or university, and leverages collaborations with the University of Pennsylvania and University of Alabama to design a secure wireless insulin pumping system, and will support diverse undergraduate and graduate students for two years. The research results will also be used to design and implement course materials on cyber-physical systems security and will help train students to become tomorrow's cyber security professionals.

越来越多的医疗设备依赖于软件和无线信道来进行操作，这也给它们的安全、可靠和值得信赖的操作带来了新的漏洞。如今广泛使用的诸如可植入胰岛素泵的医疗设备连续地监测和管理患者的糖尿病，而不需要频繁的日常患者干预。 这些设备最初并非针对网络安全威胁而设计，现在必须减轻这些威胁。本项目研究这些植入式医疗设备系统中的安全漏洞，并提供新的见解和理解，以保护这些设备，防止它们被用户滥用和黑客滥用。具体来说，本研究讨论如何检测和防御葡萄糖传感器和胰岛素泵或患者持有的监测设备之间的中间人和重放攻击。这种攻击的检测通过个性化模型来解决，以计算和识别异常葡萄糖水平。为了通过无线链路远程保护剂量设置，使用基于每个糖尿病患者独有的个性化参数的生物密钥。 认证是通过一个基于声音的指纹方案结合语音模式识别技术进行的。一个混合的声学和无线电波为基础的安全通道，在人工胰腺正在开发测试和验证这种方法。虽然该项目的重点是葡萄糖传感器和胰岛素泵，但这些安全方案可以广泛应用于其他无线医疗设备。该项目正在特拉华州州立大学进行，这是一所历史悠久的黑人学院或大学，并利用与宾夕法尼亚大学和亚拉巴马大学的合作来设计一个安全的无线胰岛素泵送系统，并将支持不同的本科生和研究生两年。研究成果还将用于设计和实施网络物理系统安全课程材料，并将有助于培养学生成为未来的网络安全专业人员。

项目成果

Trick or Heat?: Manipulating Critical Temperature-Based Control Systems Using Rectification Attacks

• DOI: 10.1145/3319535.3354195
• 发表时间: 2019-04
• 期刊: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Yazhou Tu;Sara Rampazzi;Bin Hao;Angel Rodriguez;Kevin Fu;X. Hei

A Visible Light Channel Based Access Control Scheme for Wireless Insulin Pump Systems

• DOI: 10.1109/icc.2018.8422827
• 发表时间: 2018-05
• 期刊: 2018 IEEE International Conference on Communications (ICC)
• 作者: Jian Zhao;Kam Kong;X. Hei;Yazhou Tu;Xiaojiang Du

Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial Sensors

• 发表时间: 2018-06
• 期刊: Science China Information Sciences
• 作者: Yazhou Tu;Zhiqiang Lin;Insup Lee;X. Hei