A brain implant designed to assist control seizures is hijacked. A pacemaker receives fake signals, disrupting its rhythm. A hacker infiltrates an insulin pump, delivering a fatal overdose. While these scenarios sound like scenes from a sci-fi thriller, such cyberhealth threats are of real concern as medical technology moves toward smart, wirelessly connected implants.
Smart bioelectronic implants promise to revolutionize healthcare, giving doctors distant access to observe and adjust treatments. But as these devices grow to be more advanced, additionally they grow to be more vulnerable. Similar to smartphones and bank accounts, medical implants may very well be targeted by cybercriminals. And when that happens, the results may very well be life-threatening.
At Rice University, electrical and computer engineer Kaiyuan Yang is working to remain ahead of those threats, developing hacker-resistant implants that protect patients from the dark side of medical innovation.
“As biomedical technology advances, the stakes of security have gotten ever more critical,” said Rice University engineer Kaiyuan Yang, who runs the Secure and Intelligent Micro-Systems (SIMS) Lab. “Imagine a tiny, battery-free medical implant — no greater than a grain of rice — able to treating diseases without major surgery or medication regimens.
“Such implants, powered wirelessly and connected to the web through a wearable hub, could make an enormous difference for the autonomy and life quality of individuals living with chronic conditions like epilepsy or treatment-resistant depression, for example,” said Yang, an associate professor of electrical and computer engineering at Rice.
Advanced wireless implantable technology could enable doctors to observe patients’ health and adjust treatment remotely, making the necessity for on-site testing and treatment obsolete. But Yang warns that with this potential comes a serious risk: Hackers could intercept communications, steal passwords or send fake commands, threatening patient safety.
In recent work presented on the International Solid-State Circuits Conference (ISSCC) — the flagship conference of the Institute of Electrical and Electronics Engineers (IEEE) — Yang and his team unveiled a first-of-its-kind authentication protocol for wireless, battery-free, ultraminiaturized implants that ensures these devices remain protected while still allowing emergency access. Generally known as magnetoelectric datagram transport layer security, or ME-DTLS, the protocol exploits a quirk of wireless power transfer, a technology that permits medical implants to be powered externally with out a battery. Normally when the external power source — or on this case the external hub worn by the patient — moves barely out of alignment, the quantity of power the implant receives fluctuates.
“Lateral or side-to-side movement causes a signal misalignment that is often considered a flaw in these systems, but we turned it right into a security feature by transmitting binary values to specific movements with full awareness of the patient,” Yang said.
For instance, by coding short movements as a “1” and longer movements as a “0,” the protocol enables users to input a secure access pattern just by moving the external hub in a particular way. This pattern-based input acts like a second authentication factor, very similar to entering a PIN after using a password or drawing a pattern to unlock a phone. The general user experience with the ME-DTLS two-factor authentication closely resembles the technique of logging into bank accounts today. Users enter their login credentials, wait for an SMS with a short lived passcode then input this passcode to log in.
This innovation solves two major problems in medical cybersecurity. First, it protects against stolen passwords by requiring a physical confirmation step that can not be faked remotely. Second, it ensures emergency responders can access the device while not having preshared credentials. Thus, if a patient is unconscious or unable to supply a password, the implant transmits a short lived authentication signal that may only be detected at close range.
“This ensures that only a close-by authorized device can access the implant,” Yang said. “In emergencies, the implant verifies the responder or doctor by the pattern they draw and provides them access even when there is no such thing as a web connection.”
By leveraging an intrinsic feature of wireless power transfer systems, the answer developed by Yang and his team avoids the drawbacks of other security measures for implantable technologies, just like the addition of bulky sensors.
The researchers tested the pattern input method with volunteers and located that it appropriately recognized the patterns 98.72% of the time, proving their solution is each reliable and straightforward to make use of. The team also developed a rapid, low-power method for the implant to send data back out securely and effectively.
“To one of the best of our knowledge, we’re the primary to utilize the natural flaw of wireless power transfer to send secure information to the implant and enable secure two-factor authentication in miniaturized implants,” Yang said. “In comparison with other medical devices, our design offers one of the best balance between security, efficiency and reliability.”
For patients, this might mean a future where their medical implants are each secure and accessible when it matters most, offering a straightforward, intuitive approach to be certain that only the fitting people — whether a physician, caregiver or emergency responder — can control the technology inside their bodies.
Yang and his team presented their work on the ISSCC held Feb.16-20 in San Francisco. On the conference, Yang was awarded the IEEE Solid-State Circuits Society Latest Frontier Award, which recognizes early profession researchers “exploring progressive and visionary technical work,” based on the IEEE website. This 12 months, Yang’s team was part of a bigger contingent of Rice faculty and students who presented on the conference and were recognized for his or her achievements.
The work was supported by the National Science Foundation (2146476).
