Extracting Randomness from the Trend of IPI for Cryptographic Operations in Implantable Medical Devices

Chizari, Hassan ORCID: 0000-0002-6253-1822 and Lupu, Emil C. (2019) Extracting Randomness from the Trend of IPI for Cryptographic Operations in Implantable Medical Devices. IEEE Transactions on Dependable and Secure Computing, 18 (2). pp. 875-888. doi:10.1109/TDSC.2019.2921773

[img]
Preview
Text (Peer reviewed version)
8500 Chizari and Lupu (2019) Extracting-Randomness-from-the-Trend-of-IPI-for-Cryptographic-Operators-in-Implantable-Medical-Devices.pdf - Accepted Version
Available under License All Rights Reserved.

Download (846kB) | Preview

Abstract

Achieving secure communication between an Implantable Medical Device (IMD) inside the body and a gateway outside the body has showed its criticality with recent reports of hackings such as in St. Jude Medical's Implantable Cardiac Devices, Johnson and Johnson insulin pumps and vulnerabilities in brain Neuro-implants. The use of asymmetric cryptography in particular is not a practical solution for IMDs due to the scarce computational and power resources, symmetric key cryptography is preferred. One of the factors in security of a symmetric cryptographic system is to use a strong key for encryption. A solution to develop such a strong key without using extensive resources in an IMD, is to extract it from the body physiological signals. In order to have a strong enough key, the physiological signal must be a strong source of randomness and InterPulse Interval (IPI) has been advised to be such that. A strong randomness source should have five conditions: Universality (available on all people), Liveness (available at any-time), Robustness (strong random number), Permanence (independent from its history) and Uniqueness (independent from other sources). Nevertheless, for current proposed random extraction methods from IPI these conditions (mainly last three conditions) were not examined. In this study, firstly, we proposed a methodology to measure the last three conditions: Information secrecy measures for Robustness, Santha-Vazirani Source delta value for Permanence and random sources dependency analysis for Uniqueness. Then, using a huge dataset of IPI values (almost 900,000,000 IPIs), we showed that IPI does not have conditions of Robustness and Permanence as a randomness source. Thus, extraction of a strong uniform random number from IPI value, mathematically, is impossible. Thirdly, rather than using the value of IPI, we proposed the trend of IPI as a source for a new randomness extraction method named as Martingale Randomness Extraction from IPI (MRE-IPI). We evaluated MRE-IPI and showed that it satisfies the Robustness condition completely and Permanence to some level. Finally, we used NIST STS and Dieharder test suites and showed that MRE-IPI is able to outperform all recent randomness extraction methods from IPIs and its quality is half of the AES random number. MRE-IPI, still, is not a strong random number and could not be used as the secret key for a secure communication, however, it can be used as a one-time pad in exchanging the secret key for a communication. In this case, the usage of MRE-IPI will be kept at a minimum level and reduces the probability of breaking it. To the best of our knowledge, this is the first work in this area which uses such a comprehensive method and large dataset to examine the randomness of a physiological signal.

Item Type: Article
Article Type: Article
Additional Information: ©2019 IEEE Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Uncontrolled Keywords: Physiology; Logic gates; Implants; Cryptography; Robustness; Medical services; REF2021
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
Divisions: Schools and Research Institutes > School of Business, Computing and Social Sciences
Research Priority Areas: Applied Business & Technology
Depositing User: Susan Turner
Date Deposited: 25 Jun 2020 20:32
Last Modified: 13 Mar 2024 13:23
URI: https://eprints.glos.ac.uk/id/eprint/8500

University Staff: Request a correction | Repository Editors: Update this record

University Of Gloucestershire

Bookmark and Share

Find Us On Social Media:

Social Media Icons Facebook Twitter YouTube Pinterest Linkedin

Other University Web Sites

University of Gloucestershire, The Park, Cheltenham, Gloucestershire, GL50 2RH. Telephone +44 (0)844 8010001.