Access Control for Implantable Medical Devices

Carmen Camara, Pedro Peris-Lopez, Jose Maria De Fuentes, Samuel Marchal

Research output: Contribution to journalArticleScientificpeer-review

4 Citations (Scopus)
64 Downloads (Pure)


The telemetry incorporate in the new generation of Implantable Medical Devices (IMDs) allows remote access and re-programming without interfering with the daily routine of their holders. Despite the benefits of this new feature, such remote access raises new threats related to the access of unauthorized entities to IMDs. Cardiac implants represent the most deployed types of IMD nowadays. Current solutions, to control their remote access, usually use a single feature for authentication. However, this feature is easily replicable, making these authentication schemes vulnerable to attacks. To overcome this limitation, we propose in this article a distance bounding protocol to manage access control of IMDs: ACIMD. ACIMD combines two security mechanisms, namely, identity verification (authentication) and proximity verification (distance checking). The authentication mechanism, formally and informally verified, conforms to the ISO/IEC 9798-2 standard. The distance checking is performed using the whole Electrocardiogram (ECG) signal and relies on the correlation coefficient (comparing an external versus an internal ECG signal) in the Hadamard domain. We evaluate the accuracy and security of ACIMD access control using ECG signals of 199 individuals recorded over 24 hours while considering three adversary strategies. Our results show that ACIMD is 92.92% accurate.

Original languageEnglish
Pages (from-to)1126-1138
Number of pages13
JournalIEEE Transactions on Emerging Topics in Computing
Issue number3
Early online dateMar 2020
Publication statusPublished - 2021
MoE publication typeA1 Journal article-refereed


  • Cybersecurity
  • Distance Bounding
  • E-health
  • Implantable Medical Devices (IMDs)
  • Remote Access


Dive into the research topics of 'Access Control for Implantable Medical Devices'. Together they form a unique fingerprint.

Cite this