Download PDFOpen PDF in browserAttack-tree-based Threat Modeling of Medical Implants18 pages•Published: September 10, 2018AbstractModern Implantable Medical Devices (IMDs) are low-power embedded systems with life-critical functionalities. Almost all of these devices are equipped with wireless- communication capabilities in order to aid in diagnosis, in updating the functional settings and firmware and so on, without any surgical procedure to perform these tasks manually. There is, thus, a rising trend towards increased connectivity of these devices. The down- side of this trend is, however, a proportional increase in the attack surface that can be exploited by a malicious entity. In effect, threat modeling of IMDs becomes ever more important. This is reflected by an increase in the number of vulnerabilities being found consistently in the IMDs available in market. This paper proposes a threat-modeling analysis based on attack trees to evaluate the security of these devices. As an example, three recent lightweight IMD security protocols from literature are analyzed using this approach to demonstrate its effectiveness in suggesting security improvements.Keyphrases: attack tree, emergency access, imd, implantable medical device, security protocol, threat model In: Lejla Batina, Ulrich Kühne and Nele Mentens (editors). PROOFS 2018. 7th International Workshop on Security Proofs for Embedded Systems, vol 7, pages 32-49.
|