Author: Dr. Symeon Tsintzos, QUBITECH
In today's digitally driven world, the healthcare sector is undergoing a profound transformation with the integration of connected medical devices (CMDs). These devices, ranging from wearable monitors to high-end devices deployed in an operating room, hold the promise of revolutionizing patient care by providing real-time data, enabling remote monitoring, and enhancing treatment outcomes. However, the widespread adoption of connected medical devices also raises significant concerns regarding data security and patient privacy.Â
The role of Physically Unclonable Functions (PUFs)Â
Amidst these challenges, Physically Unclonable Functions (PUFs) emerge as a promising solution for enhancing the security of connected medical devices. The inherent uncountability of the PUF cannot be controlled as it relies on multiple random parameters that are generated during the manufacturing process. Essentially, a PUF is the physical analogue of a one-way mathematical function, based on an unclonable, non-reproducible and complex physical mechanism.
Combined with their deterministic operation, PUFs are appropriate for cryptographic key generation on demand, eliminating the need for key storage (no key-at-rest property). When an external stimulus (challenge) is applied to a PUF implementation, it will react with a corresponding response and this combination is called a challenge-response pair (CRP).
The PUF system contains uncontrollable random components, so when challenge C is applied to the PUF system it will react with these components in a way to produce unpredictable and random response R. These random components (e.g. a SRAM, a multiplexer, a sandblasted silica glass) and the inability to control their manufacturing process, constitutes a PUF system unpredictable, unique, and more important, physically unclonable.Â
Security Challenges
CMDs, as IoT devices, are characterized by their constraints on processing power, memory and often battery power. Also, MDs, in most cases, are delivered to the final user compliant with all medical and healthcare safety regulations and any interference at device-level is prohibited due to the specific certification they possess. Thus, providing security services at the software and hardware level is very challenging. Additionally, providing security at the hardware level is nowadays limited only to hardware security modules that perform a set of cryptographic operations (e.g. key management, key exchange, and encryption) at the processor level. They are thus applicable only to modern and not to existing CMDs devices.
An alternative solution towards that direction is the use of PUFs. PUFs can potentially provide an increased level of hardware security for MDs by introducing randomness in the key generation process of secure device onboarding, support identity management as well as the cryptographic operations when the design of advanced attestation schemes is considered.Â
Physically unclonable functions in the ENTRUST projectÂ
The most widely known types of PUFs, based on fabrication process are two: the optical (photonic) and the electronic. The former is considered a strong PUF, whereas the latter is classified as weak.
In the context of ENTRUST, both flavours will the thoroughly tested, tailored to the needs and challenges opposed by MDs per se, as well as by the technical and use case requirements. Special focus will be devoted to electronic PUFs (e-PUFs), also considering their size, their cost, and their implementation flexibility, whereas their optical counterparts (o-PUFs) will be also explored leveraging their exceptional security properties originated from probabilistic procedure involved for the key derivation from a high-entropy optical medium (e.g. photonic chaotic cavity, disordered random optical scattering media etc.) commonly utilized. As regards to the silicon PUF considered here, a memory-based PUF was selected, whereas for the non-silicon PUF, a speckle imaging-based optical PUF was considered.Â
In conclusion, the integration of Physically Unclonable Functions (PUFs)Â in the context of the ENTRUST project holds immense potential for enhancing the security and integrity of connected medical devices.
By leveraging the inherent physical properties of electronic or optical components, PUFs enable:
Robust authentication
Secure key generation
Anti-counterfeiting measures
Privacy-preserving data sharing
Resilience to physical attacks.
As the healthcare domain continues to embrace digital transformation, ENTRUST envisions utilising PUFs as a vital enabler for ensuring patient safety, data security, and regulatory compliance in an interconnected healthcare ecosystem. Â
Comments