Biometric-based two-level secure access control for Implantable Medical Devices during emergencies

Abstract

Implantable Medical Devices (IMDs) are widely used to treat chronic diseases. Nowadays, many IMDs can wirelessly communicate with an outside programmer (reader). However, the wireless access also introduces security concerns. An attacker may get an IMD reader and gain access to a patient's IMD. IMD security is an important issue since attacks on IMDs may directly harm the patient. A number of research groups have studied IMD security issues when the patient is in nonemergency situations. However, these security schemes usually require the patient's participation, and they may not work during emergencies (e.g., when the patient is in comma) for various reasons. In this paper, we propose a light-weight secure access control scheme for IMDs during emergencies. Our scheme utilizes patient's biometric information to prevent unauthorized access to IMDs. The scheme consists of two levels: level 1 employs some basic biometric information of the patient and it is lightweight; level 2 utilizes patients' iris data for authentication and it is very effective. In this research, we also make contributions in human iris verification: we discover that it is possible to perform iris verification by comparing partial iris data rather than the entire iris data. This significantly reduces the overhead of iris verification, which is critical for resource-limited IMDs. We evaluate the performance of our schemes by using real iris data sets. Our experimental results show that the secure access control scheme is very effective and has small overhead (hence feasible for IMDs). Specifically, the false acceptance rate (FAR) and false rejection rate (FRR) of our secure access control scheme are close to 0.000% with suitable threshold, and the memory and computation overheads are acceptable. Our analysis shows that the secure access control scheme reduces computation overhead by an average of 58%.