Don’t hack my body!
Thiemo Voigt, Professor of Wireless Sensor Networks at the Department of Information Technology, has been granted SEK 27 million from the Swedish Foundation for Strategic Research for the project “LifeSec: Don’t hack my body!”. The project team also includes Christian Rohner at the same department, Anders Ahlén, Robin Augustine and Subhrakanti Dey at the Department of Engineering Sciences and Maria Mania and others at the University Hospital.
Congratulations on the large grant! What lies behind this thought-provoking project title?
“Haha, well when I came up with the title, I had a feeling we would get some money! We are one of ten projects to receive funding within the SSF investment on cyber and information security. In our case, the aim is to develop a security architecture for networks of implanted medical devices connected to the internet. In the future, we humans will probably be carrying around different kinds of medical devices in our bodies. Today we have pacemakers, but going forward we might have artificial kidneys or implanted systems that measure and regulate that we get the right amount of medication.
Some of these devices need to be able to talk to each other. In addition, we must be able to transfer data from the body to physicians or patient records within a computer network. Today, there are already a few such devices, but they are not yet able to communicate inside the body.
However, Robin Augustine in our project team has discovered that the human body’s fat tissue can be used as a communication channel. This fat layer allows for energy-efficient communication, sending more data than other methods in use today. It’s a completely new discovery.”
It sounds very advanced! What medical conditions may be analyzed, using this technology?
“For example, a woman who’s had breast cancer could have two sensors implanted at the site of the original tumor. The sensors will reveal any changes in the communication properties and detect a tumor relapse. We will use low-power waves with 1,000 times lower power than cell phones, making the waves harmless.
Devices like these are extremely sensitive when embedded in the body. Imagine a pacemaker that someone else takes control of. Suddenly, that person can cause your heart to stop or speed up the beats. We've heard about hackers who takes over servers and computers, but it's even worse when people take over devices in the body and try to control things.”
How are you going to be able to prevent hacker attacks?
"That’s what we will be working on: showing how to secure communication, especially that which reaches the internet. To create more secure systems, we must encrypt information and prevent unencrypted data from being sent through the body. It’s also a question of access control, of who can do what.
An important part of this project is to identify possible attacks and to develop methods and technologies to prevent them. What potential weak points are there? How can our team guard against malicious actions? These are all small computers inside of your body that you certainly don't want to get hacked. In the worst case scenario, it could be a matter of life and death.”
What if patients become reluctant to carry such implanted devices?
"That’s going to be the big question: will people be nervous? At the least, we must ensure that it will be too costly to carry out an attack, so that it will simply not be worth it. That’s why we must try to raise the threshold for a potential attacker. In some cases, the solution may be to pull the plug or send out an alert that something is happening. The important thing is that you discover that something happens, when it happens. Then you can stop an occurring attack, or, once it has occurred, manage it so swiftly that no harm will be done.
Hopefully, the burden of vigilance will not be put on humans, but on our technology.”
The project team also includes the Uppsala University Hospital – how do you collaborate in practical terms?
"We’re working together on our new method of sending data through fat tissue where, together, we will co-develop a ‘demonstrator’. We will try to recreate a physical model of the body in which we will plant sensors. Later, we will also perform ex vivo experiments on pig tissue.”
What do you see as the project's major challenge?
"The challenge is that it's such a big challenge, haha! There are so many possible and impossible attacks to keep track of. Some of them we will never be aware of, even during the project. We can never hope to solve all possible threats, that’s not realistic. But we can start making major contributions to the field at least.