August 6, 2019
| By: Christine Young
Blogger, Maxim Integrated
According to the World Health Organization (WHO), 1 in 10 medical products in developing countries is either substandard in quality or falsified and up to 8% of medical products in the supply chain is counterfeit. In 2017, the World Customs Organization, Interpol, and law enforcement from more than 123 countries seized more than $50 million in counterfeit medicines and medical devices. These are scary statistics for patients and should be just as sobering for manufacturers of medical disposables.
Fortunately, protecting your medical disposables from counterfeiting can be as straightforward as integrating secure authenticators into your designs. Zia Sardar, a principal member of the technical staff at Maxim, explained how in his recent webinar, “How to Prevent Counterfeiting of Medical Disposables.”
Medical disposables include surgical tools, medical monitors that track vitals such as blood pressure and administer medications, and devices such as pulse oximeters and catheters. They have in common a few key characteristics:
As Sardar noted, the manufacturer’s business and reputation, not to mention patient safety, depend on the designer safeguarding these tools and equipment.
Securing medical disposables such as the pulse oximeter pictured here protects patient safety as well as the manufacturer’s reputation.
While security can be implemented either via software or hardware, Sardar explained that for medical disposables, hardware-based security provides a more robust option. A software security implementation using a microcontroller is vulnerable, especially since there are numerous companies out there whose sole purpose is to hack into these types of deployments, he said.
Wondering whether hardware security is right for your design? Sardar shared some questions to consider as you make your assessment:
A secure authenticator IC with built-in protective algorithms is ideal for protecting medical tools and sensors as they provide an extra layer of complexity for cybercriminals, Sardar said, noting, “Somebody could go and reverse-engineer the circuit, but there are aspects of the authenticator that prevent them from getting the secret key.” Physically unclonable function (PUF) technology is one example here, though it was not a focus of this webinar.
What makes a secure authenticator a good option for these types of applications? As Sardar explained, these ICs provide the functions needed: IP protection, device authentication, feature setting, use management, data/firmware integrity, and message authentication/integrity. Along with these functions, the devices also provide some desirable features: ease of use, symmetric and asymmetric algorithms, bi-directional authentication, secure use counting, secure system data storage, and secure GPIO.
To illustrate how authentication works, Sardar brought up the popular “Alice and Bob” scenario. Alice wants to send a message to Bob, but, first, the two have securely exchanged a symmetric secret key. Before she sends the message, Alice takes the message plus a key and puts them through a SHA-3 engine to generate a message authentication code (MAC). Then, Alice can send the message and the MAC to Bob. Bob then takes the message and puts it through his SHA-3 engine and, with their shared key, generates his own MAC. Bob can now compare both MACs and if they match, this means the authentication is successful. So, a device with a SHA-3 algorithm for IP protection can help you:
Unlike many other internet of things (IoT) applications, medical disposables have some unique considerations that secure authenticators must meet. One of the key requirements is that the security solution must be compatible with the sterilization processes that these medical tools and sensors undergo. An autoclave is a pressure chamber that sterilizes with heat (up to 134°C) or 2ATM pressurized steam for up to 20 minutes. Ethylene-oxide gas with heat (up to 60°C and 14 hours of total cycle time) is another common medical sterilization technique. Gamma or e-beam radiation provides sterilization as well. The secure authenticator must be able to withstand all of these conditions and environments. Sardar noted that Maxim provides devices that are compatible with these sterilization methods. For example, the DS28E83 DeepCover® 1-Wire® secure authenticator is resistant up to 75kGy of radiation, allowing user-programmable manufacturing or calibration data before medical sterilization.
Sardar concluded his talk by emphasizing that secure authenticators can help medical tool manufacturers guarantee the performance and quality of their products.