Design News, February 2013

Issue link:

Contents of this Issue


Page 59 of 99

Medical The fewer people that know the details of the security measures you have put in place, the longer those measures are likely to be effective. For each of the vulnerabilities that you need to address, consider layered strategies — use a password and a proprietary data format to protect patient data, use secure EEPROM and online verification to protect the integrity of your executable software image. Finally, create a plan to provide updates or patches in the event that an exploit does become widely available or widely known. Determine How to Protect It The list of hardware features that enhance usability of consumer (and medical) devices is relatively ubiquitous: Ethernet, WiFi, Bluetooth (BT), USB, GPS, accelerometers, haptic, touch, and audio. Less prevalent technologies like FireWire (IEEE1394), ZigBee, and NFC are also beginning to enter the mainstream. Generally, they fall into a few different categories in terms of the enhancements they provide. Remote data access allows both patients and healthcare professionals more up-todate information about the patient status (sensor data via USB/ BT), device status, usage patterns (dosing/therapy records), and behavior (GPS & accelerometer data). Data collection via ZigBee, BT, and USB-connected sensors provides enhanced information for patients and healthcare workers to make decisions about patient care. When utilized in the User eXperience (UX) design, augmented man-machine interface (MMI) features — touch, haptic, audio — offer an opportunity to reduce mistakes by improving the clarity and simplicity of the task workflow. Each of these hardware features poses some inherent risk. The utility of these features is predicated entirely on standardization — which means that each of these technologies is readily available to potential malicious actors. In most cases, it is not practical to reinvent data storage or transport technologies as alternatives to USB, WiFi, BT, or Ethernet. Typical strategies for reducing these risks include device pairing, password protection, data encryption, and data format. Though the scope of this article does not allow an in-depth exploration of all possible mitigation measure, we'll review several of these briefly. Device Pairing Device pairing is a method (familiar from BT) that requires specific instances of a device (i.e. a particular sensor, a particular WiFi hub, a particular PC, etc.) and limits access to the device only to explicitly paired devices. This strategy can be layered on top of communication between any pair of devices where the protocol already provides a handshake that shares device ID, or where it is possible to add some custom software to share and record device IDs and authentication. It is also possible to implement pairing via a back-end service, accessible from the host device, that stores approved pairings in a single database. One advantage of a global database (similar to IMEI numbers for cell phones) is that it allows early detection of counterfeit devices (duplicate IDs). Of course one disadvantage is that it requires a convenient connection between the host device and the back-end service, something that is not always possible or practical, especially in countries with underdeveloped infrastructure, or technologically reluctant or low income patients without easy Internet access or reliable phone service. M10 medi c a l / a su ppl e m e n t t o d e s i g n n e w s f e b r uary 2013 Password Protection Password protection was recently decried as "dead" (Kill the Password). However, in our opinion, several of the key criticisms in a recent magazine article can be addressed and it would be shortsighted to overlook any one tool in your security strategy because it has some weaknesses in some circumstances. For example, custom ASICS can be reverse engineered, however it can still provide a high level of security for targets whose value is less than the effort needed to reverse engineer the ASIC. Passwords are a valuable tool for preventing unauthorized access, and can be implemented in a wide range of schemes that balance between usability, convenience, and security. Data Encryption Data encryption might also be considered passé as the increase in computing power and the increased sophistication of factorization techniques has made public key encryption methods subject to some attacks. DI Management offers a good description of some of the mathematics and weaknesses behind public key encryption and RSA, in particular. Additionally, PKI methods require additional computational power to encrypt and decrypt data that may not be practical in all circumstances. Like passwords, to be useful keys also need to be secured, presenting their own set of problems. Data Formats Data formats is likely to be considered by many the most naïve method in this list. However, it is worth mentioning at least partly because it is naïve, relatively easy to implement, and can provide some deterrent for the most casual malicious actors. This can be as simple as defining custom messages to communicate via WiFi, Ethernet, ZigBee, or using a binary file format rather than a more convenient text-based file format. It could also be as elaborate as a custom file system to protect data, a custom USB class, or a new set of op-codes and an interpreter to protect company IP included in the software executable image. Conclusion This overview of four well-known techniques is hardly an exhaustive treatment of these techniques, and there are others (signing, certificates, custom bearers, biometrics, redundant authentication, physical keys) that are also valuable tools that can be used appropriately in some circumstances. The enhancements from new technology to patient safety, treatment efficacy, and the user experience for both patients and healthcare professionals are significant. Innovative companies will find ways to incorporate these technologies to increase the value proposition of their product offerings. To be competitive, device manufacturers will need to find ways to utilize these technologies effectively and address the associated security issues. The good news is that security issues can be addressed by a combination of mitigations and product requirements. Alan Walsh is director of northeast software engineering for Logic PD. For more information, go to [www.designnews .com]

Articles in this issue

Links on this page

Archives of this issue

view archives of DesignNews - Design News, February 2013