In recent years, technology has advanced, changing our perception of the world and how we carry out daily actions. One of the paradigms most impacting our lives is the medical devices (MDs) that changed the way of treating people and living in general. The digital transformation is reshaping the medical industry by introducing high-end products that allow bi-directional communication, remote access, and concrete analysis of the collected data. Such innovation strongly assisted patients with chronic disease and concurrently improved the accuracy of measurements compared to conventional devices, bringing also enhanced scientific knowledge in the domain by gathering and sharing massive amounts of data between organizations for detailed study of diseases. However, the digitization of the medical industry brings many security challenges,this blog post presents a short overview of some of the security challenges and provides an outline of possible cryptographic solutions.
One challenge of the digital transformation of the medical industry is how to assure that a medical device behaves as expected, i.e., no compromise is detected on the device. Due to the above-mentioned challenge, the “Zero Trust” paradigm will be applied under the concept “Never Trust – Always Verify”, where access and exploitation of resources must be finely controlled, and no implicit trust assumptions are made. Therefore, an overarching trust management framework is needed to secure the entire lifecycle of medical devices, from the bootstrap of the devices to their operation and maintenance. Towards this direction, ENTRUST Protection Profiles include the measures and the validation properties that need to be monitored and verified, during runtime, as evidence of the level of trustworthiness. Toward this goal, ENTRUST will develop remote attestation schemes that are the most prominent techniques for safeguarding the correct execution of a medical device, allowing for the provision of strong assurance guarantees. A remote attestation is a powerful tool used to assert a level of trust in a device that is not physically accessible. It enables a device (prover) to attest to the correctness of some properties (e.g., configuration properties, execution properties). ENTRUST research will be done in the context of attestation starting from integrity verification (CIV) to control-flow attestation (CFA).
Another challenge of the digital transformation of the medical industry is how to achieve the underlying security and privacy requirements regarding access control, simply granting explicit trust to users and devices is not sufficient. We also need to be able to provide cryptographic protocols with different levels of assurance pertaining to data management and access, as well as to enable different levels of granularity in the access control to capture different roles of users that need to showcase the necessary attributes and privileges for accessing the data. To this end, ENTRUST takes an attribute-based approach to data management, meaning that data access is determined based on the attributes that a device can exhibit in a verifiable manner. ENTRUST will also employ state-of-the-art crypto primitives including Attribute-based Encryption (ABE) and Attribute-based Signatures (ABS) to ensure privacy-preserving and fine-grained access control to the exchanged messages to only those devices that hold the required attributes. In the ENTRUST framework, the set of attributes corresponding to each device is issued by a trusted authority during the secure device enrolment process as a part of the Verifiable Credentials VCs, this includes information such as OS version, type of libraries installed, type of CPU microcontroller, as well as security claims on the correct execution of specific software.
The end goal of this approach is to achieve continuous authentication and authorization in the interactions of the medical devices with the Blockchain infrastructure, either when querying for operational or attestation-related data, or for recording attestation results. This is achieved by providing devices with the capability to create Verifiable Presentations (VPs) that demonstrates that a device possesses the required attributes via its VC without the need for relying on trusted centralized entities for issuing them again. This approach aligns with the ENTRUST goal of operating within a zero-trust ecosystem but also provides scalability by shifting trust to the medical devices themselves, thus eliminating the need for a centralized identity management system. Based on all the above, ENTRUST will develop a set of lightweight cryptographic schemes that capture the different types of security, privacy, and trust requirements.