If it was, you run the risk of paramedics/different hospital not being able to get the key when you have some sort of critical incident, and need to adjust it. Or some super-secure nation (world?)-wide system that you can authenticate against and get the key for. (choke splutter) Given the state of most EPRs, you'd be lucky if your own doctor knew what the code was after a week or two.
This is for wireless communication to/from the device and not operating it from the control panel. For critical incidents paramedics would use their own tools (glucometer & needle).
Hmm. Would the alternative method still be stable if someone had deliberately altered the internal pump to deliver in random, high-dosage spurts (or whatever else that would be hard to counter)? Of course, it starts getting a whole lot less stealthy then.
Would paramedics/well-equippped ambulance ever go as far as trying to disable an internal pump before reaching the hospital?
Edit: Also, what's the difference between the 'control panel' and the 'wireless [controller]'? My understanding was it was entirely implanted, with no external connections (and even recharged via induction loop, or surgical replacement). If that's the case, then all comms are, by necessity, wireless. NFC control might mitigate the threat a little, at least from a range perspective, but I can't see where there could otherwise be a difference.
Most definitely. If the patient's presentation suggests hypoglycemia, it isn't uncommon for a medic to test the glucose level with their machine and administer oral glucose (D50 IV if obtunded) without even getting to a detailed physical that would reveal the implanted pump/monitor. If an amp of D50 failed to raise the blood sugar, then we'd start hunting for other causes like exogenous insulin overdose.
But how secure would that be? It's security through obscurity.
> Ultimately, these wireless control devices must simply be built with the assumption that hackers will eventually break in.
> In the case of the insulin pump, it should contain hardware-level sanity checking.
DRM is one thing, an encrypted wireless protocol is another. Think using WPA with user- or factory-settable keys to talk between the base/elements (I'm not sure how insulin pumps work).
Yes. Tell me the algorithm you use and the bits from your decryption key, and we can decrypt everything.
By the same token, the lock on your door is security by obscurity. Tell me the type of lock and the position of the 5 pins, and you're in. Take 5 seconds to communicate that over the phone, if you know what you're talking about.
The phrase "security through obscurity" is a term of art that is defined such that secrecy of private key material does not count. By definition, you are incorrect.
Now, if your security relies upon the attacker not knowing your encryption scheme, then yes. That is security through obscurity.
To expound slightly on burgerbrain's comment, this phrase is universally used to refer to schemes whose security relies critically on the suppression of information about the system. The term simply does not apply to strong encryption with configurable keys.
The term doesn't apply to door locks either, at least not in practice. If I were forever prevented from changing the locks on my house, then yes my security would depend critically on you never knowing about the key. In practice though, I can change the locks at will, and this is an effective remedy against the persistent threat posed by the release of the key.
A good example of security though obsurity is the CSS system used on DVDs, which was designed such that once the key was discovered, the system became forever and irretrievably broken.
