Comments on "Securing implantable cardiac medical devices": Use of radio frequency energy harvesting

Abstract

Implantable Medical Devices (IMDs) have evolved over the years to stretch their application areas to provide a range of services from health-care to public safety. In order to handle such information, the high strength security and the proper authentication are required. For this, Ellouze et al. have proposed an authentication protocol for IMDs in 2013. The security in IMD that they propose and mention is reasonable, but some aspects are expected to be vulnerable to attack. In addition, not only are such schemes need to be secured, but their security should also be formally verified against their security requirements. Thus, we confirm the security of the authentication protocol for IMDs that have not been objectively verified through formal verification tool such as BAN-logic. Consequently, in this paper, Ellouze et al. are turned out to be insecure.