{"id":74,"date":"2008-01-20T23:42:22","date_gmt":"2008-01-21T07:42:22","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/2008\/01\/20\/want-to-steal-a-baby\/"},"modified":"2008-01-20T23:46:54","modified_gmt":"2008-01-21T07:46:54","slug":"want-to-steal-a-baby","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2008\/01\/20\/want-to-steal-a-baby\/","title":{"rendered":"Want to Steal A Baby?"},"content":{"rendered":"

Overview:<\/strong>\u00a0<\/p>\n

Overlake Hospital Birthing Center has put a security system and policies in place to make sure babies are safe there.\u00a0 First of all, mothers are given a bracelet when they come in that identifies who they are.\u00a0 This is just the regular hospital bracelet with the name of the doctor on it.\u00a0 As soon as the baby is born, he is given to the mother.\u00a0 Babies are never to be taken out of the room without one of the parents except in extreme emergency cases.\u00a0 The nurses ask the parents for the name of the new child.\u00a0 Then, four bracelets are printed out – one for the mother, one for the father or birthing coach, one for the baby’s wrist, and one for the baby’s ankle.\u00a0 Each of these have a matching number that must be checked whenever nurses give the baby back to the parents.<\/p>\n

There is also an ankle band put on the baby with a security device.\u00a0 Every door leading out of the birthing center is equipped with a security mechanism that will sound if a security band is brought within ten feet of the door.\u00a0 This causes a complete lock down.\u00a0 Every door is immediately closed and locked.\u00a0 The band also will sound an alarm if it is cut.<\/p>\n

\u00a0<\/strong>Assets:<\/strong><\/p>\n

1.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 The most important asset is the safety of the babies born there.\u00a0 It is essential that babies not be mixed up and that every baby goes home with its mother.<\/p>\n

2.\u00a0\u00a0\u00a0\u00a0\u00a0 Another asset is the reputation of the hospital.\u00a0 If a security incident involving a baby was to happen, it would ruin the hospital\u2019s reputation and parents would choose to give birth elsewhere.\u00a0 Other patients might also want to go elsewhere for their surgeries and treatments.\u00a0 If there were ongoing problems, the hospital could lose whatever governmental permit they must have to operate a hospital.<\/p>\n

Adversaries:<\/strong><\/p>\n

1.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Adversaries include people looking to sell babies on the black market, either to adoptive parents or evil doers.\u00a0 There are those looking to make a profit that might steal a baby and then pose as the parents of the child.\u00a0 They could then offer to give the baby to a couple who wants to adopt for a price.\u00a0 Many couples get desperate because the legal adoptive system is often very slow and disappointing.<\/p>\n

2.\u00a0\u00a0\u00a0\u00a0\u00a0 Ex-husbands of the mothers, other disenfranchised family members, and fathers of babies who have been banned from seeing their baby are also potential adversaries.\u00a0 These could have motives of anger and revenge or just a desire to see and have custody of their baby.<\/p>\n

Vulnerabilities:<\/strong><\/p>\n

1.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 The security bands on the babies could fall off or be cut off.\u00a0 Although the nurses try to get the band tight enough that it will not come off, infants\u2019 feet are very small and the security band can slip off.\u00a0<\/p>\n

2.\u00a0\u00a0\u00a0\u00a0\u00a0 The nurses just make you read off the number on your bracelet while they are looking at the baby\u2019s number.\u00a0 An adversary could easily memorize the number and pretend to read off the number without having the bracelet.\u00a0 Nurses are continually changing because they have shifts.\u00a0 Thus, new shifts of nurses don\u2019t know what the parents look like so they might be tricked by the adversary.<\/p>\n

3.\u00a0\u00a0\u00a0\u00a0\u00a0 The security mechanisms on the door are most likely run on electricity.\u00a0 The hospital probably has backup generators, but these take a short amount of time to come on and could also be attacked.<\/p>\n

4.\u00a0\u00a0\u00a0\u00a0\u00a0 The security band and the main system communicate wirelessly.\u00a0 An adversary could try to intercept signal of band and learn the communication protocol.\u00a0 Then the adversary could send signals to imitate that the band is not cut when it is.<\/p>\n

