On a Security-oriented Design Framework for Medical IoT Devices: The Hardware Security Perspective

Abstract

As medical devices more and more use Internet of Things based technologies, serious concerns are raised about their security and the privacy of patient’s personal health data. To address these concerns, while maintaining reasonable overheads, designers of medical devices need to take security into account from the beginning until the completion of their designs. In this work we identify the relevant security domains and focus to the Hardware Security perspective. Additionally, we present a secure design and evaluation framework which can assist designers towards more secure medical devices. The framework integrates a complete insulin pump architecture containing all the basic components used in such applications. To illustrate the advantages of the proposed framework we perform a Side Channel Analysis attack against the embedded encryption algorithm of the device to obtain the secret encryption key. Then, we make use of the framework to identify all the components of the system which are either directly or indirectly affected by the attack. This analysis leads us to determine more complex combined attacks which may complement the SCA attack into compromising the overall security of the system.