Role-Based Hierarchical Medical Data Encryption for Implantable Medical Devices

摘要

Wireless communication became an essential tool for information exchange between modern Implantable Medical Devices (IMDs) and hospital servers. In spite of the many advantages of wireless technology, it puts the patients' health and data privacy in serious danger if no proper security mechanism is imployed. We aim to secure these devices while taking into consideration the limitations of these small devices. The IMDs have resources that are relatively simple and sometimes, once implemented in the body, require surgery to be altered. Consequently, common security mechanisms cannot be simply implemented in fear of consuming all the resources dedicated to healthcare needs. A certain balance between security and efficiency must thus be sought in each IMD architecture. In this work, we propose an encryption scheme for IMDs that stores its monitored data for future use. For privacy issues, not all the stored data should be accessed by any device that has access to the IMD. Certain privileges need to be allocated to different people to protect the privacy of the patient. Hence, we propose a new role-based encryption scheme, that both guarantees hierarchical access to personal data based on their role and still satisfies the computational limitations of IMDs. This scheme employs the Chinese Remainder properties to achieve the desired encryption hierarchy. The IMD uses keys form the same key pool for any encryption, and depending on the access rights of the users, the latter will only be able to decrypt the data he is allowed to. This work resulted in a secure scheme that we have proven it can formally protect the stored data. This scheme performs well under statistical analysis and is characterized by a relatively low complexity. Also, this work led to encrypted data with a lossless compression rate that saves on the communication cost.