How Secure Authenticators Prevent Counterfeiting of Medical Disposables
August 06, 2019
| By: Christine Young
Blogger, Maxim Integrated
According to the World Health Organization (WHO), 1 in 10 medical products in developing countries is either substandard in quality or falsified and up to 8% of medical products in the supply chain is counterfeit. In 2017, the World Customs Organization, Interpol, and law enforcement from more than 123 countries seized more than $50 million in counterfeit medicines and medical devices. These are scary statistics for patients and should be just as sobering for manufacturers of medical disposables.
Fortunately, protecting your medical disposables from counterfeiting can be as straightforward as integrating secure authenticators into your designs. Zia Sardar, a principal member of the technical staff at Maxim, explained how in his recent webinar, “How to Prevent Counterfeiting of Medical Disposables.”
Medical disposables include surgical tools, medical monitors that track vitals such as blood pressure and administer medications, and devices such as pulse oximeters and catheters. They have in common a few key characteristics:
- Limited duration of use – a tool may be intended for use over only a couple of months before its performance degrades, for example
- Limited number of uses – a tool may be designed only for a specific number of uses before its performance degrades and it should be discarded
- Single-use limitation – an example of this is a medical patch, where patients could be exposed to dangerously higher dosages of medication if the patch is used more than once
As Sardar noted, the manufacturer’s business and reputation, not to mention patient safety, depend on the designer safeguarding these tools and equipment.
Securing medical disposables such as the pulse oximeter pictured here protects patient safety as well as the manufacturer’s reputation.
Why Hardware Security Is Harder to Crack
While security can be implemented either via software or hardware, Sardar explained that for medical disposables, hardware-based security provides a more robust option. A software security implementation using a microcontroller is vulnerable, especially since there are numerous companies out there whose sole purpose is to hack into these types of deployments, he said.
Wondering whether hardware security is right for your design? Sardar shared some questions to consider as you make your assessment:
- Do you have an existing problem that could be solved with security?
- Could your tool or sensor be a target for counterfeiting or improper use?
- For safety and quality, is it imperative that your sensors, tools, and peripherals be genuine?
A secure authenticator IC with built-in protective algorithms is ideal for protecting medical tools and sensors as they provide an extra layer of complexity for cybercriminals, Sardar said, noting, “Somebody could go and reverse-engineer the circuit, but there are aspects of the authenticator that prevent them from getting the secret key.” Physically unclonable function (PUF) technology is one example here, though it was not a focus of this webinar.
What makes a secure authenticator a good option for these types of applications? As Sardar explained, these ICs provide the functions needed: IP protection, device authentication, feature setting, use management, data/firmware integrity, and message authentication/integrity. Along with these functions, the devices also provide some desirable features: ease of use, symmetric and asymmetric algorithms, bi-directional authentication, secure use counting, secure system data storage, and secure GPIO.
To illustrate how authentication works, Sardar brought up the popular “Alice and Bob” scenario. Alice wants to send a message to Bob, but, first, the two have securely exchanged a symmetric secret key. Before she sends the message, Alice takes the message plus a key and puts them through a SHA-3 engine to generate a message authentication code (MAC). Then, Alice can send the message and the MAC to Bob. Bob then takes the message and puts it through his SHA-3 engine and, with their shared key, generates his own MAC. Bob can now compare both MACs and if they match, this means the authentication is successful. So, a device with a SHA-3 algorithm for IP protection can help you:
- Authenticate the tool or sensor before use
- Securely update data in the tool authenticator
- Provide authenticated read of sensor operating parameters
- Securely count the number of tool uses
- Expire additional uses of the tool
Compatible with Medical Sterilization Processes
Unlike many other internet of things (IoT) applications, medical disposables have some unique considerations that secure authenticators must meet. One of the key requirements is that the security solution must be compatible with the sterilization processes that these medical tools and sensors undergo. An autoclave is a pressure chamber that sterilizes with heat (up to 134°C) or 2ATM pressurized steam for up to 20 minutes. Ethylene-oxide gas with heat (up to 60°C and 14 hours of total cycle time) is another common medical sterilization technique. Gamma or e-beam radiation provides sterilization as well. The secure authenticator must be able to withstand all of these conditions and environments. Sardar noted that Maxim provides devices that are compatible with these sterilization methods. For example, the DS28E83 DeepCover® 1-Wire® secure authenticator is resistant up to 75kGy of radiation, allowing user-programmable manufacturing or calibration data before medical sterilization.
Sardar concluded his talk by emphasizing that secure authenticators can help medical tool manufacturers guarantee the performance and quality of their products.
- Register and watch the on-demand webinar, “How to Prevent Counterfeiting of Medical Disposables”
- Get more details about Maxim’s medical disposable technologies
- Read the application note, “Secure Authentication for Medical Disposables”