Home Telemedicine: Encryption is Not Enough

Implantable medical devices and home monitors make use of wireless radio communication for both therapeutic functions and remote monitoring of patients' vital signs. While our past work showed that lack of cryptographic protection results in disclosure of private medical data and manipulation of therapies (Halperin et al., IEEE S&P, 2008) our present work shows that even using encryption is insufficient to protect the confidentiality of patient telemetry. Our experiment analyzes the security of data traffic patterns of two sets of real medical telemetry: a corpus from PhysioNet (an online biomedical research database) and a network trace of a live disaster drill using Harvard's CodeBlue medical sensor network (Chen et al., DCOSS, 2008). Our work shows that even if a wireless medical device uses encryption, patient data can leak to unauthorized parties who need not be near the patient. Our measurements show that data packet timing information and headers distinguish the types of medical and monitoring devices even if traditional cryptographic mechanisms are used. Furthermore, the highly repetitive nature of medical data, such as ECG or respiration signals, leads to additional privacy vulnerabilities that cannot be easily mitigated by means of encryption without significant modification. Data compression technology further exposes encrypted telemetry to cryptanalysis. The information leakage of telemetry could facilitate unauthorized tracking of a patient because an ECG is known to uniquely identify a person in a predetermined group (Biel et al., IEEE I&M, 2002). Moreover, our study shows that data packet padding, encryption, authentication, and other common defenses against security threats require significant energy, storage, and computation that impose on the already scarce battery and space resources. Two of our experiments show how to automatically recover data from encrypted telemetry using Bayesian classifiers. In one experiment, we encrypted an ECG signal. By observing only the length of the digitally encrypted data, we were able to reconstruct sufficient information about the original ECG data that we determined the patient's heart rate. Using similar techniques, we recovered a leaked respiration signal that visually matches the original signal. Our findings show the weakness of using common cryptographic techniques on highly periodic and often compressed medical telemetry. Our work further discusses techniques to mitigate these security and privacy risks in wireless medical telemetry systems. However, all known techniques require extra energy, computation, and bandwidth from the medical device. The lesson learned is that encryption is not enough to protect the privacy of medical telemetry, and that reasonable assurance for security and privacy will require an energy budget. Future design of medical devices will have to make difficult tradeoffs between battery life versus security and privacy. This work was supported by NSF grants CNS-0627529, CNS-0716386, and CNS-0831244.