Toward a Safe and Secure Medical Internet of Things
the ICE supervisor and no other device, even if they are correctly authenticated. Both DDS Security and a secure transport such as TLS / DTLS allow for certificate-based authentication of devices, but use of DDS Security also enforces granular access control. Granular access control provides further resilience in presence of insider attackers, preventing system-wide damage such as the one discussed above.
5. CONCLUSION & FUTURE WORK
The grand vision of the Medical Internet of Things is to enable the deployment of patient-centric and context-aware networked medical systems in all care environments, ranging from homes and general hospital floors, to operating rooms and intensive care units. The key to realizing this vision is to come up with standardized architectures that balance utility, reliability and safety requirements with those of security and privacy. The ICE framework, as defined by the ASTM F2761-09 standard is definitely an important step toward enabling interoperable MIoT, however, it does not yet explicitly address security concerns.
In this paper, we presented recent research on protecting communications within IICE based on the fine-grained security mechanisms provided by the OMG DDS Security specification. We developed the two prototypes that respectively utilize secure transports( TLS / DTLS) and the DDS Security Architecture, and demonstrated why transport-level security solutions may not provide sufficient resilience against insider attacks utilizing authenticated but compromised medical devices.
In the future, we will work on defining and enforcing holistic security policies for ICE, integrate with endpoint protection mechanisms( e. g. secure Operating Systems, hardware-based root of trust), integrate with security management and monitoring solutions and explore issues at the intersection of usability and security in MIoT systems in general and ICE systems in particular.
6. REFERENCES
��� ASTM F2761, Medical Devices and Medical Systems‐Essential safety requirements for equipment comprising the patient‐centric integrated clinical environment( ICE) ‐Part 1: General requirements and conceptual model, 2013.
��� Foo Kune, D. a.( 2012). Toward a Safe Integrated Clinical Environment: A Communication Security Perspective. Proceedings of the 2012 ACM Workshop on Medical Communication Systems( pp. 7--12). New York: ACM. ��� OMG Data Distribution Service Standard: http:// www. omg. org / spec / DDS / 1.2 / ��� OpenICE: https:// www. openice. info / ��� RTI Customer Snapshot: DocBox: http:// www. rti. com / docs / DocBox. pdf
- 16- June 2016