Scientists at UPV/EHU-University of the Basque Country in the port city of Bilbao in northern Spain are designing a security protocol to protect information contained in pacemakers and other electronic medical devices connected to the Internet.
The Ladon security protocol developed by a team led by UPV/EHU researcher Jasone Astorga, a telecommunications engineer at UPV/EHU and an assistant lecturer in the school’s Department of Communications Engineering at in Bilbao. The Ladon protocol’s 
design was the basis of research conducted in Dr. Astorga’s thesis, and it represents progress in the field of remote patient monitoring. Ladon is an enhanced version of the Kerberos security protocol, appropriately modified and extended to relax the necessity of clock synchronisation and authorization functionalities, by adding to the protocol special limited-lifetime implanted sensors. Ladon’s revolutionary feature set enables deployment of applications that ensure privacy of medical sensor data which are is only made available in response to legitimate, authorized requests.
In a journal article published by the IEEE Xplore Digital Library entitled “Ladon: End-to-end Authorization Support for Resource-Deprived Environments,” (IET Information Security, ISSN: 1751-8709, vol. 6, n? 2, 93-101), coauthored by Dr. Astorga, E. Jacob, M. Huarte, M. Higuero, the researchers note that development of this new protocol is motivated by emergence of a new trend in which applications incorporating sensors and low-capacity devices become in effect mini information or application servers directly addressable via any Internet-connected device. The coauthors observe that despite the huge potential of these technologies, security is probably the greatest obstacle to their long-term success.
In order to pro-actively address this issue, Ladon incorporates end-to-end pair-wise key establishment for authentication and authorization , while minimizing the introduced storage, computational and communication overhead. The researchers note that security analysis with the AVISPA formal validation tool confirms that the protocol meets stated security goals, and performance analysis shows that the protocol overhead is bounded but still comparable to that of other security protocols which provide fewer functionalities.
The aging demographic of modern western societies necessitates use of more cost-effective solutions to improve patients’ quality of life while easing the burden being placed on social welfare system. Fitting of pacemakers and implantable cardioverter defibrillators (ICDs) is growing rapidly, and need to be checked periodically and monitored by physicians for planning appropriate treatment, and having the information transmitted to the Internet in wireless mode is a significant efficiency and cost-reduction enhancement provided security can be assured.
Toward that end, major pacemakers and DCI manufacturers have begun to market device management devices that support remote monitoring of implantable, wireless medical sensors, with direct connection of medical sensors to the Internet being the next natural evolutionary step. enabling doctors to obtain information logged and stored by the sensors in real time from any device connected to the Internet.
Three key performance parameters guiding development of implantable medical sensors are energy consumption, limited memory space, and latency. Energy efficiency is the most important of these design parameters since battery replacement necessitates opening a wound in the patient’s chest with the usual added risk of infection or other complications, not to mention added cost of treatment. Dr. Astorga explains that “the energy consumption of this Ladon protocol is negligible in comparison with the usual consumption of a pacemaker or ICD when applying its therapy (stimulating or defibrillating), and has no significant impact on how long the batteries last.” Happily, the researchers have found that deployment of their security application in the sensors has led to very little memory consumption.
Finally, latency of the protocol in establishing secure communication is also less, as appropriate for a technology designed to deploy authentication and control acces functionalities in the sensors and for the setting up a secret key for protecting the confidentiality and integrity of the medical information transmitted over the wireless network.
Looking beyond its remote monitoring of medical sensor applications checks carried out in relation to the protocol demonstrate that it could also be employed to authenticate, authorize and set up security keys for critical applications where minimizing delay is crucial, like remote surgery, for example.
However, the researchers caution that potential for marketing this protocol for these more complex and critical purposes is still a way off in the future, since trials would need to be conducted on real pacemakers. “We have carried out our validation on a commercial sensor, not on a real pacemaker,” says Dr. Astorga, noting that “one would have to conduct studies using real medical sensors and real patients. In any case, we believe that it is a step forward down the road along which the remote monitoring of patients using implanted medical sensors can go on advancing.”
For more information about the Ladon protocol’s development, see the open access journal article “Analytical evaluation of a time- and energy-efficient security protocol for IP-enabled sensors” (doi:10.1016/j.compeleceng.2013.10.002) by Jasone Astorga, , Eduardo Jacob , Nerea Toledo , Marina Aguado of the Department of Communications Engineering, at University of the Basque Country UPV/EHU
Sources:
University of the Basque Country
IEEE Xplore Digital Library
Journal of Ambient Intelligence and Smart Environments archive
Image Credits:
University of the Basque Country
