Security and Privacy of Biomedical Cyber-Physical Systems

Abstract

Advances in cyber-physical systems (CPS), machine learning, big data techniques, and in cloud computing having been enabling ever more data to be collected about systems and their users, in search for unique features and interesting patterns. This, in turn, has been giving rise to the personalization trend, an approach where a cyber-physical system uses observed features and patterns in order to better adopt to users’ needs, abilities, and pref- erences. Examples of personalized technologies are many, from buildings learning about inhabitants’ daily routines and preferences [13], to music, video and shopping recommenda- tion systems [19, 14, 1]. The personalization trend is expected to be particularly important for biomedical cyber- physical systems, where data about patients, and/or medical practitioners is expected to allow systems to better adapt to medical needs. Yet, this trend is not without risks. Any time data about users and systems is recorded, processed, and possibly stored for future analysis, security and privacy risks arise. Misusing the collected data gives rise to threats ranging from compromising or breaking systems to shaming, manipulating or even physically harming users. Moreover, in biomedical CPS, some biosignals or data about genetic material may contain not only the current information about patients, but may allow predictions to be made about patients’ future, or their relatives. Security and privacy issues related to personalized CPS are thus front and center, and this dissertations focuses on those arising in biomedical cyber-physical systems. In doing so, we start from human components of such systems, and propose that users’ idiosyncrasies, in the way users interact with systems, may expose these systems to potential security and privacy risks. At the same time, however, users’ unique traits can be used to increase the systems’ security, privacy and usability properties. To investigate the stated hypothesis, this dissertation focuses on three questions: (1) how do (how could) biomedical cyber-physical systems use users’ idiosyncrasies, (2) what security and privacy vulnerabilities may arise from users’ unique traits, and (3) how can users’ idiosyncrasies be leveraged to increase systems’ security and privacy? The question about possible vulnerabilities is answered by analyzing properties of brain-computer interfaces, an example of emerging neural engineering technology. The last question is answered in the context of the next generation teleoperated robotic systems, focusing specifically on surgical robots.