Health and Wellness Start with Trust

Device connectivity has an increasing impact on the medical industry. Besides convenience for caretakers, this also leads to risks of cyber-attacks, evident when the FDA recalled 500 thousand of internet-connected pacemakers for hacking fears. While more equipment is connected to various networks, consumables like catheters and body sensors are also (wirelessly) connected to medical equipment. Clearly, medical equipment needs to be safe from cyber-attacks, guarantee patient privacy, and keep costs, liability, and risks for the device maker low. At the same time, the growing connectivity also allows new business models for equipment makers, like pay-per-use or monitoring consumables. But none of this is possible without the trust that is critical in this market. So, what are the security risks medical equipment makers need to overcome?

Problem

  • Connecting medical equipment to a network requires device authentication and encrypting data to protect communication and network
  • Connecting and monitoring the use of consumables requires mutual authentication
  • Medical equipment typically contains secret and valuable IP that needs to be protected from reverse-engineering and counterfeiting

Results

  • An unclonable, immutable, invisible, and unique identity as a robust trust foundation for security and privacy by design
  • Secure, authenticated data delivering end-to-end protection when connected with network
  • Secure connections with consumables, allowing rollout of new business models
  • Protection of valuable IP on medical device

Solution

  • These problems have in common that they require cryptographic keys to guarantee trust
  • Creating unclonable keys that cannot be altered or copied requires them to be rooted in hardware
  • SRAM PUFs are a flexible and low-cost way to create this hardware-based security on any medical device

Requirements for medical equipment are changing. Manufacturers need to balance the safety of patients with the increasing demands for connectivity to increase convenience for care providers and add business opportunities for themselves. But to guarantee the safe operation of a device, the connections with the network need to be secured, consumables need to be authenticated, and IP inside the device needs to be protected. How can equipment makers deal with all these new requirements?

Synopsys SRAM PUF IP

Foundational for medical equipment security are cryptographic keys that allow authentication to the network, encrypting data, authenticating consumables, and protecting valuable IP. This is needed to keep connected medical equipment safe, such as pacemakers, insulin pumps, and sensing equipment. Keys are derived from the secret identity of the device, which should be rooted in hardware. It must be impossible to read or alter this identity or to clone it to create counterfeit devices. So, how do an identity and keys get on a device, and how are they stored securely? Through Synopsys’ SRAM PUF technology. SRAM PUFs create unclonable, device-unique keys from tiny variations in silicon of the device’s main chip. These keys are never stored and cannot be copied. They are immutable and invisible to attackers, providing unparalleled security. SRAM PUF keys are the foundation for many security solutions:

  • Network connectivity: authentication and encryption to protect communication & data
  • IP protection: signing and encrypting IP with device-unique SRAM PUF keys to prevent reverse-engineering & device counterfeiting
  • Consumable connectivity: authentication protocols to allow monitoring of consumables

Synopsys provides its SRAM PUFs with the described security solutions integrated into the hardware of chips from several vendors, but also in software and as FPGA implementation for inclusion in device firmware. The solution has a very small footprint and a low cost.

Algorithms for symmetric and public key cryptography are included and compliant with NIST specifications. SRAM PUFs can be implemented on any typical microcontroller. For FPGAs without accessible SRAM, Synopsys provides a solution that creates a PUF in the programmable fabric of the FPGA. Synopsys SRAM PUFs offer the best-in-class combination of high security, low cost, and high flexibility:

  • Security is high, as keys never leave the chip’s security perimeter and are never stored
  • Cost is low because no additional security hardware or key programming is required
  • Flexibility is high because the software or firmware can be added to a device after manufacturing, which allows for retrofitting of security on existing medical devices

 

Bottom Line Benefits

  • Trust: an unclonable, immutable, and invisible identity for security and privacy by design
  • Device authentication and data security
  • Secure connections with consumables
  • Protection of valuable IP on medical devices
  • Flexible integration, including retrofitting

Resources