Do You Trust Your Smart Medical Device?
August 21, 2018
|By: Scott Jones, Managing Director and Nathan Sharp, Senior Business Manager,
Embedded Security; Maxim Integrated
When you’re undergoing a medical procedure, the last thing you want to have to worry about is whether the medical instrument being used has been compromised. As with any smart, connected device, however, medical tools can also be vulnerable to attack, from cloning and counterfeiting to unauthorized reuse.
There already have been some high-profile incidents. In 2007, former US Vice President Dick Cheney’s cardiologist had the wireless capability of his implanted heart defibrillator disabled to prevent hacking. Security flaws have been discovered in syringe infusion pumps and pacemakers. Even in light of these incidents, there’s growing concern that security is still lacking in medical devices. A Ponemon Institute survey reported that 67% of hospital network security specialists answered “no” or “unsure” when asked if medical device security was on their short list of concerns, according to a DoctorNews article.
Why security isn’t a more urgent concern in the medical industry often comes down to the reasons that are pervasive in so many other fields: beliefs that implementing security is too complicated, time-consuming, or expensive.
Protecting Medical Endpoints
Technologies including wireless connectivity, optical biosensors, and near-field communication (NFC) integrated into portable, implantable, ingestible, or wearable devices are enabling patients and healthcare professionals to continuously track an array of health parameters. The emergence of these capabilities is enabling a more proactive and coordinated approach to healthcare, while helping to streamline costs.
Ablation tools are an example of connected medical devices that can be safeguarded from unauthorized use by secure authenticators.
However, left unprotected, medical endpoints, including tools, sensors, and consumables, face very real scenarios including:
- Reuse of limited-life endpoint peripherals beyond their targeted lifecycle
- The introduction of viruses or harmful configuration data
Safeguarding connected devices doesn’t require that their designers be cryptography experts. Implementing security ICs into embedded designs can alleviate many of the threats. Some of these devices provide an unmodifiable root of trust that allows developers to close off more potential entry points into their design than a software-based approach would allow. For instance, in a microcontroller, the root of trust could be startup code stored in internal immutable ROM, which can be used to verify and authenticate an application’s software signature when the microcontroller is powered on.
For an even stronger level of security, there’s the option of physically unclonable function (PUF) technology. Using the random electrical properties of IC devices, PUF circuitry produces a unique and repeatable root cryptographic key for each IC. Taking advantage of this variability, PUF circuits can extract secret information that is unique to each chip. The secret, or key, is generated only when needed, and it isn’t stored on the chip. A device designed with PUF technology, featured in some secure authenticators, is protected from invasive attacks.
Speaking of secure authenticators, these devices provide a number of features that can be useful in safeguarding connected medical devices: traceability, secure monitoring, usage monitoring, and protection against counterfeiting. For example, the challenge-and-response authentication that these ICs provide can ensure that a surgical tool is authentic and hasn’t been used before.
What about medical instruments that have undergone sterilization? Gamma and e-beam sterilization deliver high levels of radiation, which can disrupt or damage certain types of nonvolatile memory. Memory is a critical component of secure authenticators, storing sensitive information such as keys, application data, and certificates. Nonvolatile memory typically stores calibration and manufacturing data. Now there’s a secure authenticator that provides radiation-resistant bi-directional authentication. Maxim’s DS28E83 is the industry’s first radiation-resistant, 1-Wire® secure authenticator for medical surgical tools or sensors that undergo gamma or e-beam sterilization. Resisting up to 75kGY of radiation, the DS28E83 features an array of protective capabilities, including ECDSA P256 asymmetric secure authentication, SHA-256 hash-based message authentication code (HMAC) symmetric key secure authentication, and elliptic-curve Diffie-Hellman (ECDH) key exchange for optional secure session keys between host and slave authenticator communication.
Security ICs an Antidote to Malicious Attacks
As more intelligent and connected medical devices deliver a continuous stream of health-related data, people are equipped with the tools and insights to be able to take more control over their well-being. Connectivity, however, also brings the potential for malicious attack. Security ICs can provide a good remedy to these threats.