Enhancing Security for IEEE 802.15.6 Medical BANs

doc ieee p802 15 22 0166 00 6a n.w
1 / 17
Embed
Share

Explore how improvements in the security posture of the IEEE 802.15.6 standard can create a secure framework for future Medical Body Area Network (MBAN) applications. Delve into the motivations, challenges, and recommendations to address the evolving landscape of wireless medical devices. Understand the critical need for robust security measures in the face of advancing IoT technologies within healthcare settings.

  • Security
  • IEEE
  • Medical BANs
  • Wireless Networks
  • IoT
rayaanacharya
gal_r Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Doc: IEEE P802.15-22-0166-00-6a March2022 Project: P802.15 Working Group for Wireless SpecialtyNetworks Submission Title: Improving the Security of the IEEE 802.15.6 Standard for Medical BANs. Date Submitted: March 10th, 2022 Source: Muhammad Ali, Georg Hahn, Said Hamdioui, Wouter Serdijn, Christos Strydis. Company: Delft University of Technology, Erasmus Medical Center. Address: Wytemaweg 80, 3015 CN, Rotterdam, The Netherlands. E-Mail: c.strydis@erasmusmc.nl Abstract: Security enhancements for IEEE 802.15.6 Std. Purpose: Material for discussion. Notice: This document has been prepared to assist P802.15.6a. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15.6a. Slide 1 Submission Muhammad Ali,et.al. 1

  2. Improving the Security ofthe IEEE 802.15.6 Standard for MedicalBANs Muhamma d Ali Siddiqi Georg Hah n Said Hamd ioui, Senior Member, IEEE Wouter A. Serdij n, Fellow, IEEE Chris tos Strydis , Senior Member, IEEE 2

  3. Agenda 1. Motivation & problem statement 2. Explaining Medical Body Area Networks (MBANs) 3. IEEE 802.15.6security 4. MBAN threat landscape and security requirements 5. Security-analysis & -assessmentmethodology 6. Security recommendations (Highlights) 7. Methodology benefits & drawbacks 8. Nextsteps 3

  4. Motivation and problemstatement Security laggingbehind Motivation Technology Security IEEE 802.15.6security Medical data is extremely sensitive and private Medical applicationsare becoming increasingly wireless The researchquestion How can theIEEE 802.15.6 standard s security posture be improvedin orderto provide a secure framework forfuture MBANapplications? IoT and IoMT are disruptingtraditional healthcare Medical devices often have a criticalfunctionality Vulnerabilities in association and disassociation protocols have been foundrecently There is still room for improvement in terms of security Many new medical applications (such as Neural Dust), do not exactly fit within the framework set by802.15.6. Cyber incidents involving medical devices are getting moreprominent Devices get increasingly morefunctionality Only secure applications will be adopted by broaderpopulation Lack ofstandardisation for wireless medical sensors andactuators Rapid advances in wireless technology for interconnected devices in the medical space are accompanied by a lack of proper securitymeasures 2 4

  5. Explaining Medical Body Area Networks(MBANs) MBANtaxonomies Disclaimer: In this presentation, MBANs and WBANs will be used interchangeably Functionality Implementation Role Sensor Invasive Endnode Actuator Semi-Invasive Relaynode Hybrid Wearable Coordinatornode Tree Star Peer-to-peer Central Control Unit(CCU) Ambient Nodetypes Topologies MBAN Architecture Applications Invasive Semi-Invasive Wearable RemoteControl MBAN3-tier architecture LeadlessCardiac Pacemakers Epilepticseizure detection Mentalstatus monitoring AmbientAssisted Living(AAL) Diabetescontrol Cancerdetection Remote hearingaids Bodydust Sleepanalysis 3 5

  6. The IEEE 802.15.6 standardsecurity IEEE 802.15.6security Association / Disassociationprotocols Security is offered in threelevels Master-key pre-sharedassociation Unsecured communication Authentication without encryption Authentication withencryption Unauthenticatedassociation The network s central coordinator (hub) must choose a security level before initiating aconnection Public-key hiddenassociation Password authenticatedassociation Which other security flaws does thestandard have and howcan we identifythem? Display authenticatedassociation PTK creation and GTK distribution Securitystatediagram Disassociation Several vulnerabilities in the association and disassociation protocols provided byIEEE 802.15.6 have been found by Toorani etal. 4 6

