Towards Strengthening the Security of Healthcare Devices using Secure Configuration Provenance

Ragib Hasan
{"title":"Towards Strengthening the Security of Healthcare Devices using Secure Configuration Provenance","authors":"Ragib Hasan","doi":"10.1109/ICDH55609.2022.00043","DOIUrl":null,"url":null,"abstract":"In modern healthcare, smart medical devices are used to ensure better and informed patient care. Such devices have the capability to connect to and communicate with the hospital's network or a mobile application over wi-fi or Bluetooth, allowing doctors to remotely configure them, exchange data, or update the firmware. For example, Cardiovascular Implantable Electronic Devices (CIED), more commonly known as Pacemakers, are increasingly becoming smarter, connected to the cloud or healthcare information systems, and capable of being programmed remotely. Healthcare providers can upload new configurations to such devices to change the treatment. Such configurations are often exchanged, reused, and/or modified to match the patient's specific health scenario. Such capabilities, unfortunately, come at a price. Malicious entities can provide a faulty configuration to such devices, leading to the patient's death. Any update to the state or configuration of such devices must be thoroughly vetted before applying them to the device. In case of any adverse events, we must also be able to trace the lineage and propagation of the faulty configuration to determine the cause and liability issues. In a highly distributed environment such as today's hospitals, ensuring the integrity of configurations and security policies is difficult and often requires a complex setup. As configurations propagate, traditional access control and authentication of the healthcare provider applying the configuration is not enough to prevent installation of malicious configurations. In this paper, we argue that a provenance-based approach can provide an effective solution towards hardening the security of such medical devices. In this approach, devices would maintain a verifiable provenance chain that would allow assessing not just the current state, but also the past history of the configuration of the device. Also, any configuration update would be accompanied by its own secure provenance chain, allowing verification of the origin and lineage of the configuration. The ability to protect and verify the provenance of devices and configurations would lead to better patient care, prevent malfunction of the device due to malicious configurations, and allow after-the-fact investigation of device configuration issues. In this paper, we advocate the benefits of such an approach and sketch the requirements, implementation challenges, and deployment strategies for such a provenance-based system.","PeriodicalId":120923,"journal":{"name":"2022 IEEE International Conference on Digital Health (ICDH)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Conference on Digital Health (ICDH)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDH55609.2022.00043","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

In modern healthcare, smart medical devices are used to ensure better and informed patient care. Such devices have the capability to connect to and communicate with the hospital's network or a mobile application over wi-fi or Bluetooth, allowing doctors to remotely configure them, exchange data, or update the firmware. For example, Cardiovascular Implantable Electronic Devices (CIED), more commonly known as Pacemakers, are increasingly becoming smarter, connected to the cloud or healthcare information systems, and capable of being programmed remotely. Healthcare providers can upload new configurations to such devices to change the treatment. Such configurations are often exchanged, reused, and/or modified to match the patient's specific health scenario. Such capabilities, unfortunately, come at a price. Malicious entities can provide a faulty configuration to such devices, leading to the patient's death. Any update to the state or configuration of such devices must be thoroughly vetted before applying them to the device. In case of any adverse events, we must also be able to trace the lineage and propagation of the faulty configuration to determine the cause and liability issues. In a highly distributed environment such as today's hospitals, ensuring the integrity of configurations and security policies is difficult and often requires a complex setup. As configurations propagate, traditional access control and authentication of the healthcare provider applying the configuration is not enough to prevent installation of malicious configurations. In this paper, we argue that a provenance-based approach can provide an effective solution towards hardening the security of such medical devices. In this approach, devices would maintain a verifiable provenance chain that would allow assessing not just the current state, but also the past history of the configuration of the device. Also, any configuration update would be accompanied by its own secure provenance chain, allowing verification of the origin and lineage of the configuration. The ability to protect and verify the provenance of devices and configurations would lead to better patient care, prevent malfunction of the device due to malicious configurations, and allow after-the-fact investigation of device configuration issues. In this paper, we advocate the benefits of such an approach and sketch the requirements, implementation challenges, and deployment strategies for such a provenance-based system.
利用安全配置来源加强医疗设备的安全性
在现代医疗保健中,智能医疗设备用于确保更好和知情的患者护理。这种设备能够通过wi-fi或蓝牙连接到医院的网络或移动应用程序并与之通信,从而允许医生远程配置它们、交换数据或更新固件。例如,心血管植入式电子设备(CIED),通常被称为心脏起搏器,正变得越来越智能,可以连接到云或医疗信息系统,并能够远程编程。医疗保健提供者可以将新配置上传到此类设备以更改治疗。这些配置经常被交换、重用和/或修改,以匹配患者的特定健康情况。不幸的是,这样的能力是有代价的。恶意实体可以为这些设备提供错误的配置,从而导致患者死亡。对此类设备的状态或配置的任何更新必须在应用于设备之前进行彻底审查。在任何不良事件的情况下,我们还必须能够跟踪错误配置的沿袭和传播,以确定原因和责任问题。在高度分布式的环境中,例如今天的医院,确保配置和安全策略的完整性是困难的,并且通常需要复杂的设置。随着配置的传播,应用该配置的医疗保健提供商的传统访问控制和身份验证不足以防止恶意配置的安装。在本文中,我们认为,基于来源的方法可以为加强此类医疗设备的安全性提供有效的解决方案。在这种方法中,设备将维护一个可验证的来源链,不仅可以评估当前状态,还可以评估设备配置的过去历史。此外,任何配置更新都将伴随着其自己的安全来源链,从而允许对配置的起源和沿袭进行验证。保护和验证设备和配置来源的能力将带来更好的患者护理,防止由于恶意配置导致的设备故障,并允许对设备配置问题进行事后调查。在本文中,我们提倡这种方法的好处,并概述了这种基于来源的系统的需求、实现挑战和部署策略。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信