5.\u00a0\u00a0\u00a0\u00a0\u00a0 The doors look pretty heavy duty, but they are susceptible to attack.\u00a0 They could be held open by an accomplice or propped open.\u00a0 An adversary could break the locking mechanism on the door or remove or break the door so that it cannot close.<\/p>\n

Defenses:<\/strong><\/p>\n

1.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 From personal experience, I know how easily the security bands can slip off of the baby.\u00a0 I don\u2019t think that there is an easy way to correct this problem.\u00a0 One defense might be to put the band on the baby\u2019s wrist, but that might be just as susceptible to slipping off.\u00a0 They could use a smaller device and implant it in the baby, but I don\u2019t think that would be acceptable to parents.\u00a0 They could use a five-point harness type mechanism instead of just a band.\u00a0 The security device would be on the baby\u2019s stomach with bands going over both shoulders, around the waist and through the crotch.\u00a0 However, this would make changing diapers extremely difficult and really unsanitary.\u00a0 I don\u2019t think that this would be acceptable to doctors, nurses, or parents.<\/p>\n

2.\u00a0\u00a0\u00a0\u00a0\u00a0 The hospital could change policy to have nurses always visually inspect identification bands.\u00a0 Of course, an adversary could forge these, so more protection is needed.\u00a0 Instead, the baby\u2019s band could have pictures of the parents.\u00a0 Visually inspecting the parents\u2019 wrist band for a matching number and looking at the pictures could help prevent the baby getting into an adversary\u2019s hands.\u00a0<\/p>\n

3.\u00a0\u00a0\u00a0\u00a0\u00a0 To protect against power outage problems with the security mechanism on the door, the door could be held open with an electromagnet.\u00a0 This only holds the door open when electricity is run through it.\u00a0 Otherwise it will release and the door will close.\u00a0 The security mechanisms could also be powered by batteries.<\/p>\n

4.\u00a0\u00a0\u00a0\u00a0\u00a0 To defend against an adversary imitating the signal of a security band, the band could communicate using an encrypted message with a rotating key.\u00a0<\/p>\n

5.\u00a0\u00a0\u00a0\u00a0\u00a0 The doors could be equipped with anti-tampering controls.\u00a0 This would make the door set off an alarm if it is damaged, removed, or hindered in any way.<\/p>\n

Risks:<\/strong><\/p>\n

1.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Because there can be a lockdown on the building, there is the risk that people would be trapped inside if a there was a fire.\u00a0 Parents would not be able to leave because bringing their babies near the door would cause a lockdown.\u00a0 I\u2019m sure that the fire department is able to open the doors, but it takes time for a firefighter to get there.\u00a0 The doors could be changed to allow exit if fire alarms go off, but this opens another avenue for an adversary to attack.\u00a0 I am not sure how fire code plays into this, but it is definitely a risk that must be mitigated.<\/p>\n

2.\u00a0\u00a0\u00a0\u00a0\u00a0 All of this security can help parents feel that the hospital is secure, but it also can make them think about all the weaknesses in the system and how very insecure the whole thing is.\u00a0 Security is necessary, however, because other hospitals have had attempted kidnappings.<\/p>\n

Conclusion:<\/strong><\/p>\n

Even though there are a lot of vulnerabilities, I think a major goal of having a security system in place is deterrence.\u00a0 If adversaries know that the hospital has security measures, they will probably choose somewhere else to make their attack.\u00a0 The system definitely has holes, but I think overall and given limited resources, the system is sufficient.<\/p>\n","protected":false},"excerpt":{"rendered":"

Overview:\u00a0 Overlake Hospital Birthing Center has put a security system and policies in place to make sure babies are safe there.\u00a0 First of all, mothers are given a bracelet when they come in that identifies who they are.\u00a0 This is … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":43,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,5],"tags":[57,58,59],"class_list":["post-74","post","type-post","status-publish","format-standard","hentry","category-physicalsecurity","category-security-reviews","tag-babies","tag-hospital","tag-lockdown"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/74","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/43"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=74"}],"version-history":[{"count":0,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/74\/revisions"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=74"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=74"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=74"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}