Solutions for Mitigating Cybersecurity Risks Caused by Legacy Software in Medical Devices: A Scoping Review

被引：16

作者：

Tervoort, Tom ^{[1
]}

De Oliveira, Marcela Tuler ^{[2
]}

Pieters, Wolter ^{[3
]}

Van Gelder, Pieter ^{[4
]}

Olabarriaga, Silvia Delgado ^{[2
]}

Marquering, Henk ^{[1
]}

机构：

[1] Univ Amsterdam, Dept Biomed Engn & Phys, Amsterdam UMC, NL-1105 Amsterdam, Netherlands

[2] Univ Amsterdam, Dept Epidemiol Biostat & Bioinformat, Amsterdam UMC, NL-1105 Amsterdam, Netherlands

[3] Delft Univ Technol, Dept Multiactor Syst, Fac Technol Policy & Management, NL-2600 Delft, Netherlands

[4] Delft Univ Technol, Fac Technol Policy & Management, Dept Values Technol & Innovat, NL-2600 Delft, Netherlands

来源：

IEEE ACCESS | 2020年 / 8卷

基金：

欧盟地平线“2020”;

关键词：

Healthcare; security; medical devices; legacy software; IMPLANTABLE CARDIAC DEFIBRILLATORS; INTRUSION DETECTION; SECURITY; SYSTEMS; ISSUES;

D O I：

10.1109/ACCESS.2020.2984376

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Cyberattacks against healthcare institutions threaten patient care. The risk of being targeted by a damaging attack is increased when medical devices are used which rely on unmaintained legacy software that cannot be replaced and may have publicly known vulnerabilities. This review aims to provide insight into solutions presented in the literature that mitigate risks caused by legacy software on medical devices. We performed a scoping review by categorising and analysing the contributions of a selection of articles, taken from a literature set discovered through bidirectional citation searching. We found 18 solutions, each fitting at least one of the categories of intrusion detection and prevention, communication tunnelling or hardware protections. Approaches taken include proxying Bluetooth communication through smartphones, behaviour-specification based anomaly detection and authenticating signals based on physical characteristics. These solutions are applicable to various use-cases, ranging from securing pacemakers to medical sensor networks. Most of the solutions are based on intrusion detection and on tunnelling insecure wireless communications. These technologies have distinct application areas, and the decision which one is most appropriate will depend on the type of medical device.

引用

页码：84352 / 84361

页数：10

共 55 条

[1] Noise Matters: Using Sensor and Process Noise Fingerprint to Detect Stealthy Cyber Attacks and Authenticate sensors in CPS
Ahmed, Chuadhry Mujeeb
Zhou, Jianying
Mathur, Aditya P.
[J]. 34TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2018), 2018, : 566 - 581
[2] Alpaño PVS, 2017, TENCON IEEE REGION, P2825, DOI 10.1109/TENCON.2017.8228342
[3] Security Tradeoffs in Cyber Physical Systems: A Case Study Survey on Implantable Medical Devices
Altawy, Ham
Youssef, Amr M.
[J]. IEEE ACCESS, 2016, 4 : 959 - 979
[4] Andress J, 2014, The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice
[5] Ankarali Z. E., 2016, P 4 INT C WIR MOB CO, P246
[6] Ankarali ZE, 2014, 2014 EAI 4TH INTERNATIONAL CONFERENCE ON WIRELESS MOBILE COMMUNICATION AND HEALTHCARE (MOBIHEALTH), P246, DOI 10.1109/MOBIHEALTH.2014.7015957
[7] [Anonymous], 2013, Wireless Mobile Communication and Healthcare, DOI DOI 10.1007/978-3-642-37893-5_19
[8] [Anonymous], 2011, 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services, DOI DOI 10.1109/HEALTH.2011.6026732
[9] [Anonymous], 2015, COMPUTERWORLD
[10] Arksey H., 2005, Int J Soc Res Methodol, V8, P19, DOI DOI 10.1080/1364557032000119616

← 1 2 3 4 5 6 →