29- usable privacy and security for safety-critical...
TRANSCRIPT
![Page 1: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/1.jpg)
1
Engineering &
Public Policy
05-436 / 05-836 / 08-534 / 08-734
Usable Privacy and Security
Lorrie Cranor, Blase Ur,
and Rich Shay
April 30, 2015
29- Usable Privacy
and Security for
Safety-Critical
Devices
![Page 2: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/2.jpg)
2
Today!
• Finish discussion of culture
• Clarify expectations for project report and
presentation
• UPS for cars
• UPS for medical devices
• UPS for medical records
![Page 3: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/3.jpg)
3
Cross-cultural issues
• What is culture?
– National origin?
– Demographics?
• Why does culture matter in UPS research?
– Social norms / user expectations
– Legal requirements and expectations
– The availability of systems / structures
– Media portrayals
![Page 4: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/4.jpg)
4
Your stories
![Page 5: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/5.jpg)
5
International Studies
• Where is your sample coming from?
– Comparable samples?
– Recruitment?
• Identity of moderator
– Language? (Parallel translations)
– Understanding cultural context
• Ethics considerations
![Page 6: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/6.jpg)
6
Project
![Page 8: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/8.jpg)
8
Meta-issues with car privacy/security
• Why are our cars run by computers?
• Why are we connecting our cars to the
Internet?
– Rich media content
– Real-time traffic and safety info
– OTA updates
– Self-driving cars
– (Surveillance)
• Are privacy/security issues the same?
![Page 9: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/9.jpg)
9
Meta-issues with privacy/security
• Let’s answer the same questions for
medical devices
![Page 10: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/10.jpg)
10
Implantable Medical Devices (IMD)
Usable Privacy and Security
healthcareitsystems.com
• Embedded computers
• 350K Pacemakers & 173K Cardiac Defibrillators in 2006
![Page 11: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/11.jpg)
11
Operational Requirements
• Possible goals
– Collect information (diagnostics)
– Provide information (medical history)
– Perform medical function
• Disable IMD before conducting surgeries
• Access in emergency situations
• Constraints
• Limited capacity of battery (replacement = surgery)
![Page 12: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/12.jpg)
12
Risks in Medical Devices
• Vulnerabilities
– Authentication
• Attack Vectors
– Passive
– Active
• Risks / threats
– DoS
– Changes in configuration
– Replace medical records -- someone having a different operation
– Injuries, death
![Page 13: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/13.jpg)
13
Pacemakers
Networking changes the treat model
![Page 14: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/14.jpg)
14
Hacking Tests (1)
• 2008: wireless access to a combination
heart defibrillator and pacemaker (within
two inches of the test gear)
• Disclose personal patient data
• Reprogram IMD to shut down and to
deliver jolts of electricity that would
potentially be fatal
![Page 15: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/15.jpg)
15
Hacking Tests (2)2011-2012-2013
• Hacking Insulin Pumps
2013 -- Black Hat /Defcon:
• “Implantable medical devices: hacking humans”
– At 30 feet by compromising their pacemaker
– Transmitter to scan for and interrogate individual medical implants
– Security techniques for manufacturers
-- ioactive.com
-- insulinpump.com
![Page 16: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/16.jpg)
16
Defense Approaches
• How do we achieve resistance to attacks?
– What are the classes of attacks?
• What can go wrong?
• How do we balance utility and
security/privacy?
![Page 17: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/17.jpg)
17
Authentication Methods
• Passwords: how to make them available?
– Tattooed passwords (visible, UV visible)
– Bracelet
• Biometrics (face recognition)
• Smart Cards
• Touch-to-access policy
• Key-based systems
• Shields
– Necklace
– Computational wristband
-- Figures from Denning et al.
![Page 18: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/18.jpg)
18
IMD Shield
- IMDShield -mit.edu
• Proxy (messages exchanges)
• Authentication + encryption (channel)
![Page 19: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/19.jpg)
19
IMD Shield - Implementation
• Jammer design (full
duplex radio)
- S. Gollakota et al. MIT
![Page 20: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/20.jpg)
20
Wristbands / Alert Bracelets
• Safety in emergencies
• Security & Privacy under adversarial
conditions
• Battery life
![Page 21: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/21.jpg)
21
Wristbands / Alert Bracelets
• Protection is granted while wearing the bracelet.
• Remove to gain access to the IMD
• Inform patients about malicious actions – But not preventive
• Authentication + symmetric encryption
• Disadvantages
– Relies on the patient wearing the bracelet
– Reactive
– Cognitive effects on patients
--Denning et al.
![Page 22: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/22.jpg)
22
Usability Considerations
• Hospitals not having correct equipment
• Visual indicator of patients condition (something is wrong). Personal dignity.
• Carrying one more device
• Aesthetics
– Wristbands (especially). “Mockups are unaesthetic”
– Tattoos
• Mental and physical inconvenience
• Cultural and historical associations
![Page 23: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/23.jpg)
23
Electronic Medical Records
• Why do we want electronic medical
records?
• What are privacy/security concerns about
electronic medical records?
• How do we mitigate those concerns?
![Page 24: 29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?](https://reader033.vdocument.in/reader033/viewer/2022042020/5e775cc56285bd325a79a63a/html5/thumbnails/24.jpg)
24
Questions?