  7. MBAN threat landscape and securityrequirements Attack surface constantlyincreasing New applications are leading to a rapid expansion of the attachsurface Security attributes need to be addressed in a structured and complete manner: Confidentiality Integrity Availability Authentication Authorization Datafreshness Secure-key management Accountability Dependability Flexibility Robustness 7

  8. A structured procedure to analyse the standard in terms of security Our assessmentmethodology Aheuristic, iterative and scalable approach 6

  9. A structured procedure to analyse the standard in terms of security Introduced security (-related)attributes Security attributes(Sx) Physical attributes(Px) Recall the taxonomies introduced! Device classes(Dx) Invasive Semi-invasive Wearable Ambient 7

  10. A structured procedure to analyse the standard in terms of security Representative MBAN usecases Scenario 1 NeuralDust Scenario 2 Leadless Cardiac Pacemaker Scenario 3 ArtificialPancreas Description Key-Facts Description Key-Facts Description Key-Facts Cortically and sub-cortically implanted untethered, micron-sized sensors and actuators,communicating with sub-dural transceivers via ultrasound and back- scattering that relay data to a wearable externaltransceiver Capable of recording EMG and extracellular signals and deep brainstimulation Sub-duraltransceivers relay signal toCCU US channel of neural dust nodes are considered as inherentlysecure Leadless cardiac pacemaker network capable of CRT and bradycardia pacing therapy, combined with an s-ICD. The device generator acts as the CCU that collects and processes data & instructions from implanted nodes and relays it to a personaldevice Implanted nodes directly communicate with sub- cutaneous CCU via RF communication If a connection can be established, the personal device relays data to medicalserver Artificial pancreas system with a CGM transmitting blood glucose levels to a bihormonal insulin pump as well as a personal device. The pump acts as the network s CCU and coordinates the peer-to-peer connection betweennodes Bihormonal insulinpump can autonomously regulate blood glucose levels CGM system records real- time blood sugar and transmits data to pump andPDA Personal device for convenience Pump isCCU 8

  11. A structured procedure to analyse the standard in terms of security How use cases are linked to security(-related)attributes This matrix links device classes, physical and security requirements with the use cases 9

  12. Analysing the IEEE 802.15.6standard Use-case specifications vs. Security(-related) attributes: GapsIdentified I. We cover each security(-related) attribute at least once due to employing 3 separate use cases II. Looking at the resulting coverage map, we are able to identify gaps partlysatisfied satisfied notsatisfied 10

  13. Security(-related) recommendations A fewhighlights Physical & Organizational recommendations PO.R3: An explanation of the mMaxBANSize limit needs to be added in Chapter 4.2: Network topology or as an addition to Table 24 - MAC sublayer parameters. More importantly, this limit is not sufficient for future applications (e.g., Neural Dust). Cryptography, Confidentiality & Integrity recommendations CC.R3: In Chapter 7: Security services, a paragraph needs to be added stating that, for devices unable to support conventional cryptography, the developer needs to ensure the inherent security of the link (security by design). For example, in Neural Dust, a MHz-range ultrasound channel can be employed to achieve inherently secure communication. Authentication & Authorization recommendations AA.R1: In Chapter 7.1.1: Master key pre-shared association, it is mentioned that the hub and the node perform mutual authentication with each other, while simultaneously advancing to the PTK-creation procedure. Here, a paragraph explaining the inner workings of the mutual authentication procedure has to be added. Otherrecommendations O.R2: In Chapter 7: Security services, best practices and recommendations on how to harden a BAN against DoS attacks need to be introduced in a separate sub-chapter. 11

  14. What our methodologyoffers Taxonomies against which the standard can reflect itself Taxonomies: Node functionality, node implementation, node role, MBAN security tiers, security attributes A standard needs to be very clear, especially with the advent of new applications (e.g., Neural Dust) A tractable method by which to assess the (security) provisions of the IEEE standard An exhaustive search of the whole MBAN design space would be impractical or infeasible An iterative, scalable method that can be adjusted to: More usecases New securityvulnerabilities More or finer-grain security(-related) attributes A forensics , reversible method allows tracking new IEEE-standard additions back to respective findings 12

