Pablo Perez-Tirador , Ruzica Jevtic , Carmen Cabezaolias , Teresa Romero , Abraham Otero , Gabriel Caffarena
{"title":"The effect of ECG data variability on side-channel attack success rate in wearable devices","authors":"Pablo Perez-Tirador , Ruzica Jevtic , Carmen Cabezaolias , Teresa Romero , Abraham Otero , Gabriel Caffarena","doi":"10.1016/j.vlsi.2025.102385","DOIUrl":null,"url":null,"abstract":"<div><div>As the connectivity and number of health monitoring devices has increased dramatically in recent years, various security issues have become a serious threat to the integrity of patient data. Side-channel attacks are particularly dangerous for these devices because they do not rely on the mathematical complexity of the cryptographic algorithm, but instead exploit physical information leakage. In this work, we analyze electromagnetic and power side-channel attacks on portable electrocardiogram (ECG) monitoring devices. Unlike other work that uses random data, we analyze attacks based on real ECG data and show that the data distribution significantly affects the success rate of the attacks. We build a wearable ECG garment that records a single-lead ECG and sends it to a low-power microcontroller for encryption using AES. The results show that the first-round attack success rate is strongly influenced by the number of bits used to encrypt each ECG sample and the intensity level of the patient’s physical activity. More intense activity produces more artifacts in the ECG that increase the overall signal variability. An increase in variability generally results in an 86% reduction in the number of power samples required for an attack. The final attack also shows a dependence on input variability, but to a lesser extent. Input data with higher variability reduces the number of traces required for this attack by up to 50%, and the attack only becomes unsuccessful in the presence of extremely high levels of noise during the ECG recording. Based on these results, mitigation measures that exploit a change in signal variability are proposed.</div></div>","PeriodicalId":54973,"journal":{"name":"Integration-The Vlsi Journal","volume":"103 ","pages":"Article 102385"},"PeriodicalIF":2.2000,"publicationDate":"2025-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Integration-The Vlsi Journal","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167926025000422","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0
Abstract
As the connectivity and number of health monitoring devices has increased dramatically in recent years, various security issues have become a serious threat to the integrity of patient data. Side-channel attacks are particularly dangerous for these devices because they do not rely on the mathematical complexity of the cryptographic algorithm, but instead exploit physical information leakage. In this work, we analyze electromagnetic and power side-channel attacks on portable electrocardiogram (ECG) monitoring devices. Unlike other work that uses random data, we analyze attacks based on real ECG data and show that the data distribution significantly affects the success rate of the attacks. We build a wearable ECG garment that records a single-lead ECG and sends it to a low-power microcontroller for encryption using AES. The results show that the first-round attack success rate is strongly influenced by the number of bits used to encrypt each ECG sample and the intensity level of the patient’s physical activity. More intense activity produces more artifacts in the ECG that increase the overall signal variability. An increase in variability generally results in an 86% reduction in the number of power samples required for an attack. The final attack also shows a dependence on input variability, but to a lesser extent. Input data with higher variability reduces the number of traces required for this attack by up to 50%, and the attack only becomes unsuccessful in the presence of extremely high levels of noise during the ECG recording. Based on these results, mitigation measures that exploit a change in signal variability are proposed.
期刊介绍:
Integration''s aim is to cover every aspect of the VLSI area, with an emphasis on cross-fertilization between various fields of science, and the design, verification, test and applications of integrated circuits and systems, as well as closely related topics in process and device technologies. Individual issues will feature peer-reviewed tutorials and articles as well as reviews of recent publications. The intended coverage of the journal can be assessed by examining the following (non-exclusive) list of topics:
Specification methods and languages; Analog/Digital Integrated Circuits and Systems; VLSI architectures; Algorithms, methods and tools for modeling, simulation, synthesis and verification of integrated circuits and systems of any complexity; Embedded systems; High-level synthesis for VLSI systems; Logic synthesis and finite automata; Testing, design-for-test and test generation algorithms; Physical design; Formal verification; Algorithms implemented in VLSI systems; Systems engineering; Heterogeneous systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
