The medical industry has greatly benefited from technology and the widespread sharing of data through computers, software, and networks. However, the ability to easily exchange digitized data continues to cause concerns about information and data-sharing risks and vulnerabilities. The simple fact is that computer security in the medical industry is absolutely critical because people care deeply about the privacy and integrity of their health information. Just the thought of the most private personal information falling into the wrong hands or being inadvertently altered or destroyed is the basis for stringent standards and security measures. However, attacks can occur on any embedded system, which has propelled security as a crucial requirement to protect all confidential and sensitive data, regardless of industry or application.

The vulnerabilities of medical devices that are increasingly being used to transmit vital health information from a patient's body to doctors and other professionals or even controlled remotely was illustrated at the recent Black Hat computer security conference in Las Vegas. A security researcher, who is diabetic, identified flaws in his own insulin pump that could allow an attacker to remotely control the equipment and alter the readouts of blood-sugar monitors. The detriment to a patient is that he could get the wrong dose of insulin, which is needed for proper metabolism and maintaining health. As the medical industry evolves toward more networked devices, this type of research underscores the need to address security issues in medical devices before attacks are more than a research lab study.

In the recent past, adding reliable security has been a challenge for medical device designers because feature options have been somewhat limited due to system space constraints, power restrictions, and battery-life requirements, not to mention overall cost, bill-of-material, and time-to-market considerations. Making this an even bigger challenge is the wide and disparate list of computing devices involved in today’s patient care. Designers of medical equipment, IT managers and others in charge of security already are fully aware of the complexities involved in supervising technology environments that deploy multiple components. Implementing effective security for all devices used in the medical industry means that designers must find solutions that overcome these hurdles.

What’s At Stake

What was once only mandated for military embedded systems is now needed for all other industries, regardless of network or Internet connectivity or the perceived motivation to threaten a system. In the medical environment, computer use is widespread and tablet-based devices are employed for clinical areas where mobility is required. But this is only what the public sees. There are many more electronics in use such as servers, smart phones, printers, and scanners or other devices that can connect to the Internet. Plus, as more functions are being automated, increasing amounts of medical data are being collected, analyzed, and stored in this assortment of electronic devices and systems.

Furthermore, the types of threats are expanding to what should be private information. This could include patient billing and administrative data that’s exchanged with payers and health plans or utilization/case management data, including authorizations and referrals, lab results, and patient reports electronically transmitted, as well as e-mails between healthcare professionals and patients.

The types of security threats typically come in two forms, passive and active. Passive threats monitor private information, while active attacks seek to alter information with the intent to corrupt or destroy the data or the network itself. A few of the types of security threats that make medical systems vulnerable include:

• Eavesdropping: Networked communications are primarily handled in an unsecured or "cleartext" format, and without strong cryptography, data transferred over the network can be read by others.
• Data modification: After an attacker has read the data, it can be modified in the packet without the knowledge of the sender or receiver.
• Identity spoofing (IP address spoofing): It’s possible for an IP address to be falsely assumed or special programs can construct IP packets resulting in modification, rerouting, or deletion of data.
• Password-based attacks: Most operating-system and network-security software is password protected. Legacy applications don’t always protect identity information allowing an attacker to gain access as a valid user to do any number of detrimental activities, such as acquire lists of users and network information, modify server and network configurations, and delete or reroute data.
• Denial-of-service attack: As the name suggests, this type of attack prevents the use of a single system or the whole network. It can send invalid data, causing unusual application termination or actions, and flood the network with traffic until it overloads.
• Man-in-the-middle attack: Between communication devices, this type of attack can work transparently to capture and control communications.
• Compromised-key attack: Although quite difficult, it’s possible for a hacker to figure out the encryption key to a secure system. A compromised key lets the attacker decrypt or modify data, and allows access to other secured communications.
• Application-layer attack: A fault in a server's operating system or applications is caused, allowing an attacker to bypass normal access controls to any number of threats, including viruses, disabling security controls, and attaching a program to gain control of the network and its information.

To combat these threats, security standards have been adopted, such as the rigorous requirements defined by HIMSS (Healthcare Information and Management Systems Society) and HIPAA (Healthcare Insurance Portability and Accountability Act). For example, the U.S. government’s HIPAA security standards were developed for protected health information (PHI), which is any form of health data that personally identifies a patient that’s either stored or electronically transmitted. HIPAA mandates that health organizations have an in-depth knowledge of the capabilities and weaknesses of its computer systems and networks.

Similarly, HIMSS has an equally broad charter to identify and evaluate security issues, threats and vulnerabilities associated with medical devices and systems and the best practices available to address those issues. HIMSS has taken an active role to coordinate with other groups and committees to leverage the positive results of existing solutions.

Effective Security Realized From the Trusted Computing Group

The Trusted Computing Group (TCG) is a not-for-profit organization which was formed to develop, define and promote open, vendor-neutral, industry standards for trusted computing building blocks and software interfaces across multiple platforms. To address growing security issues that affect the embedded computing industry, the TCG has developed hardware-based security solutions. Using the technologies in the TCG TMP 1.2 security module, a computer or system can be made to consistently behave in specific ways, and those behaviors can be enforced by hardware and software when OEMs enable these technologies. Microprocessor vendor AMD is a TCG member and has integrated support for the TMP 1.2 security module as an option in its G-Series processors. Enabling highly secure systems, these processors are now offered in a range of standards-based small embedded computing platforms, such as PC/104, COM Express and Pico-ITX, which are widely used in medical design.

