Chinese resarchers use heartbeats against implant hacking

Wireless software updates for medical implants are gradually replacing incisions. Modern implants – from pacemakers to insulin pumps and sensors for bodily functions – have reduced the number of maintenance operations needed. They also allow doctors to use computer monitoring to track how a patient's health has developed. It is even possible in principle, to charge batteries through the skin. In telemedicine, Body Sensor Networks (BSNs) and Wireless Body Area Networks (WBANs) are being developed to improve care for the chronically ill.

But the opportunities also increase the risks. Wireless implants are vulnerable to malicious attacks, which can be fatal. Experts say that signals must be securely encrypted. Now, researchers from the Chinese University of Hong Kong have presented their solution based on biometric features. The patient's individual heartbeat, which can easily be measured from the person's pulse, is used as the key for encryption. In their tests, 64-bit encryption works quite well, with the recognition ratio being nearly as accurate as with conventional fingerprint recognition systems. In the journal IEEE Transactions on Information Technology in Biomedicine, the researchers argue that heartbeat encryption is even safer because the constantly changing heartbeat cannot be mimicked by a recorded copy.

As Carmen Poon and her colleagues from the Chinese University of Hong Kong explain, the constant minor fluctuations in the Interpulse Interval (IPI) make it impossible for attackers to use recorded data as a key at a later date. A sensor in the implant registers the rhythm of the heartbeat, while a second sensor records the rhythm at an index finger, where a person's pulse can be easily taken. Because the two measurements are taken at the same time on the same body, minor natural fluctuations in the pulse's rhythm play no role, but any earlier recordings of the pulse would not match. The implant and access devices only exchange encryption keys and communicate with each other when the details of the two measurements largely overlap.

In their tests, Poon's team did not use implants, instead recording the data on the right and left index fingers of their sample population of 99. An electrocardiogram (ECG) and a photoplethysmograph (PPG), which records fluctuations and light absorption under the skin, relative to the pulse, were used to analyse the data. The computer then used the interval between 16 successive heartbeats recorded down to the millisecond, to generate a calibrated 64-bit code.

Poon and her colleagues explain that this method has to be accurate enough to rule out incorrect data, but flexible enough to accept tiny biological differences between measurements taken at different parts of the body. In their tests, the system accepted most code pairs, rejecting only 6.5 per cent, which puts this approach close to the 4.2 per cent rejection rate generally found with fingerprint systems. As the team put it, "the results suggest that easily accessible IPI data can serve as a good source for the generation of entity identifiers (EI) as node points in Body Sensor Networks (BSNs)".

(Dörte Saße)

(trk)