Security for Emerging Miniaturized Wireless Biomedical Devices: Threat Modeling with Application to Case Studies

The landscape of miniaturized wireless biomedical devices (MWBDs) is rapidly expanding as proactive mobile healthcare proliferates. MWBDs are diverse and include various injectable, ingestible, implantable, and wearable devices. While the growth of MWBDs increases the flexibility of medical services, the adoption of these technologies brings privacy and security risks for their users. MWBDs can operate with sensitive, private information and affect patients through the use of stimulation and drug delivery. Therefore, these devices require trust and need to be secure. Embedding protective mechanisms into MWBDs is challenging because they are restricted in size, power budget, as well as processing and storage capabilities. Nevertheless, MWBDs need to be at least minimally securable in the face of evolving threats. The main intent of this work is to make the primary stakeholders of MWBDs aware of associated risks and to help the architects and the manufacturers of MWBDs protect their emerging designs in a repeatable and structured manner. Making MWBDs securable begins with performing threat modeling. This paper introduces a domain-specific qualitative-quantitative threat model dedicated to MWBDs. The proposed model is then applied to representative case studies from each category of MWBDs.