Protect Your Medical Device Endpoints with Secure Authenticators
August 17, 2017
|By: Scott Jones
Managing Director, Micros & Security Business Unit, Maxim Integrated
It goes without saying that medical devices should be safeguarded from the prying reach of cybercriminals. Even so, Wired still calls medical devices "the next security nightmare." Despite the potentially devastating ramifications, there’s still plenty of cause for worry—and reason for design engineers to take more action. Last fall, for example, Johnson & Johnson warned about a security vulnerability with one of its insulin pumps. St. Jude has had to address security risks in some of its defibrillators, pacemakers, and other medical electronics. And there’s evidence that this spring’s WannaCry ransomware attack affected medical devices as well as medical facilities.
While wireless connectivity, remote monitoring, and near-field communication have given healthcare professionals the ability to easily monitor their patients, these features also mean that these devices have more points of vulnerability. By hacking into a device, a cybercriminal could potentially take control of it, directing the device to operate incorrectly. What’s more, a device breach can potentially open up an entire network to further attack, from theft of sensitive data to ransomware episodes.
Equally at risk, medical endpoints including tools, sensors, and consumables have security needs that fall into three risk scenarios:
- Fake, involving counterfeit devices and/or sensor endpoints where falsified or altered data is produced by a device or endpoint
- Harmful, involving the introduction of a virus or harmful configuration data
- Unsafe, involving reuse of limited-life endpoint peripherals
Cryptographic Security with an IC
Secure authenticator ICs are an ideal solution to provide cost-effective cryptographic protection required by medical devices. By integrating these ICs into their designs, device manufacturers can cryptographically prove that the sensor in their device is genuine. Operationally, only a genuine sensor will have the correct crypto key installed and be able to successfully prove its authenticity. See Figure 1 for a diagram outlining the sensor verification flow.
Figure 1: Determining sensor authenticity in a device endpoint.
Secure authenticators also provide calibration data storage, protecting non-volatile memory from modification and proving that the calibration data originates from a genuine sensor. Data from the endpoint is cryptographically signed such that the host instrument can verify integrity and origin. Figure 2 shows the verification flow for calibration data storage. Use compliance is another benefit of secure authenticators, as they can securely manage limited life/use tools, allowing only an authentic host to modify use data.
Figure 2: Calibration data storage verification flow.
Turnkey, Low-Cost Security
When evaluating secure ICs, there are three pillars of security that you should seek:
- Authenticity to prove that the information comes from an authentic and authorized source
- Integrity to ensure that the information hasn’t been modified and that the received message is identical to the one sent
- Confidentiality to prevent unauthorized information access
Secure authenticators address the threats by providing hardware-based cryptography, fixed-function operation; secure storage; and attack countermeasures. With the functions provided by these ICs, security isn’t hard to implement, expensive, or time-consuming.
Maxim's DeepCover secure authenticators provide advanced physical security for low-cost IP protection, clone prevention, and peripheral authentication. They selectively support a variety of crypto algorithms: SHA-256 MAC, SHA-256 HMAC, ECDSA-P256, and ECDH-P256. You can evaluate our secure authenticators via our MAXREFDES155# IoT embedded security reference design, which features our DS28C36 DeepCover ECDSA/SHA-2 authenticator. Using elliptic-curve-based public-key cryptography, the reference design demonstrates a variety of authentication and control functions between a web server and network-connected sensing node.