Heartbeat patterns could keep wireless implants secure

日期:2019-03-01 06:10:02 作者:慕香 阅读:

By Colin Barras Heartbeats are the new fingerprints. A person’s individual pulse pattern can be used to protect wireless medical implants from malicious attacks. Advances in wireless technology and antenna design are making it possible for medical implants like pacemakers and other devices to communicate using so-called body-area networks. Future networks of implants and sensors will allow new insight into the body in both sickness and health. But just like a home Wi-Fi network, they come with security risks. And in body-area networks, a security breach could be fatal. Earlier this year researchers showed they could wirelessly hack a pacemaker in a way that would cause a heart attack. Protection is vital if people are to be safe with such new technologies. Now engineers say that natural variations in a person’s pulse rate can be used as a constantly shifting encryption key to their data. “Since devices in a body-sensor network are placed on or in the same human body, it should be fairly easy for them to capture common biological or physiological features to identify the user,” says Carmen Poon, who developed the idea with her team at the Chinese University of Hong Kong. “Only if the two devices share the same biometric feature will they exchange encryption keys for further communication,” she says. Poon’s team has tested this approach using pulse rate as a biometric feature to secure data. They simultaneously recorded the pulse rate from the index finger of both hands of volunteers. They generated a 64-bit code by recording the interval between 16 consecutive heartbeats to the nearest millisecond. Because the pulse rate in both hands is measured at the same time any natural variations in pulse rate do not matter. The two sensors record a near-identical pulse rhythm and generate the same 64-bit code. Wireless devices on the two hands could exchange that code to confirm each other’s identity before sending sensitive data. For maximum security, the identifying code must be unique enough to make it unlikely to match pulse codes from different people. But the technique must also be tolerant to small biological quirks, so that codes generated from the same person are not falsely rejected. In tests, the 64-bit code performed surprisingly well. It was calibrated so that there was just a 0.1% risk that pulses from two people would be accidentally matched. With this setup, the chance that two signals from the same person would go unmatched because of biological quirks was around 6.5%. In comparison, state-of-the-art fingerprint identification systems similarly calibrated have a 4.2% false rejection rate. But Poon says the heartbeat system is in some ways more secure. With fingerprint security there is a risk of an attacker making a dummy of the print, or even cutting off someone’s finger to fool the device. A heartbeat system is difficult to fool in this way. “Because of the ever-changing property of the inter-pulse interval, impostors can’t capture that data and use it later to access the network,” she says. Journal reference: IEEE Transactions on Information Technology in Biomedicine DOI: