My research focuses on embedded security: the art and science of creating embedded systems resistant to attack. Medical devices, autonomous vehicles, and the Internet of Things depend crucially on embedded security.
Invited panelist.
New
America Foundation: Future
Tense,
March 2015
Invited speaker.
"Medical Device Security: The First 165 Years"
University
of Hawai'i at Manoa,
January 2015
Invited speaker.
"Studying for Exams is a Waste of Time. Learn About Medical Device Security Instead."
KAIST seminar, Korea,
December 2014
Invited speaker.
"Medical Device Security"
University of Chicago, Chicago, IL,
October 2014
Invited speaker.
"Medical Device Cybersecurity"
Regulatory
Affairs Professionals Society (RAPS) Conference, Austin, TX,
September 2014
Invited speaker.
"Medical Device Security"
EPFL,
Lausanne, Switzerland, June 2014
Invited speaker.
"Medical Device Security"
TROOPERS,
Germany, February 2014
Invited speaker.
"Fundamentals of Technical Risk: Malware and Hacking"
HIMSS
Medical Device Security Risks and Challenges: A Multidisciplinary Response,
Orlando, FL, February 2014
Invited speaker.
"Medical Device Cyber Security: The First 164 Years"
Princeton
University, October 2013
Andreessen Horowitz Academic Roundtable, Palo Alto, CA, September 2013
Co-chair.
AAMI Working Group on Medical Device Security
AAMI Standards Week, June 2013
Invited speaker.
"Protecting your medical device against hacking and intrusions"
Wireless Connectivity in Medical Devices, Munich,
Germany, May 2013
Invited speaker.
"Medical Device Cyber Security: The First 164 Years"
Great Lakes Homeland Security Training Conference & Expo, May 2013
Invited panelist.
"Role of Advisory Committees"
CCC Leadership in Science Policy Institute, April 2013
Invited panelist.
"Medical Device Cybersecurity Considerations"
AAMI/FDA Conference on Medical Device Standards & Regulations, March 2013
Witness Testimony.
"On the Expectations of Smart Cards to Reduce Medicare Fraud,"
Subcommitttee on Health, Committee on Energy and Commerce,
United States House of Representatives
Hearing on "Examining Options to Combat Health Care Waste, Fraud, and Abuse," November 2012.
Invited speaker.
"Medical Device Cybersecurity: The First 164 Years"
National Science Foundation WATCH Seminar, November 2012
Invited speaker.
"Manufacturing a Programmable RFID Sensor Device for Security Research"
RFIDSec Asia, Taipei, Taiwan, November 2012
Invited speaker.
"Medical Device Cybersecurity: The First 164 Years"
Medical Device Connectivity Conference, October 2012
Participant.
AAMI: Risks, Challenges and Opportunities of Wireless Technology Systems in Healthcare,
October 2012
Invited speaker.
"Regulatory Responsibilities for Medical Device Security" [PDF]
Regulatory Affairs Professionals Society (RAPS), October 2012
Invited speaker.
"Trustworthy Medical Device Software"
Brown University Nanophotonics and Neuroengineering Laboratory, September 2012
Invited speaker.
"Computer Security: Microchip-Based Implants for Managing Diabetes"
Joslin Diabetes+Innovation, September 2012
Invited speaker.
"Medical Device System Security" [PDF]
American College of Clinical Engineering (ACCE), July 2012
Invited speaker.
"Improving the Security of Medical Devices" [PDF]
IFIP 10.4 Working Group on Dependable Computing and Fault Tolerance, Special Topic: Medical Devices, June 2012
Invited speaker.
"Medical Device Security"
Naval Postgraduate School Foundation, May 2012
Univ. Illinois, April 2012
Emory Univ., April 2012
Semiconductor Research Corporation (SRC), March 2012
Univ. Cambridge, March 2012
UC Berkeley, January 2012
Invited speaker.
"Trustworthy Medical Device Software"
MIT CSAIL, Cambridge, MA, November 2011 [PDF slides]
Duke, Durham, NC, November 2011
Stanford Security Seminar, Stanford, CA, September 2011
UC Irvine, Irvine, CA, May 2011
Williams College, Williamstown, MA, April 2011
Univ. Pennsylvania
PRECISE, Philadelphia, PA, April 2011 [PDF slides]
UCSB, Distinguished Undergraduate Lecture Series, Santa Barbara, CA, April 2011
EPFL Workshop on Security/Privacy of Implantable IMDs (SPIMD), Lausanne, Switzerland, April 2011
Ruhr-Universität Bochum, Lehrstuhl Embedded Security, Bochum, Germany, March 2011
Rice University, Computer Science Colloquium, Houston, TX, October 2010
5th Workshop on Embedded Systems Security (WESS’10), Scottsdale, AZ, October 2010
Invited speaker.
"Your Abstractions are Worth^H^H^H^H^HPowerless!
Non-Volatile Storage and Computation on Embedded Devices*
(*Batteries Not Included)"
MSR Cambridge, March 2012
UPenn, March 2012
Univ. of Michigan, March 2012
Dartmouth College, March 2012
NYU, NY, NY, December 2011
Johns Hopkins, Baltimore, MD, October 2011
Microsoft Research,
Redmond, WA, July 2011 [Webcast]
University of Washington,
Seattle, WA, July 2011
Rambus, Sunnyvale, CA, May 2011
EMC, Cambridge, MA, June 2011
Keynote speaker.
NSF Federal Cyber Service: Scholarship for Service Program
Washington, DC, January 2012
Invited panelist.
Amphion Forum: Medical Device Security
Minneapolis, MN,
November 2011
Invited panelist.
"Medical device security: technology, policy, risks, benefits, and not losing patience"
DHS/SRI InfoSec Technology Transition Council (ITTC)
SRI International, Menlo Park, CA, September 2011
›Abstract‹
Today, surgical teams follow strict practices to maintain a sterile field around a patient. Surgeons know to reduce unnecessary exposure that can cause the transfer of infectious microorganisms. But in the 1800s, simple protective practices such as hand washing were dismissed as radical. Today, the security risks to software-based medical devices are often downplayed or dismissed as radical rather than meaningfully mitigated. The good news is that many of the risks are preventable or manageable. I will discuss (1) the risks posed to software-based medical devices and (2) recommendations on how to restore confidence in the trustworthiness of medical devices so that patients can lead more normal and healthy lives.
Keynote speaker.
"The Cutting Edge of Medical Device Security and Privacy"
14th
International Symposium on Recent Advances in Intrusion Detection
(RAID 2011)
Menlo Park, CA, September 2011
›Abstract‹
Today it would be difficult to find a medical device that does not critically rely on computer software in its function, manufacture, or use in clinical decision making. Despite the lessons learned by the radiation accidents of the Therac-25 twenty years ago, medical devices that rely on software (e.g., drug infusion pumps, linear accelerators for radiation) continue to injure or kill patients in preventable ways. Why is it so hard to create trustworthy software for medical devices? Devices are not isolated devices. They are systems of systems. And software plays a significant role for control of these critical systems that can significantly affect patient safety, either positively or negatively, depending on its trustworthiness. Failure to meaningfully specify requirements, complacency, and lack of care for human factors further erode trustworthiness. The lack of trustworthy medical device software leads to shortfalls in properties such as safety, effectiveness, dependability, reliability, security, and privacy. Good systems engineering and the adoption of modern software engineering techniques can address many of the risks of medical device software—leading to devices that help patients lead more normal, healthy lives.
Speaker.
"Trustworthy Medical Device Software"
Public Meeting: Recommendations Proposed in Institute of Medicine Report:
"Medical Devices and the Public’s Health, The FDA 510(k)
Clearance Process at 35 Years,"
Silver Spring, MD, September 16, 2011
Invited speaker.
"Medical Device
Security and Privacy Concerns"
National Institute of Standards and Technology (NIST)
Information Security and Privacy Advisory Board (ISPAB)
Washington, DC, July 2011
Invited panelist.
"Hackers and Attackers: How Safe is Your Embedded Design"
Design Automation Conference (DAC), Embedded Systems and Software
San Diego, CA, June 2011
Invited panelist.
"Can I Hack Your Brain?"
IEEE Int. Symposium on Hardware-Oriented Security and Trust (HOST)
San Diego, CA, June 2011
Invited panelist.
CES/Amphion Forum, Las Vegas, NV, January 2011
Invited participant.
National Academy of Engineering
U.S. Frontiers of Engineering Symposium
Armonk, NY, September 2010
Distinguished speaker.
2nd ACM S3 Workshop on Wireless of the Students, by the Students, for the Students
Co-located with ACM MobiCom & MobiHoc
Chicago, IL, September 2010
Invited speaker.
Institute of Medicine of the National Academies
Public Health Effectiveness of the FDA 510(k) Clearance Process
Trustworthy Medical Device Software
Washington, DC, July 2010
[Video]
Invited panelist.
Reliability—How to Define Quality of Service
Joint FCC–FDA Public Meeting: Enabling the Convergence of Communications and Medical Systems
Washington, DC, July 2010
[Video]
Invited speaker.
President's Innovation and Technology Advisory Committee (PITAC)
Washington, DC, June 2010.
[Video, White House Office of Science and Technology Policy]
Invited speaker.
Dartmouth College, Computer Science Department Colloquium
Implantable Medical Devices: Security and Privacy for Pervasive, Wireless Healthcare
Hannover, NH, April 2010
[Video]
Invited speaker.
Cooking Scientific Discovery
Make a Difference: Marvellous Ideas, Adventures, Discovery
Hong Kong, January 2010
[Video 1][Video 2]
[The musical performance that followed me made their instruments from junk yard material]
Invited speaker.
MIT Emerging Technologies Symposium (EmTech 2009)
Cambridge, MA, September 2009
Invited speaker.
MIT Bankcard Payment Workshop
Cambridge, MA, September 2009
Invited speaker.
Workshop on Confidential Data
Collection for Innovation Analysis in Organizations
Redmond, WA, September 2009
Invited speaker.
CMU CyLab Seminar
Implantable Medical Devices: Security and Privacy for Pervasive, Wireless Healthcare
Pittsburgh, PA, March 2009
PDF of slides
Invited speaker.
CMOS Emerging Technologies Workshop
Energy-aware Circuits for RFID
Banff, Canada, February 2009
Invited speaker.
CMOS Emerging Technologies Workshop
Security and Privacy for Wireless Implantable Devices: Pacemakers, Defibrillators, and More
Banff, Canada, February 2009
Invited speaker.
UMass Amherst INFORMS
Operations Research & Management Science Seminar Series
Implantable Medical Devices: Security and Privacy for Pervasive, Wireless Healthcare
Amherst, MA, December 2008
Invited tutorial speaker.
RFID Security and Privacy
ACM Computer and Communications Security Conference (ACM CCS)
Alexandria, VA, October 2008
Invited speaker.
Implantable Medical Devices: Security and Privacy for Pervasive, Wireless Healthcare
Microsoft Research Redmond, September 2008
Invited speaker.
Implantable Medical Devices: Security and Privacy for Pervasive, Wireless Healthcare
Johns Hopkins University, September 2008
Invited speaker.
Security Vulnerabilities in Wireless Implantable Medical Devices
UMass Amherst ECE Security Seminar, September 2008
Invited speaker.
Security Vulnerabilities in Wireless Implantable Medical Devices
Texas Instruments, September 2008
Invited co-speaker.
New Classes of Security and Privacy Vulnerabilities for Implantable Wireless Medical Devices
Black Hat USA
Las Vegas, August 2008
Panel.
Pay on the Go: Consumers & Contactless Payment
Federal Trade Commission Town Hall Meeting
Seattle, July 2008
Panel.
ACM/USENIX MobiSys security panel on "Is that legal?"
Denver, June 2008
Panelist.
8th Payments Conference: Payments Fraud, Perception versus Reality
RFID Security & Privacy: What's in Your Pocket?
Federal Reserve Bank of Chicago, June 2008
Media coverage: Digital Transactions
[PDF slides][RFID CC video][Chip & pin video 1][Chip & pin video 2][Chip & pin video 3]
Invited talk.
Maximalist cryptography and computation on the WISP UHF RFID tag
Intel Research
Seattle, January 2008
Invited talk.
I can see you: RFID -- The Next Generation Identity Theft Threat
17th Annual International Fraud Investigators Conference
Toronto Police Fraud Squad, December 2007
Invited talk.
Security & Privacy for Pervasive Computation: RFID and Implantable Medical Devices
EMC Corporation Innovation Conference, Franklin, MA, October 2007
Invited talks.
