Implantable medical devices such as pacemakers are becoming smarter and smarter—and that gives physicians and patients unprecedented capabilities to track and monitor their health.
But the computational capabilities of implanted devices also leaves them vulnerable to malicious attacks—and in such life-and-death matters, protection is not as simple as installing antivirus software.
Younghyun Kim is developing systems to keep medical devices safe and secure.
“Medical devices have very extreme energy constraints and very extreme usage constraints. They need to be accessible to the doctors, but the device cannot tell the difference between a doctor and a hacker,” says Kim, who joined the Department of Electrical and Computer Engineering in fall 2016 as an assistant professor.
Right now, few security measures exist to prevent hackers from seizing control of medical implants. Because pacemakers and insulin pumps come with built-in wireless capabilities to communicate information about patients’ vital signs, hacking into medical implants is relatively easy.
“There should be a way to transfer a cryptographic key between medical implants and hospital equipment in a secure manner. But most medical devices don’t do any encryption because there’s no method to share the cryptographic key,” says Kim.
That lack of encryption means that hackers could easily manipulate insulin pumps into delivering lethal doses of the hormone from afar. And people could seize control of cardiac implants to trigger heart attacks—a prospect that so alarmed former U.S. Vice President Dick Cheney that he ordered the wireless features of his own pacemaker disabled on implantation.
Kim is developing methods to establish secure key exchanges between doctors and medical devices that don’t require any updates to existing implant hardware. The secret code won’t rely on invisible, intangible radio signals or magnetic fields, which penetrate patients’ bodies without their knowledge. Instead, Kim’s system will use codes based on vibration.
“Vibration is secure because the patient can feel it—if a hacker tried to do a malicious thing, like turn off your pacemaker, you could physically feel it,” says Kim. Because pacemakers already have built-in accelerometers, they can detect vibrations through a person’s body. Patients and doctors can program the built-in buzzing silent ringer on their phones to deliver a signature sequence of pulses that, when converted into binary zeros and ones, function as secure cryptographic keys.
Because most implants already include central processing units, embedding such security measures will only require minor software tweaks. After ironing out the computational codes, Kim plans to work with faculty in the UW-Madison School of Medicine and Public Health to design and test hardware prototypes.
“The primary reason I picked UW-Madison is the collaboration opportunities,” says Kim.
He also hopes to work with ECE colleagues to design computer architectures that can function for a long time on minimal power, as is required for medical devices.
Beyond the prospects of productive new partnerships, Kim is keen to explore the camping, hiking, and fishing around Madison. “I love the lakes,” he says. “I’m looking forward to next summer and all of the outdoor activities.”
Kim comes to Madison after postdoctoral studies at Purdue University. He completed his PhD in electrical engineering and computer science in 2013 at Seoul National University in Korea, which is also where he graduated with a bachelor’s degree in computer science in 2007.
Author: Sam Million-Weaver