Secure key-exchange protocol for implants using heartbeats

Paper in proceeding, 2016

The cardiac interpulse interval (IPI) has recently been pro-posed to facilitate key exchange for implantable medical de-vices (IMDs) using a patient's own heartbeats as a source of trust. While this form of key exchange holds promise for IMD security, its feasibility is not fully understood due to the simplified approaches found in related works. For exam-ple, previously proposed protocols have been designed with-out considering the limited randomness available per IPI, or have overlooked aspects pertinent to a realistic system, such as imperfect heartbeat detection or the energy overheads im-posed on an IMD. In this paper, we propose a new IPI-based key-exchange protocol and evaluate its use during medical emergencies. Our protocol employs fuzzy commitment to tolerate the expected disparity between IPIs obtained by an external reader and an IMD, as well as a novel way of tack-ling heartbeat misdetection through IPI classification. Using our protocol, the expected time for securely exchanging an 80-bit key with high probability (1-106) is roughly one minute, while consuming only 88 ?J from an IMD.