Usable Security of Medical Devices

There are three dimensions and aims to this PhD project:

• Empirical dimension: To characterise how people experience and make sense of changes in the sense of self, lived world and meaning, in relation to the onset of delusional phenomena in early psychosis
• Philosophical and ethical dimension: To critically examine our current understanding of delusions in early psychosis, and develop a novel phenomenologically-informed conceptual framework which challenges epistemic and hermeneutical injustice in mental health
• Clinical dimensions: To develop a phenomenologically-informed intervention for improving understanding and communication of delusional experiences in the mental health encounters

The details

Implantable medical devices (such as pacemakers) are evolving at a rapid pace. Nowadays, such devices can often communicate wirelessly with external devices for diagnostic purposes. This can bring convenience to both patients and doctors. However, establishing a secure communication channel between these devices is always a major challenge. Many implantable medical devices available on the market today lack effective security mechanisms. This may pose a high risk to patients. For example, if an attacker can tamper with the therapy of a patient with a pacemaker implanted, this could be fatal to the patient.

Additionally, even though there are countermeasures available against some attacks, implementing those is often infeasible in practice since they complicate the use of devices or affect the safety requirements. For example, in an emergency, a doctor needs immediate access to a patient’s pacemaker and does not have time to enter a password. It is necessary to ensure the medical devices are secure enough, at the same time, do not have negative influences, such as causing interference to the doctor in an emergency. The balance is always hard to find.

My work is to develop solutions that can protect patients with implants from potential malicious attacks in the future. Our study focuses on both security and usability, which are essential in the real-world design of medical products.

Graduate researcher profile: Mo Zhang

What did you do before you started your PhD?

I was a master's student at Computer Science school at the University of Birmingham. My major was Advanced Computer Science and I graduated with a Distinction degree.

What are the challenges of your research role?

The most challenging part is that an implantable medical device is embedded in the human body in practice. Thus, when we test the feasibility/performance of a plan, it is necessary to simulate an environment similar to the human body, which can be hard sometimes.

Furthermore, this project requires background knowledge of both Security and Human-computer interaction. This is challenging and may take some time to study.

What is the best part of your research role?

The best part is that the principle of the research is to help the patients around the world. In the case that intelligent medical devices will become more and more popular, improving the security of these devices could always greatly guarantee the safety of the target patients, which may potentially change the destiny of many families in the future.

In addition, I have wonderful supervisors from the two great universities. Both institutions have provided a lot of help during my study, especially during the covid-19 pandemic.

Where do you wish to go after your PhD? Do you want to enter industry or continue doing more research?

I’d prefer to apply for research-oriented jobs in the industry after graduation. I believe this is the best way to use my abilities to serve the world. For example, I can help design secure medical devices that can be brought to market.

Supervision team

• The University of Melbourne: Professor Vassilis Kostakos
• The University of Birmingham: Professor David Oswald