Semiconductor Prescriptions for Secure Health Devices

Connected health devices promise an economical route to better healthcare, expanding care options, putting patients in contact with a wider field of experts, and stripping cost out of the system. But for all their advantages, connected health devices are vulnerable to attacks that can compromise patient privacy and even interfere with the functioning of the devices themselves.

Performance and safety requirements vary greatly from one application to another. The success of smart homes, connected cars, and industry 4.0 depends on the trust of users through robust and easy-to-use solutions, but with security features that offer strong protection. The more sensitive the data that travels on the internet of things and industrial IoT, the greater the risk of data falsification, device manipulation, IP theft, and even network manipulation. Medical systems are often highly complex, requiring end-to-end security solutions that extend from the cloud and layers of connectivity to devices with limited resources that are often not powerful enough to support traditional security technologies.

The fundamental elements of today’s security systems include stable cryptographic ciphers, such as the Advanced Encryption Standard (AES), Secure Hash Algorithm (SHA), and the public-key figures Rivest-Shamir-Adleman (RSA) and elliptic-curve cryptography (ECC). Chip-based solutions are combining techniques in novel ways to keep pace with the increasing sophistication of cyber-attacks and attackers.

Encryption

Existing public-key cryptography systems allow verifying the integrity and authenticity of digital content. Integrity in this context means the digital content that has not changed since it was created. Authenticity, on the other hand, indicates that a well-identified entity released the digital content. Digital-content integrity is guaranteed by a mechanism called message digest, i.e., a secure hash algorithm such as SHA-1, -2, or -3.

To most people, “cryptography” means converting plain text into encrypted text and using the same key to encrypt and decrypt it. This is symmetric encryption, and it is relatively fast compared with asymmetric encryption and other methods. The most common algorithm used in symmetric key cryptography is AES, which comprises three block encryption algorithms: AES-128, AES-192, and AES-256.

Asymmetric algorithms use two interdependent keys, one to encrypt the data and the other to decode it. This interdependence provides several functions; for medical devices, the most important are probably the digital signatures that are used to ensure that a particular entity has created a message or to authenticate systems or remote users. RSA is a widely used asymmetric cryptographic algorithm. It is often used in electronic commerce protocols such as Secure Sockets Layer (SSL) and is considered to be safe because of its sufficiently long keys and the use of updated implementations.

Hash algorithms

Hashing algorithms play a fundamental role in protecting sensitive data, allowing the generation of a unique identifying string starting from any text. It is generated in such a way that a similar hash with the same value cannot be produced by another text. It is not possible to go back to the initial text from the generated string — or, at least, it shouldn’t be.

The MD5 and SHA-1 hash algorithms were once broadly used but are now considered weak and have been largely replaced by the SHA-2 algorithms: SHA-224, SHA-256, SHA-384, and SHA-512. SHA-1 has a cryptographic strength of 80 bits. The algorithm was designed by the U.S. National Security Agency and is published by the National Institute of Standards and Technology (NIST) as a Federal Information Processing Standard (FIPS). Consisting of a complex set of functions that translate into a unidirectional hash, SHA-1 was widely adopted in applications requiring secure authentication.

SHA-2 implements a safer algorithm than MD5 and SHA-1. It requires two input parameters: the string to be encrypted and the desired bit length for the result.

A third variant, SHA-3, is based on the Keccak cryptography function, which represents a class of algorithms that take a stream of input bits of any length to produce one output of any desired length. The corresponding functions can be used to model or implement cryptographic hashes, message authentication codes, and other primitive cryptographic functions.

SHA-3 is the first cryptographic hash algorithm that NIST has adopted using public competition and a control process. NIST selected the Keccak algorithm as the basis of the SHA-3 standard after a competition that evaluated the candidates based on parameters such as the ability to resist known attacks while maintaining a high safety factor and meeting code diversity criteria.

