In ENTRUST project, we are working collaboratively to design and develop a Trust Management framework. A combination of software applications, methods and technologies will be used that when operating all together will have as a result to ensure trust among all the devices involved in the system where the framework is applied. In this project, the focus is on protecting systems that operate in the medical domain sector. During the project, tests and experiments will be conducted to integrate and validate the ENTRUST Trust Management Framework in various use cases, considering also numerous different scenarios. From these experiments, valuable insights will be earned regarding the efficiency, applicability, and effectiveness of the framework. Below we present a real-life application, a scenario and an environment that the ENTRUST Trust Management Framework can be integrated into.
Use case: Dynamic Trust Assessment in ECG Monitoring Portable Devices and Complex Stationary Devices in a Hospital Setting
In a hospital setting, various medical devices are operating that monitor patient’s health and measure numerous different health signals, providing in this way the doctors with the necessary information to act appropriately for patient needs. An ECG device is a module that records the electrical signal from the heart to check for different heart conditions. This device is usually connected to a computer, which then an application visualizes the electrical signals retrieved and provides the doctors of the hospital information to diagnose if any heart condition occurs, to act immediately and ensure that the patient will have the proper care.
However, what if the health data provided are not the authentic data collected by the device attached to the patient? What if this data has been intentionally altered or modified, giving incorrect information to the doctor and potentially leading to an inaccurate diagnosis, consequently harming the patient's health?
Unfortunately, such scenarios are not uncommon. Hospitals worldwide have experienced cybersecurity attacks from hacker teams. After compromising a hospital's devices, these hackers often demand money to restore normal operations. Hackers exploit vulnerabilities in the network or software applications of devices, allowing them to compromise and alter the transmitted health data of patients
Here is where the ENTRUST Trust management framework comes into play. This framework is developed to ensure trust among the devices operating in the hospital. Techniques and security mechanisms are utilized so that each time a new device, application, or user is involved in a scenario like the one presented above, alerts are generated. Information regarding the operation of the overall system is then forwarded to system administrators or security experts at the hospital.
Based on the received information, the experts in the hospital's IT department are immediately informed about any misbehavior or anomaly on the network or with the operation of the hospital's devices. This helps them take appropriate action. Additionally, mechanisms developed in the ENTRUST framework automate the process of ensuring that all devices are trusted, data has not been altered, and any user of the medical device applications has the required permissions to perform any action.
If any of the above is not true, the framework can prevent such attacks, thereby preventing decisions about patient care by doctors that may lead to incorrect diagnoses and affect the patient's health.