数学建模概论.ppt

1、PIPAC: Patient Infusion Pattern based Access Control Scheme for Wireless Insulin Pump System,Xiali Hei, Xiaojiang Du, Shan Lin Temple University,Insup Lee University of Pennsylvania,Background Motivation Overview of our solution Details Results Conclusions,Agenda,Temple University & University of Pe

2、nnsylvania,Background: attacks in labs,In 2009, Kevin Fu et al. launched a replay attack using USRP board + software radio.In 2011, Jack and Radcliffe demonstrated attacks targeted to wireless insulin pumps, respectively.Jack can deliver a lethal dose 300u to a diabetes.Radcliffe can make the meter

3、get wrong blood glucose numbers,In USA, there will be 580,000 diabetics with pumps by 2015 1,2,3.Protecting the patients are very important.Design secure schemes to calculate the safe dose range in real time.Mitigate the attacks.,Motivation,Purpose and assumptions (1),The wireless links in the syste

4、m is not encrypted. So attackers can easily compromise them. Insulin pump users can change the pump settings using the Carelink Pro software in a computing device, such as a laptop. The new settings are uploaded to the pump using the Carelink USB via wireless link 5. In this case, attackers may use

5、customized software and a wireless sniffer to obtain the serial number of all pumps within 300 feet and can compromise wireless link 5 to change the settings of the pump without being notice.,A real time insulin pump system,Purpose and assumptions (2),Using this security flaw, an attacker can disabl

6、e the alarms of the pump, change the maximum allowable dosage of the pump.deliver a fatal dose to the insulin pump user.We focus on the attacks that compromised wireless link 5. Specifically, we focus on two types of attacks: 1) Single acute overdose. 2) Chronic overdose.,System model,The system has

7、 basic authentication scheme, however, it cannot defend against the overdose attackBolus dose: to cover food eaten or to correct a high BG level.Basal dose: pumped continuously at an adjustable basal rate to deliver insulin needed between meals and at night.,Take efforts to get the useful data from

8、the raw data on devices Through infusion record analysis, we found that a patient has specific infusion dosage patterns. The features include: Time, Estimate Bolus, Target High BG, Target Low BG, Carb Ratio, Insulin Sensitivity, Carb Input, BG Input, Correction Estimate, Food Estimate, Active Insuli

9、n, Daily Total Insulin, Basal Pattern Name, Index, Basal Rate, and Start Time. All of these features are expected to have a strong correlation with the timestamps of the records.,Infusion record analysis,Temple University & University of Pennsylvania,Temple University & University of Pennsylvania,Te

10、mple University & University of Pennsylvania,According to the definition of MSE (mean squared errors) and SCC (squared correlation coefficient), we define the safety range SR for bolus dosage and basal rate as follows.,Safety Range Definition,Temple University & University of Pennsylvania,Temple Uni

11、versity & University of Pennsylvania,Temple University & University of Pennsylvania,Results,Temple University & University of Pennsylvania,Results,Temple University & University of Pennsylvania,Performance analysis,Safety analysis: the cumulative dosage error in one day 1u. Overhead analysis: less t

12、han 0.5ms to finish the detection.Security analysis: can defend against the two attacks and adjust during emergencies automatically.,Temple University & University of Pennsylvania,We proposed a PIP based access control scheme that can defend against the single acute overdose and chronic overdose att

13、acks. It is the first scheme to defend against such attacks.Our scheme leverages the patient dosage history to generate two SVMs. Then we determined the safety ranges for each input vector.We employed real patient data to test our scheme, and the results show that our scheme works well. Our scheme can be generalized to other infusion systems as well.,Conclusions,Temple University & University of Pennsylvania,Questions ?,Temple University & University of Pennsylvania,