RFID Security and Privacy: Fundamental Lessons and Principles, September 2007
Korea University, Division of Computer & Communication Engineering, Seoul, Korea;
19th Workshop on Information Security and Cryptography (WISC),
Cheonan, Korea; and
National Security Research Institute, Daejeon, Korea
Panel.
MITRE Privacy Technical Exchange: RFID Privacy, June 2007.
Invited talk.
Data Security Risks: RFID Lab Research,
Boston Federal Reserve Bank, Emerging Payments Research Group, May 2007.
Panel.
Ubiquitous Computing in the Retail Store of the Future,
17th Annual Computers, Freedom and Privacy Conference (CFP2007), May 2007.
Panel.
Wireless
ID Issues: Privacy, Efficiency and Security,
Dartmouth College Centers Forum on Freedom and Technology, April 2007.
Invited talk.
Vulnerabilities in First-Generation RFID-Enabled Credit Cards,
Berkeley TRUST seminar, March 2007.
Panel.
RFID: How Can Security and Privacy be Built into the Technology,
RFID and Ubiquitous Computing, Trans Atlantic Consumer Dialog (TACD), Brussels, Belgium, March 2007.
Panel.
RFID Security and Privacy, Financial Cryptography,
February 2007.
Invited talk.
Computer
system security and medical devices,
U.S. Food and Drug Administration
Center for Devices and Radiological Health (FDA CDRH), October
2006.
Tutorial.
RFID
security and privacy, by Kevin Fu, Ari Juels, and Adam
Stubblefield.
USENIX
Security Tutorial, August 2006.
Invited talk.
Building
RFID applications with security and privacy,
Workshop on RFID
Security, July 2006.
Lecture.
Special topics in RFID security,
TU
Graz RFID Summer School, July 2006.
Demo.
RFID-enabled espresso machine by Hee-Jin Chae, Benessa Defend, and Kevin Fu.
MIT RFID Academic Convocation, January 2006.
Faculty candidate talk.
Secure content distribution using untrusted servers, February-April 2005
Invited talk.
"Dos and Don'ts of Client Authentication on the Web," [mostly final slides from 2005 or so]
Harvard Extension School, Building Programs with Graphical Interfaces,
Cambridge, MA, April 6, 2006;
MIT Network and Computer Security (6.857),
Cambridge, MA, October 12, 2005 and September 23, 2004 [slides];
Johns Hopkins Network Security (CS 600.324/424),
Baltimore, Maryland, November 11, 2003;
Hope College Computer Science Colloquium,
Holland, Michigan, March 3, 2003;
UC San Diego
CSE Speakers Series, San Diego, California, February 10, 2003;
Stanford
Security Seminar and HP
Labs, Palo Alto, California, March 18, 2002;
MIT Network and Computer Security (6.857), Cambridge, Massachusetts,
September 11, 2001.
Seminar.
Concepts in
Computer and Network Insecurity by Roger Dingledine, Andy Ellis, Kevin Fu.
MIT Network Security Team seminar, Cambridge, MA, January 2002.
Seminar.
Why on Earth would Software Engineers Study the Classics? by Ian Anderson and Kevin Fu.
National Junior Classical
League, New Orleans, LA, July 19, 2001.
Presentation.
Code Breaking: From Latin to Web Security, Harvard Latin B,
April 20, 2001. [PDF,
Source code]
Invited talk.
The Failure of Client Authentication the Web,
MIT Lincoln Laboratory.
Invited speaker. April 18, 2001.
[PDF]
Invited talk.
Computer
Insecurity, Northeastern University
College of Computer Science. February 26, 2001.
[PDF]
Seminar.
Concepts in Computer and Network Insecurity by Roger Dingledine, Kevin Fu.
MIT Network Security Team seminar, Cambridge,
MA, January 10, 2001. [postscript]
Seminar.
Concepts in Computer and Network
Insecurity by Roger Dingledine, Kevin Fu.
MIT Network Security Team seminar, Cambridge, MA, January
18, 2000. [postscript]
Seminar.
Practical Security for UNIX by Kevin Fu, Geoff Goodell, Angie Kelic.
MIT Network Security Team seminar, Cambridge, MA, January
19, 2000. [postscript]