A further advantage of SHA-3 is its implementation efficiency in silicon, which makes it ideal for the protection of embedded subsystems, sensors, and consumer electronics. For medical applications, integrated solutions offer a higher level of protection, but they must also continue to evolve to keep a step ahead of the hackers. An example of this evolution combines the cryptographic hash function of SHA-3 with physically unclonable function (PUF) technology to prevent counterfeiting, safely manage the life cycle of a final product, store and guarantee the functioning parameters of the integrity of a sensor or instrument, enable or disable the characteristics of the subsystem, and safeguard embedded systems from invasive attacks (Figure 1).

Medical security solutions

Hackers are increasingly skilled in their techniques for attacking integrated circuits that implement security within an embedded system. Microprobing, focused ion beam (FIB), and reverse-engineering are just a few examples of invasive attack techniques available to hackers. For this reason, the risk is high that the security implemented in the software on a generic microcontroller will be interrupted and bypassed. Encryption, for example, could be relatively easy and inexpensive to implement in the software, but a hacker might easily extract the firmware to get the keys.

The safety advantages of PUF technology derive from the complex and variable physical and electrical properties of integrated circuits. Maxim Integrated’s ChipDNA approach ensures that the unique binary value generated by each PUF circuit is guaranteed for temperature and voltage and with the aging of the device. Maxim’s PUF circuit exploits the random analog features inherent in MOSFET devices for producing cryptographic keys.

Maxim’s DeepCover DS28E50 security authenticator with an SHA-3-256 cryptographic engine is equipped with ChipDNA PUF technology. The device can be integrated into an embedded system to prevent counterfeiting, aftermarket cloning, unauthorized use, and invasive attacks (Figure 2).

ECC is based on the use of elliptic curves in limited fields. ECC provides the same cryptographic strength as an RSA system but with significantly smaller keys. The small key size makes ECC the ideal choice for devices with limited resources, such as connected devices for the internet of things. From the server side, the small size of the keys can make the SSL handshake faster, resulting in extremely fast page loading and greater security.

NXP Semiconductors’ A1006 Secure Authenticator Solution provides advanced security based on asymmetrical public/private-key Diffie-Hellman authentication, with separate keys for encryption and decryption based on ECC with a NIST B-163 bit strong binary field curve.

The A1006 uses a unique static pair of an ECC private key and corresponding certificate. A1006 certificates are digitally signed with the customer’s desired certificate-authority key using the Elliptic Curve Digital Signature Algorithm (ECDSA), based on the NIST P-224 curve and the SHA-224 digest hash (Figure 3).

The Atmel (Microchip) CryptoAuthentication family of high-security hardware authentication devices includes the ATECC508A and ATECC108A. The ATECC508A is an elliptic-curve Diffie-Hellman (ECDH) device for digital systems, particularly in IoT nodes for home automation, medical, and mobile applications. The ATECC108A provides an ECDSA cryptographic engine with key sizes of 256 or 283 bits. Access to the device is via a standard I2C interface at speeds up to 1 Mbit/second.

Microcontroller solutions also play an important role in industrial data security. Silicon Labs’ EFM32 Gecko microcontrollers combine a hardware encryption engine with low-power–consumption modes, an on-chip DC/DC converter, and scalable memory options. A hardware engine provides autonomous encryption and decryption for internet security protocols, with minimal CPU intervention and without sacrificing battery life. The on-chip accelerator supports advanced algorithms such as AES with 128- or 256-bit keys, ECC, SHA-1, and SHA-224/256.

IoT systems, including connected medical devices, are often very complex, requiring end-to-end security solutions that extend from the cloud and layers of connectivity to devices with limited resources that are often not powerful enough to support traditional security solutions. The proliferation of IoT services, platforms, and devices is happening much faster than the adoption of security measures. Faced with the urgency of mechanisms that guarantee authentication, data integrity, and confidentiality, designers’ tendency is to implement robust cryptographic solutions.