  15. What is currently notthere Updated, end-to-end security protocols addressing MBANs Essentially, we currently provide recommendations on the vocabulary Can we also extend the grammar? Can this, in fact, be achieved in a general way (i.e., as part of a standard?) 13

  16. 14

  17. Thank you forlistening https://neurocomputinglab.com 17 15

Related


Proposed Approach for MAC Address Assignment in IEEE 802.11

Proposed Approach for MAC Address Assignment in IEEE 802.11

adlai
IEEE 802.11-23/2092r2 AIML Report Summary

IEEE 802.11-23/2092r2 AIML Report Summary

eudora
Issues with SCS Operation in IEEE 802.11be Standard

Issues with SCS Operation in IEEE 802.11be Standard

olivia
IEEE 802.11-20/0021-00 Priority Access Support for NS/EP Services Overview

IEEE 802.11-20/0021-00 Priority Access Support for NS/EP Services Overview

finlo
IEEE 802.11-19-0202/r1 TGbd Agreed Terminology and Requirements

IEEE 802.11-19-0202/r1 TGbd Agreed Terminology and Requirements

valerio
Time-Aware Scheduling Capabilities in IEEE 802.11be

Time-Aware Scheduling Capabilities in IEEE 802.11be

joachim
Evolution of Standards: IEEE 802.11 and 802.1D Relationship

Evolution of Standards: IEEE 802.11 and 802.1D Relationship

amethyst
IEEE Std. 802.11-22/1017r0 Overview and Architecture Presentation

IEEE Std. 802.11-22/1017r0 Overview and Architecture Presentation

jewel
IEEE-SA Fellowship Program at IEEE 802 Plenary March 2019 Schedule

IEEE-SA Fellowship Program at IEEE 802 Plenary March 2019 Schedule

jshah
IEEE 802.15 Standards Progress Report July 2024

IEEE 802.15 Standards Progress Report July 2024

ybloo
IEEE 802.1CQ: Address Assignment and Validation Protocols

IEEE 802.1CQ: Address Assignment and Validation Protocols

coia227
Suitability of IEEE 802.11ah for LPWAN Applications Analysis

Suitability of IEEE 802.11ah for LPWAN Applications Analysis

milia
IEEE 802.11 Sensing: Applications, Feasibility, Standardization

IEEE 802.11 Sensing: Applications, Feasibility, Standardization

medidoc
IEEE 802.11-20/0192r2 Study Group Formation for RCM Recommendations

IEEE 802.11-20/0192r2 Study Group Formation for RCM Recommendations

esmerald
IEEE 802.3 Criteria for Standards Development

IEEE 802.3 Criteria for Standards Development

dkern
Evolution and Impact of IEEE 802 Security Architectures

Evolution and Impact of IEEE 802 Security Architectures

jall371
Switching to EtherType Protocol Discrimination in IEEE 802.11 for 5.9GHz Operations

Switching to EtherType Protocol Discrimination in IEEE 802.11 for 5.9GHz Operations

lamya
Implementation of IEEE 802 Security Architecture History

Implementation of IEEE 802 Security Architecture History

aleinahn
Resolving Approval Blockage for IEEE 802.11ax Standard in ISO

Resolving Approval Blockage for IEEE 802.11ax Standard in ISO

ely_kro
Enhancing IEEE 802.11 Security and Privacy Standards

Enhancing IEEE 802.11 Security and Privacy Standards

alys_341
IEEE 802 October 2024 Public Visibility Report & New Initiatives

IEEE 802 October 2024 Public Visibility Report & New Initiatives

yoo_vya
IEEE 802.19-24 Simulation Update for Coexistence of IEEE 802.15.4g and IEEE 802.11ah

IEEE 802.19-24 Simulation Update for Coexistence of IEEE 802.15.4g and IEEE 802.11ah

agoll

More Related Content