Summary
This was my project for the EPQ (Extended Project Qualification). In the project I address the problem of cybersecurity in pacemakers. Pacemakers, and many other IoMT (Internet of Medical Things) devices, are now seeing attempts to include network and communication interfaces within them. The problem is that the implementation of these often doesn’t include considerations for security. As these devices can be critical to peoples lives, this can be a serious problem. In this project I designed and implemented a cryptosystem for a pacemaker so that it could encrypt and decrypt data properly. I implemented Elliptic curve Diffie-Hellman to perform a safe key exchange, and then AES 128 to transfer messages. A major design constraint for this project was trying to implement it on a device which would have limited computing and memory abilities, this motivated my choices of algorithms to use. I’m really proud about the project and report and I learned so much about mathematics and cryptography which was really interesting! A quick disclaimer on the final result, I’m not sure it would be fully secure. I implemented ECDH from scratch in order to understand it, but as a result it likely have implementation bugs from which an attacker could break the system. If you wanted to use this cryptosystem I would recommend building it exclusively using well known open source libraries and having the implementation audited. Never the less, it was a lot of fun to do and I learned so much from it :)