Mitigating network-layer security attacks on authentication-enhanced openICE
Abstract
Integrated Clinical Environment (ICE) is a standardized framework for achieving medical device interoperability. It utilizes high-level supervisory and medical apps and low-level communication middle-ware to coordinate medical devices to accomplish a shared clinical mission. With the potential to significantly improve healthcare productivity and reduce medical errors, the interoperability of medical devices also subjects ICE systems to unprecedented security threats. In this paper, we present a set of security attacks, namely interception, tampering, and replay attack, to the network level of ICE systems, which we identify through a threat modeling analysis on OpenICE, the best-known instantiation of ICE system. For these security attacks, we devise corresponding defense mechanisms on top of OpenICE. Our experiments demonstrate that these defense mechanisms can effectively protect OpenICE from the identified attacks with acceptable computational overhead.
References
[1]
David Arney, Sebastian Fischmeister, Julian M Goldman, Insup Lee, and Robert Trausmuth. 2009. Plug-and-play for medical devices: Experiences from a case study. Biomedical Instrumentation & Technology 43, 4 (2009), 313--317.
[2]
ASTM International 2009. ASTM F2761-09(2013), Medical Devices and Medical Systems - Essential safety requirements for equipment comprising the patient-centric integrated clinical environment (ICE) - Part 1: General requirements and conceptual model. ASTM International.
[3]
Liang Cheng, Zhangtan Li, Yi Zhang, Yang Zhang, and Insup Lee. 2017. Protecting interoperable clinical environment with authentication. ACM SIGBED Review 14, 2 (2017), 34--43.
[4]
Denis Foo Kune, Krishna Venkatasubramanian, Eugene Vasserman, Insup Lee, and Yongdae Kim. 2012. Toward a safe integrated clinical environment: a communication security perspective. In Proceedings of the 2012 ACM workshop on Medical communication systems. ACM, 7--12.
[5]
John Hatcliff, Andrew King, Insup Lee, Alasdair Macdonald, Anura Fernando, Michael Robkin, Eugene Vasserman, Sandy Weininger, and Julian M Goldman. 2012. Rationale and architecture principles for medical application platforms. In Cyber-Physical Systems (ICCPS), 2012 IEEE/ACM Third International Conference on. IEEE, 3--12.
[6]
Andrew King, Dave Arney, Insup Lee, Oleg Sokolsky, John Hatcliff, and Sam Procter. 2010. Prototyping closed loop physiologic control with the medical device coordination framework. In Proceedings of the 2010 ICSE Workshop on Software Engineering in Health Care. ACM, 1--11.
[7]
Andrew King, Sam Procter, Dan Andresen, John Hatcliff, Steve Warren, William Spees, Raoul Jetley, Paul Jones, and Sandy Weininger. 2009. An open test bed for medical device integration and coordination. In Software Engineering-Companion Volume, 2009. ICSE-Companion 2009. 31st International Conference on. IEEE, 141--151.
[8]
Andrew L King, Sanjian Chen, and Insup Lee. 2014. The middleware assurance substrate: Enabling strong real-time guarantees in open systems with openflow. In Object/Component/Service-Oriented Real-Time Distributed Computing (ISORC), 2014 IEEE 17th International Symposium on. IEEE, 133--140.
[9]
Insup Lee, Oleg Sokolsky, Sanjian Chen, John Hatcliff, Eunkyoung Jee, BaekGyu Kim, Andrew King, Margaret Mullen-Fortino, Soojin Park, Alexander Roederer, et al. 2012. Challenges and research directions in medical cyber-physical systems. Proc. IEEE 100, 1 (2012), 75--90.
[10]
Jeffrey Plourde, David Arney, and Julian M Goldman. 2014. Openice: An open, interoperable platform for medical cyber-physical systems. In Cyber-Physical Systems (ICCPS), 2014 ACM/IEEE International Conference on. IEEE, 221--221.
[11]
Carlos Salazar. 2014. A security architecture for medical application platforms. Ph.D. Dissertation. Kansas State University.
[12]
Carlos Salazar and Eugene Y Vasserman. 2014. Retrofitting communication security into a publish/subscribe middleware platform. In Software Engineering in Health Care. Springer, 10--25.
[13]
Hamed Soroush, David Arney, and Julian Goldman. 2016. Toward a Safe and Secure Medical Internet of Things. IIC Journal of Innovation 2, 1 (2016), 4--18.
[14]
Curtis R Taylor, Krishna Venkatasubramanian, and Craig A Shue. 2014. Understanding the security of interoperable medical devices using attack graphs. In Proceedings of the 3rd international conference on High confidence networked systems. ACM, 31--40.
[15]
Eugene Y Vasserman and John Hatcliff. 2013. Foundational Security Principles for Medical Application Platforms. In International Workshop on Information Security Applications. Springer, 213--217.
[16]
Eugene Y Vasserman, Krishna K Venkatasubramanian, Oleg Sokolsky, and Insup Lee. 2012. Security and interoperable-medical-device systems, part 2: Failures, consequences, and classification. IEEE security & privacy 10, 6 (2012), 70--73.
[17]
Krishna K Venkatasubramanian, Eugene Y Vasserman, Oleg Sokolsky, and Insup Lee. 2012. Security and interoperable-medical-device systems, part 1. IEEE security & privacy 10, 5 (2012), 61--63.
- Mitigating network-layer security attacks on authentication-enhanced openICE
Recommendations
Mitigating denial of service attacks: a tutorial
This tutorial describes what Denial of Service (DOS) attacks are. how they can be carried out in IP networks, and how one can defend against them. Distributed DoS (DDoS) attacks are included here as a subset of DoS attacks. A DoS attack has two phases: ...
Mitigating Denial-of-Service Attacks on the Chord Overlay Network: A Location Hiding Approach
Serverless distributed computing has received significant attention from both the industry and the research community. Among the most popular applications are the wide area network file systems, exemplified by CFS, Farsite and OceanStore. These file ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Copyright © 2019 Authors.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 16 August 2019
Published in SIGBED Volume 16, Issue 2
Check for updates
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 75Total Downloads
- Downloads (Last 12 months)14
- Downloads (Last 6 weeks)1
Reflects downloads up to 02 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in