top of page
Search

ENTRUST’s PUF-based Trusted Computing Base for resource-constrained CMDs

In today’s hyper-connected healthcare environments, ensuring the trustworthiness of medical devices is no longer optional; it is mission-critical. Devices such as wearable sensors, infusion pumps, and portable diagnostic equipment operate at the frontline of patient care, often in resource-constrained settings where conventional security mechanisms are too heavy, costly, or rigid. In the context of ENTRUST, the project partner QUBITECH tackles this challenge head-on through the development of a lightweight Physical Unclonable Function (PUF)-based Trusted Computing Base. 


The proposed approach leverages the intrinsic physical variations of electronic components to generate unique, unclonable identities for each device. This lightweight yet robust security primitive provides the foundation for device attestation, secure key generation, and the collection of trustworthiness evidence, enabling connected medical devices to prove their integrity throughout their lifecycle.


Unlike traditional cryptographic anchors, PUFs eliminate the need for secure key storage and dramatically reduce the attack surface - an essential advantage in the sensitive and safety-critical domain of healthcare. By embedding trust “from the silicon up,” QUBITECH’s work contributes to a broader mission: enabling secure, transparent, and resilient connected healthcare infrastructures that can adapt to evolving threats without compromising usability or performance. 



Photo on the right: HIMSS25 live demonstration.

Photo on the left: Presentation at IEEE CSR.


The feasibility of this approach was demonstrated in a realistic telehealth scenario, where resource-constrained CMDs harmonically interact with a trusted gateway. Extensive benchmarking results validated the low overhead of cryptographic operations and trustworthiness evidence extraction, highlighting the practicality of the proposed approach for scalable, resilient healthcare infrastructures. 


This research has been presented at the IEEE Cyber Security & Resilience (IEEE CSR) conference (ieee-csr.org), and its core results are published in the peer-reviewed paper A PUF-based Root-of-Trust for Resource-Constrained IoT Devices. Beyond the scientific community, its potential impact was also highlighted through a live demonstration at the HIMSS Europe Conference and Exhibition), showcasing its applicability in secure digital health environments. 

 

 

 This blog post was written by ENTRUST partner QUBITECH.


Don’t miss our next updates! Follow us on LinkedIn and Bluesky and be part of the conversation.

entrust_log_FINAL-04.png
EN-Funded by the EU-NEG.png

Funded by European Commission under Horizon Europe Programme (Grant Agreement No. 101095634). 

 

Views and opinions expressed are those of the ENTRUST consortium authors only and do not necessarily reflect those of the European Union or its delegated Agency DG HADEA. Neither the European Union nor the granting authority can be held responsible for them.

Subscribe to Our Newsletter

Thanks for submitting!

Follow Us On:

  • LinkedIn
  • X
  • Youtube

Coordinator Email: coordination@entrust-he.eu

bottom of page