Digital Investigation of Security Attacks on Cardiac Implantable Medical Devices

Nourhene Ellouze
(Communication Networks and Security Research Lab, University of Carthage, Tunisia)
Slim Rekhis
(Communication Networks and Security Research Lab, University of Carthage, Tunisia)
Mohamed Allouche
(Department of Forensic Medicine of Charles Nicolle, University of Tunis El Manar, Tunisia)
Noureddine Boudriga
(Communication Networks and Security Research Lab, University of Carthage, Tunisia)

A Cardiac Implantable Medical device (IMD) is a device, which is surgically implanted into a patient's body, and wirelessly configured using an external programmer by prescribing physicians and doctors. A set of lethal attacks targeting these devices can be conducted due to the use of vulnerable wireless communication and security protocols, and the lack of security protection mechanisms deployed on IMDs. In this paper, we propose a system for postmortem analysis of lethal attack scenarios targeting cardiac IMDs. Such a system reconciles in the same framework conclusions derived by technical investigators and deductions generated by pathologists. An inference system integrating a library of medical rules is used to automatically infer potential medical scenarios that could have led to the death of a patient. A Model Checking based formal technique allowing the reconstruction of potential technical attack scenarios on the IMD, starting from the collected evidence, is also proposed. A correlation between the results obtained by the two techniques allows to prove whether a potential attack scenario is the source of the patient's death.

In Joaquin Garcia-Alfaro and Gürkan Gür: Proceedings 2014 International Workshop on Advanced Intrusion Detection and Prevention (AIDP 2014), Marrakesh, Morocco, June 2014, Electronic Proceedings in Theoretical Computer Science 165, pp. 15–30.
Published: 13th October 2014.

ArXived at: bibtex PDF
References in reconstructed bibtex, XML and HTML format (approximated).
Comments and questions to:
For website issues: