August 17, 2017
|By: Scott Jones
Managing Director, Micros & Security Business Unit, Maxim Integrated
It goes without saying that medical devices should be safeguarded from the prying reach of cybercriminals. Even so, Wired still calls medical devices "the next security nightmare." Despite the potentially devastating ramifications, there’s still plenty of cause for worry—and reason for design engineers to take more action. Last fall, for example, Johnson & Johnson warned about a security vulnerability with one of its insulin pumps. St. Jude has had to address security risks in some of its defibrillators, pacemakers, and other medical electronics. And there’s evidence that this spring’s WannaCry ransomware attack affected medical devices as well as medical facilities.
While wireless connectivity, remote monitoring, and near-field communication have given healthcare professionals the ability to easily monitor their patients, these features also mean that these devices have more points of vulnerability. By hacking into a device, a cybercriminal could potentially take control of it, directing the device to operate incorrectly. What’s more, a device breach can potentially open up an entire network to further attack, from theft of sensitive data to ransomware episodes.
Equally at risk, medical endpoints including tools, sensors, and consumables have security needs that fall into three risk scenarios:
Secure authenticator ICs are an ideal solution to provide cost-effective cryptographic protection required by medical devices. By integrating these ICs into their designs, device manufacturers can cryptographically prove that the sensor in their device is genuine. Operationally, only a genuine sensor will have the correct crypto key installed and be able to successfully prove its authenticity. See Figure 1 for a diagram outlining the sensor verification flow.
Figure 1: Determining sensor authenticity in a device endpoint.
Secure authenticators also provide calibration data storage, protecting non-volatile memory from modification and proving that the calibration data originates from a genuine sensor. Data from the endpoint is cryptographically signed such that the host instrument can verify integrity and origin. Figure 2 shows the verification flow for calibration data storage. Use compliance is another benefit of secure authenticators, as they can securely manage limited life/use tools, allowing only an authentic host to modify use data.
Figure 2: Calibration data storage verification flow.
When evaluating secure ICs, there are three pillars of security that you should seek:
Secure authenticators address the threats by providing hardware-based cryptography, fixed-function operation; secure storage; and attack countermeasures. With the functions provided by these ICs, security isn’t hard to implement, expensive, or time-consuming.
Maxim's DeepCover secure authenticators provide advanced physical security for low-cost IP protection, clone prevention, and peripheral authentication. They selectively support a variety of crypto algorithms: SHA-256 MAC, SHA-256 HMAC, ECDSA-P256, and ECDH-P256. You can evaluate our secure authenticators via our MAXREFDES155# IoT embedded security reference design, which features our DS28C36 DeepCover ECDSA/SHA-2 authenticator. Using elliptic-curve-based public-key cryptography, the reference design demonstrates a variety of authentication and control functions between a web server and network-connected sensing node.