SCARAB: A Continuous Authentication Scheme for Biomedical Application

摘要

This paper proposes a continuous authentication scheme for use in remote monitored biomedical devices, such as the Implantable Cardioverter Defibrillator or for a Pacemaker. In the age of remote monitoring, all your heart data is readily available on the device and is accessible to the doctor over the internet. However, it is possible that in the logged-in state and with the computer left unattended, someone else tries to access your data, or modify the ICD/Pacemaker settings, or perhaps (in future applications) even try to instruct a biomedical device to send a shock to your heart when it was not required. While the first two intrude privacy, the third could be potentially lethal - hence it is not currently in use due to security concerns. The scheme proposed in this paper protects the privacy of the user in the previous two cases, allows for the expansion of the remote monitoring realm to allow for the third case, and also deals with channel attacks, in which instructions or data is modified by an adversary over the channel.