Synthesizing Pareto-Optimal Signal-Injection Attacks on ICDs
Implantable Cardioverter Defibrillators (ICDs) are medical cyber-physical systems that monitor cardiac activity and administer therapy shocks in response to sensed irregular electrograms (EGMs) to prevent cardiac arrest. Prior work has shown that the analog sensors used in these systems are vulnerab...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2023-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/10002343/ |
_version_ | 1797902236655812608 |
---|---|
author | Veena Krish Nicola Paoletti Scott A. Smolka Amir Rahmati |
author_facet | Veena Krish Nicola Paoletti Scott A. Smolka Amir Rahmati |
author_sort | Veena Krish |
collection | DOAJ |
description | Implantable Cardioverter Defibrillators (ICDs) are medical cyber-physical systems that monitor cardiac activity and administer therapy shocks in response to sensed irregular electrograms (EGMs) to prevent cardiac arrest. Prior work has shown that the analog sensors used in these systems are vulnerable to signal-injection attacks. Such attacks induce morphological changes in EGM measurements that disrupt the normal behavior of the ICD’s control software and cause the device to administer incorrect therapy. Existing work has primarily focused on the feasibility of such attacks and has not examined how they can be systematically devised. In this paper, we introduce InjectICD, a model-based framework for the systematic construction of stealthy signal-injection attacks that can thwart ICD control software. InjectICD solves the problem of synthesizing attack signals as one of multi-objective optimization, thereby allowing it to identify Pareto-optimal signal-injection templates that maximize the probability of attack success while simultaneously applying minimal modifications to the original EGM. We evaluate InjectICD on an ICD algorithm currently implemented in devices from a major ICD manufacturer. We show that InjectICD can construct such attack templates for various heart conditions and under different adversary capabilities, while also demonstrating that our approach generalizes to unseen EGM signals. Our results highlight the urgent need for ICD manufacturers to incorporate defenses against signal-injection attacks. |
first_indexed | 2024-04-10T09:14:31Z |
format | Article |
id | doaj.art-9a98c70b8698478b8d9c40133bbf0977 |
institution | Directory Open Access Journal |
issn | 2169-3536 |
language | English |
last_indexed | 2024-04-10T09:14:31Z |
publishDate | 2023-01-01 |
publisher | IEEE |
record_format | Article |
series | IEEE Access |
spelling | doaj.art-9a98c70b8698478b8d9c40133bbf09772023-02-21T00:02:51ZengIEEEIEEE Access2169-35362023-01-01114992500310.1109/ACCESS.2022.323301010002343Synthesizing Pareto-Optimal Signal-Injection Attacks on ICDsVeena Krish0https://orcid.org/0000-0002-4151-5620Nicola Paoletti1https://orcid.org/0000-0002-4723-5363Scott A. Smolka2Amir Rahmati3https://orcid.org/0000-0001-7361-1898Stony Brook University, Stony Brook, NY, USADepartment of Informatics, King’s College London, London, U.K.Stony Brook University, Stony Brook, NY, USAStony Brook University, Stony Brook, NY, USAImplantable Cardioverter Defibrillators (ICDs) are medical cyber-physical systems that monitor cardiac activity and administer therapy shocks in response to sensed irregular electrograms (EGMs) to prevent cardiac arrest. Prior work has shown that the analog sensors used in these systems are vulnerable to signal-injection attacks. Such attacks induce morphological changes in EGM measurements that disrupt the normal behavior of the ICD’s control software and cause the device to administer incorrect therapy. Existing work has primarily focused on the feasibility of such attacks and has not examined how they can be systematically devised. In this paper, we introduce InjectICD, a model-based framework for the systematic construction of stealthy signal-injection attacks that can thwart ICD control software. InjectICD solves the problem of synthesizing attack signals as one of multi-objective optimization, thereby allowing it to identify Pareto-optimal signal-injection templates that maximize the probability of attack success while simultaneously applying minimal modifications to the original EGM. We evaluate InjectICD on an ICD algorithm currently implemented in devices from a major ICD manufacturer. We show that InjectICD can construct such attack templates for various heart conditions and under different adversary capabilities, while also demonstrating that our approach generalizes to unseen EGM signals. Our results highlight the urgent need for ICD manufacturers to incorporate defenses against signal-injection attacks.https://ieeexplore.ieee.org/document/10002343/Medical device securitysignal-injection attacksPareto-optimal attacks |
spellingShingle | Veena Krish Nicola Paoletti Scott A. Smolka Amir Rahmati Synthesizing Pareto-Optimal Signal-Injection Attacks on ICDs IEEE Access Medical device security signal-injection attacks Pareto-optimal attacks |
title | Synthesizing Pareto-Optimal Signal-Injection Attacks on ICDs |
title_full | Synthesizing Pareto-Optimal Signal-Injection Attacks on ICDs |
title_fullStr | Synthesizing Pareto-Optimal Signal-Injection Attacks on ICDs |
title_full_unstemmed | Synthesizing Pareto-Optimal Signal-Injection Attacks on ICDs |
title_short | Synthesizing Pareto-Optimal Signal-Injection Attacks on ICDs |
title_sort | synthesizing pareto optimal signal injection attacks on icds |
topic | Medical device security signal-injection attacks Pareto-optimal attacks |
url | https://ieeexplore.ieee.org/document/10002343/ |
work_keys_str_mv | AT veenakrish synthesizingparetooptimalsignalinjectionattacksonicds AT nicolapaoletti synthesizingparetooptimalsignalinjectionattacksonicds AT scottasmolka synthesizingparetooptimalsignalinjectionattacksonicds AT amirrahmati synthesizingparetooptimalsignalinjectionattacksonicds |