Toward a Safe and Secure Medical Internet of Things
Figure 3. OpenICE – Developed by MD PnP Lab, it enables connectivity between various types of devices.
4. PROTOTYPE DEVELOPMENT
We designed and implemented two different prototypes, each supporting all of the medical applications( e. g. PCA Safety & Smart Alarms) provided in the OpenICE environment. OpenICE is an open-source reference implementation of ICE released by MD PnP lab. Figure 3 shows how OpenICE enables connectivity between various types of devices.
4.1 Practical Security Attacks on Current OpenICE Platform
Prior to the development of the prototypes, we verified that OpenICE, without any explicit security measure, can be easily attacked, endangering patient safety and privacy. We developed customized sniffers and injectors that an external attacker could use to eavesdrop on ICE communications or disturb device behavior( e. g. stop drug infusion, or inject wrong sensor readings).
4.2 First Prototype: OpenICE Using DDS on Top of Secure Transports
Our first prototype integrates OpenICE with RTI Connext DDS as the Network Controller, running on top of TLS or DTLS transports. In this prototype, security measures such as confidentiality or integrity of exchanged messages are not applied at the ICE Network Controller level, but at the
IIC Journal of Innovation- 11-