Public Key Infrastructure for a Secure Healthcare IoT

Devices in the Healthcare Internet of Things have to meet two requirements. They need to make their information available when it’s needed, without complications or delays. Difficulties in transferring information hamper a patient’s treatment. At the same time, the information needs to be protected from anyone who isn’t authorized. Breaches can aid identity theft and blackmail, and a negligent organization may have to pay huge HIPAA fines.

The Internet of Things has been plagued with security issues, and the stakes are especially high with healthcare devices. A breach in a digital thermostat could add it to a botnet. A breach in a medical device could make it malfunction when a life is at stake. Malware could even make devices act harmfully, perhaps to extort protection money from a hospital.

Two speakers at the recent DigiCert Security Summit discussed Public Key Infrastructure (PKI) as a way to communicate securely and authenticate data without a difficult authorization process. A PKI is a system for creating and authorizing digital certificates based on public cryptographic keys. The public key is available to anyone, and it’s paired with a private key which only the certificate holder possesses. This allows another party to set up encrypted communication with the certificate holder. No previous exchange of confidential information is necessary.

PKI is what makes secure Web server works. A server gets an SSL (more properly called TLS) certificate from a certificate authority (CA), signed with the CA’s private key. This guarantees to any browser that the connection is secure and that the server is who it claims to be. Some of the ideas they presented go beyond the bounds of SSL and TLS, which is why their focus was on PKI rather than a specific protocol.

Ensuring privacy and data integrity

Speakers Darin Andrew and Scott Erven presented three scenarios where PKI improves security. The first problem they cited was the risks of sending unencrypted information. An eavesdropper can read data going between a device and a server, which may include confidential information. A compromised router can alter the data in transit. With two-way encryption, no unauthorized party can read the communication. Any attempt to alter it will just turn it into invalid data.

Many devices today use this approach, but many others don’t. Encrypting data in transit should be as standard a practice as encrypting ePHI on mobile devices.

Ensuring software integrity

The second issue was the installation of software updates. A phishing message could trick device maintainers into installing an “update” from a malicious source. The update might appear to work while sending personal data to a criminal site.

The solution here is digitally signed code. SSL and TLS are transport-level protocols, so they don’t directly apply to authenticating data with a digital signature, but the concepts of a PKI are fully applicable. The updating procedure needs to check the update for a valid signature with the software distributor’s certificate before installing it.

Guarding the firmware

The third scenario presents a very difficult problem: Guarding against compromised firmware. It’s not clear how their solution would work here. The speakers proposed that a device’s firmware should be signed with a trusted certificate and checked before booting. There’s a difficulty here: If a device’s firmware is compromised, what’s going to do the checking? What do they mean by a “before booting” stage? The article reporting the presentation mentions checking the source code as well, which makes no sense as part of a boot process, so it may have garbled the speakers’ intent. Perhaps they were assuming a system has a trusted bootstrap ROM that can’t be overwritten, and firmware in programmable ROM which needs to be verified. The mention of Secure Boot supports that interpretation.

Safer devices

Digital signatures and encryption make devices on the Healthcare Internet of Things safer against eavesdropping and tampering. The PKI is a known and tested way of accomplishing it. With strong incentives to protect privacy and enable secure communication, we can expect to see rapid growth in its use.