ECDH-Based Communication Protocol for Implantable Cardioverter Defibrillators: Feasibility Analysis

Technological advancements in the healthcare domain made Implantable Cardioverter Defibrillators (ICDs) able to communicate wirelessly with external devices. This improvement lead to the possibility of exchange health data and perform therapy modifications without the need to perform any surgery on the patient. Most recent ICD models are now able to interact with external devices using a long-range communication (2-3 meters). Despite this, the introduction of this enhanced communication capability made ICDs vulnerable on a security perspective, opening them to a whole new set of attacks from the outside world. Balancing security with the need to provide access during emergency conditions while also taking into account the technological constraints of such devices is not trivial. In this work we describe in depth the functioning of an ICD, while presenting also some of its most important structural characteristics. Consequently, taking into account this data and the context in which ICDs operate, we propose an Elliptic Curve Diffie-Hellman (ECDH) based communication protocol that, if combined with a Public Key Infrastructure (PKI), will increase the security of such devices without hindering their main functionalities or decreasing the quality of life of the patient. Since ICDs are resource constrained devices, we realized a proof-of-concept of our idea which simulates such limitations to demonstrate the feasibility of our approach. Public-key cryptography, on which our approach is based, has received little to no attention in this topic since it has been considered too resource demanding for ICDs. In this work we have also carried out a feasibility analysis based on three main metrics to demonstrate that our proposal is duable on ICDs and to show to the research community that this unexplored path could lead to interesting results.