Back to All Events

SRI Seminar Series: Kevin Fu, “Security engineering for medical products: Sensors, signals, semiconductors, software systems”

Our weekly SRI Seminar Series welcomes Kevin Fu, an associate professor of electrical engineering and computer science at the University of Michigan, where he directs the Security and Privacy Research Group and the Archimedes Center for Medical Device Security. Fu’s research lab focuses on analog cybersecurity—how to model and defend against threats to the physics of computation and sensing. He is most known for his security research on cryptographic and low-power inventions to defend against vulnerabilities in an implantable cardiac defibrillator, which led to a decade of revolutionary improvements at medical device manufacturers, global regulators, and international healthcare safety standards bodies. Fu is presently serving as the inaugural Acting Director of Medical Device Cybersecurity at U.S. FDA’s Center for Devices and Radiological Health and Program Director for Cybersecurity at the Digital Health Center of Excellence.

In this talk, Fu will highlight research on the protection of sensors in cyber-physical medical systems such as pacemakers and vaccine cold-chain transportation—innovations that are essential to giving consumers confidence in innovative medical devices and other emerging technologies.

Talk title:

“Security engineering for medical products: Sensors, signals, semiconductors, software systems”

Abstract:

Medical devices, healthcare delivery, and other cyber-physical systems depend on sensors to make safety-critical, automated decisions. My research lab investigates the problem of how to protect cyber-physical systems from adversaries who can maliciously control sensor output by subverting its semiconductor physics. Finding principled, systematic solutions is extremely important to give consumers confidence in innovative medical devices and other emerging technology. Unique to our embedded security research contributions is an emphasis on protecting the longevity of implanted batteries and using software-only approaches to mitigate design flaws in legacy hardware. These contributions were important to creating the field of medical device security; advancing the academic community's ability to measurably defend against signal injection attacks on sensors; and changing how international regulators evaluate security of consumer products. In this talk, I will highlight academic research on protecting sensor semiconductors from maliciously modulated sound waves, radio waves, and lasers that can compromise software systems in cyber-physical systems such as pacemakers and vaccine cold-chain transportation.


About Kevin Fu

Kevin Fu is an associate professor of EECS at the University of Michigan. His research vision is a world where science-based security is built-in by design to all embedded systems: medical devices, healthcare delivery, autonomous transportation, manufacturing, and the Internet of Things. His research lab focuses on analog cybersecurity—how to model and defend against threats to the physics of computation and sensing. Fu is most known for his security research on cryptographic and low-power inventions to defend against vulnerabilities in an implantable cardiac defibrillator. His research led to a decade of revolutionary improvements at medical device manufacturers, global regulators, and international healthcare safety standards bodies. Security solutions resulting from this research foresaw the risks of malicious software affecting hospitals a decade before ransomware began to disrupt clinical workflow at worldwide. Fu is presently on leave from Michigan while serving as the inaugural Acting Director of Medical Device Cybersecurity at U.S. FDA’s Center for Devices and Radiological Health (CDRH) and Program Director for Cybersecurity at the Digital Health Center of Excellence (DHCoE).

Fu has been recognized as an IEEE Fellow, Sloan Research Fellow, and MIT Technology Review TR35 Innovator of the Year. He received best paper awards from USENIX Security, IEEE Security & Privacy, and ACM SIGCOMM. His research on pacemaker security received an IEEE Test of Time Award. He co-founded healthcare cybersecurity startup Virta Labs. Fu has testified in the House and Senate on matters of information security and was commissioned by the National Academy of Medicine to publish a report on trustworthy medical device software. He serves as a member of the Association for the Advancement of Medical Instrumentation (AAMI) Biomedical Instrumentation & Technology Editorial Board, the ACM Committee on Computers and Public Policy, and the USENIX Security Steering Committee. He served as the inaugural co-chair of the AAMI cybersecurity working group to create the first FDA-recognized consensus standards to improve the security of medical device manufacturing. He founded the Archimedes Center for Healthcare and Device Security, and co-founded the N95decon.org team for emergency reuse decontamination of N95 masks during pandemic shortages. Fu served as a member of the U.S. NIST Information Security and Privacy Advisory Board and federal science advisory groups. Fu received his BS, MEng, and PhD from MIT. He earned a certificate of artisanal bread making from the French Culinary Institute, builds wood-fired brick ovens, and enjoys woodworking.


About the SRI Seminar Series

The SRI Seminar Series brings together the Schwartz Reisman community and beyond for a robust exchange of ideas that advance scholarship at the intersection of technology and society. Seminars are led by a leading or emerging scholar and feature extensive discussion.

Each week, a featured speaker will present for 45 minutes, followed by 45 minutes of discussion. Registered attendees will be emailed a Zoom link approximately one hour before the event begins. The event will be recorded and posted online.

Kevin Fu

Kevin Fu

Previous
Previous
February 9

SRI Seminar Series: Taylor Owen, “Evaluating the state of the Platform Governance agenda”

Next
Next
February 17

SRI Kitchen Table: What does it mean to have data rights?