A privacy-preserving remote healthcare system offering end-to-end security

Abstract

Remote healthcare systems help doctors diagnose, monitor and treat chronic diseases by collecting data from Implantable Medical Devices (IMDs) through base stations that are often located in the patients’ house. In the future, these systems may also support bidirectional communication, allowing remote reprogramming of IMDs. As sensitive medical data and commands to modify the IMD’s settings will be sent wirelessly, strong security and privacy mechanisms must be deployed. In this paper, we propose a user-friendly protocol that is used to establish a secure end-to-end channel between the IMD and the hospital while preserving the patient’s privacy. The protocol can be used by patients (at home) to send medical data to the hospital or by doctors to remotely reprogram their patients’ IMD. We also propose a key establishment protocol between the IMD and the base station based on a patient’s physiological signal in combination with fuzzy extractors. Through security analysis, we show that our protocol resists various attacks and protects patients’ privacy.