Safeguard Smart Medical Devices for Enhanced Patient Safety

May 12, 2020

Carlos Alberto Rodriguez  By: Carlos Alberto Rodriguez
 Business Manager; Micros, Security & Software, Maxim Integrated  

In light of the COVID-19 global pandemic, healthcare professionals are seeing a rise in telehealth practices, as physical distancing guidelines are compelling doctors to meet with their patients by phone or online. Smart, connected medical devices are a useful tool in this climate. For example, wearables that provide continuous, real-time monitoring of vital signs can yield a treasure trove of health insights for patients and physicians alike. But, as with any IoT devices, smart medical devices—and the sensitive patient data they collect—can also be vulnerable to security threats if left unprotected.

One area of medical device vulnerability involves the communication protocols used in some of these devices. In this blog post, I'll discuss this further and explain how physically unclonable function (PUF) technology can provide robust protection.

IoT Communications Protocols Can Be Light on Security

A study by Allied Market Research predicts that the IoT healthcare market will reach $136.8 billion globally by 2021, representing a CAGR of 12.5% from 2015 to 2021. As HealthTech magazine notes, "Today's internet-connected devices are being designed to improve efficiencies, lower care costs and drive better outcomes in healthcare. As computing power and wireless capabilities improve, organizations are leveraging the potential of internet of medical things technologies."

In the IoT world, security camera systems are the most often hacked, followed by smart hubs and network-attached storage devices, according to a SAM Seamless Network report. Often, the information being transferred across the internet is not so important or sensitive, like in the example of a smart trash can that sends alerts when it is full. However, when it comes to some of the most important information in our lives, such as our health data, that's a much different story. We want to ensure the data is not being stolen, modified, corrupted, or intercepted during storage and transfer.

There are many communication protocols that are enabling the IoT to be what it is today. Each of these protocols are used to enable four types of transmission channels in the IoT:

  1. Device to device (D2D)
  2. Device to gateway
  3. Gateway to data centers
  4. Data center to data center

An IoT system typically consists of devices, gateways, and the data system.Figure 1. A typical IoT system architecture consists of devices, gateways, and the data system (i.e., the cloud).

WiFi, Bluetooth Light, and LoRa are among some of the popular protocols; however, these also come with fairly light security features that don't quite give users the confidence to share sensitive information. For applications like smart medical devices, having extra layers of protection is crucial. Let's consider a few examples where more robust security is necessary.

In 2017, the U.S. Food and Drug Administration (FDA) recalled almost 500,000 pacemakers over concern about a security loophole which allowed the authentication key to be bypassed and RF communication to take place. After communication was established, the pacemaker could wirelessly receive an unlimited amount of "RF wake-up" commands, accelerating battery drainage. It was also possible for the pacemaker to receive commands to increase/decrease the pace of the patients' hearts, giving full control to an unknown source. Moreover, some of the models in this recall did not encrypt the patient's information during storage or transmission of the data to other devices. The company later released an update to add data encryption, operating system patches, and the ability to disable network connections to minimize the risk.

In 2018, the FDA recalled an insulin pump whose vulnerabilities allowed hackers to decrease/increase the dose of insulin delivery or change pump settings. This could lead to high/low blood sugar, which, in turn, can trigger seizures, dizziness, headaches, or even death. Attackers were also able to gain access to sensitive data from the device. Similar to the previous pacemaker case, the authentication and authorization measures were not implemented correctly, exposing RF communication.

Insulin pump hacking can cause patient safety issues.Figure 2. Insulin pumps are among the medical devices that have been recalled over security threats. Image courtesy of Hdc Photo/Shutterstock.

With PUF Technology, There's No Key to Steal

The examples discussed force the question of how serious companies are about security, and whether they should be increasing the security barriers in their products, especially when leaving their customers open to risks. Fortunately, there are a lot of new technologies to help mitigate the security loopholes. PUF technology is one such example. A PUF is derived from the complex and variable physical and electrical properties of ICs. Since it depends on random physical factors introduced during the manufacturing process (and that are unpredictable as well as uncontrollable), PUF technology is virtually impossible to duplicate or clone. The digital fingerprint that PUF technology natively generates for its associated IC can be used as a unique secret key to support the algorithms that are used in authentication, identification, anti-counterfeiting, hardware-software binding, and encryption/decryption. Think of the unique key as a person's DNA. Under normal operating conditions, an effective PUF implementation should be inherently nonvolatile, requiring no battery or other permanent power source. The circuitry should be resistant to physical inspection, and the key should be generated only when needed for a cryptographic operation.

Maxim Integrated's version of PUF technology, called ChipDNA technology, is even more robust. Our PUF circuit relies on the naturally occurring random analog characteristics of fundamental MOSFET devices to produce the cryptographic keys. It ensures that the unique binary value generated by each PUF circuit can be repeated over temperature and voltage and as the device ages. This unique value is never stored on the chip. This differs from many traditional security implementations, where secret keys are stored in nonvolatile memories like NOR/NAND flashes or on special external memory chips like battery-backed SRAMs. Instead, with ChipDNA PUF technology, the secret key is generated only when needed by the PUF circuit and disappears when it's no longer needed. Also, if a hacker tries to conduct an invasive physical attack on a PUF-based device, the attack itself would change the electrical characteristics of the PUF circuit, further impeding the attack. In other words, you really can't steal a key that isn't there.

The DeepCover® MAX32520 secure Arm® Cortex®-M4 microcontroller with secure boot is the industry's first secure microcontroller with PUF technology. In addition to ChipDNA PUF technology, the MAX32520 provides:

  1. Tamper detection circuitry: Constant environmental inspection (e.g. voltage, temperature) for out-of-range values, along with die shield integration for prevention of probing
  2. Side-channel attack prevention: Software triggers random events, resulting in nondeterministic behavior to avoid thwarting replay attacks or key search approaches
  3. Secure bootloader: Verifies flash integrity before code execution and authenticates source before secure flash upload
  4. Advanced encryption: Equipped with FIPS SP-800-90B and SP-800-90A compliant TRNG, AES-256, ECDSA-512, and SHA-512

The MAX32520 provides the most advanced security to protect sensitive information in smart medical devices—which makes integrating the device into your design a smart move.

This blog post was adapted from an article that originally appeared as the cover story in the March issue of Elektronik Informationen.