Proprietary management solutions can overload systems with non-essential features, lock organizations into specific vendor solutions, increase management costs, and eliminate flexibility. In addition, proprietary security solutions can’t ensure global interoperability and aren’t capable of providing an adequate level of assurance. This is because proprietary security methods by their nature have limited access to cryptographic and security expertise, and don’t typically have rigorous review processes to back them up. Trusted and secure computing requires cryptographic algorithms that ensure interoperability with the other elements of the platform, other platforms, and the systems’ infrastructure. Designed to not affect or reduce a system’s productivity or introduce new obstacles in its manageability, the TMP 1.2 module provides the additional security needed to support medical OEMs in satisfying HIPAA and HIMSS security standards.

Putting the TPM 1.2 to Work

The TPM 1.2 module lets users securely store passwords, digital keys, and certificates that provide secure unique identification. Using standard software interfaces, it performs with other security methodologies to provide a hardware-based approach to manage user authentication, network access, data protection, and more. These security methodologies include cryptographic operations, such as asymmetric key generation, asymmetric encryption/decryption, hashing (Secure Hash Algorithm (SHA-1)), and random number generation (RNG). Authentication and attestation are also important processes within the TPM to determine trustworthy platforms and are critical elements that help ensure safe embedded computing systems.

Just how the TPM 1.2 delivers additional security is illustrated during the boot process. It measures (hashes) all the critical software and firmware components, including the BIOS, boot loader, and operating-system kernel, before each is loaded. By carrying out these measurements before the software starts and storing them, this data can be isolated and kept secure from subsequent modification attempts. When the system connects to the network, the stored measurements are sent to the server, checked against the server's list of acceptable configurations, and quarantined as an infected endpoint if a non-match occurs. Demonstrating its viability as a standard security instrument, the JTC1 (ISO/IEC Joint Committee 1) of International Standard Organization (ISO) has approved the TMP 1.2 specification as an ISO/IEC standard; designated the ISO/IEC 11889 standard.

Authentication

Medical applications that use embedded computing platforms that support TPM 1.2 offer improved security capabilities compared to other security measures with traditional tokens or smart cards. The main difference is that TPM 1.2 uniquely supports both user and machine authentication in one token, offering a streamlined solution ensuring that only authorized users and systems are on the network. The TPM provides a highly secure hardware repository for safeguarding digital certificates, passwords, and other essential user credentials. It also facilitates the management of verification and identification of a system by securely signing, encrypting, and decrypting files.

TPM’s key protection provides support for all X.509 certificate-based encryption, thereby strengthening email security. It also offers full-drive encryption, multi-factor authentication, and facilitates the security assessment of the host system.

Multi-Factor and Wireless Authentication

Because TPM 1.2 is the only token that supports both user and machine authentication, it can provide first-factor authentication and has the ability to add an additional factor such as a PIN or password. TPM also meets enterprise multi-factor authentication requirements for remote access, and offers more system security than software-based certificates and tokens. In addition, TPM lets users avoid separate deployment and management tasks.

For more secure wireless networks, TPM deploys stronger authentication that provides enhanced protection beyond just data encryption. It can securely identify a system or machine and automatically integrates with the 802.1x authentication framework.

Embedded computing platforms that support the TPM 1.2 deliver the following system security benefits and features:

Security Beyond the PC
 

The initial focus of the TCG was to develop hardware-based security for PCs. But TPM 1.2 expands its viability to enable trusted, server-side computing and toughens all client/software interactions as well. Nearly all embedded systems can benefit from improved overall information security that can protect data at rest or in transit, and demonstrate compliance with numerous data security regulations. TPM 1.2 works so well that in a recent Forrester Research report, the leading analyst now recommends that enterprises use TPM-based servers in applications that must handle valuable data and transactions.

Security Through Virtualization

Safeguarding medical systems with comprehensive security from boot-up to shut down is streamlined by employing the combination of AMD processor-level security features like TPM through AMD-Virtualization, which are open, industry-standard technologies integrated into AMD’s next-generation processor architectures. With virtualization capabilities, systems can be configured to run secure and real-time operating systems in secure, virtualized sessions.

Virtualization technology allows developers to implement client-side virtualization so applications and operating-system (OS) functions can be designed to be completely isolated on a single processing platform. For example, one OS can be dedicated to running a user interface, while another runs secure communications and data storage applications, with each OS completely isolated from the other. This enables a higher level of security and reliability for sensitive communications and data storage such as those involved in the medical industry, while facilitating the development of less complex, lower power, and lower cost systems.

To implement client-side virtualization, a hypervisor or a virtual machine monitor (VMM) partitions the client device into multiple environments known as virtual machines (VMs). Each VM can be loaded with its own operating system allowing developers to encapsulate different tasks, such as secure communications, data storage, and a user interface into different VMs.

AMD has also integrated Enhanced Virus Protection into its next-generation processors. This technology works in combination with Windows Vista or XP SP2, and sets portions of system memory aside as “data only” so that any code resident in these areas may not be executed, only read from or written to. It’s designed as a preventative tool that makes sure the virus is localized, short-lived, and non-contagious, resulting in the virus being flushed from system memory.

Solutions for Secure Systems

However, medical OEMs need more from embedded computing providers than just security. Requirements for medical systems and devices must also continue to deliver performance, bandwidth, and advanced feature requirements while helping OEMs meet reduced time-to-market and overall cost of ownership. Needed are cost-effective embedded computing platforms that supply security options with advanced encryption-based protection without limiting performance. Embedded computing platforms that support the TPM 1.2 security module have been shown to be less costly, which can help lower the total cost of system ownership when compared to alternative smart-card and hardware token-based solutions.

Thanks to open, vendor-neutral specifications, hardware-based security can provide flexible implementation for medical OEMs and agile deployment options for end-users. For example, Kontron’s microETXexpress-OH gives OEMs the option to fully support the Trusted Computing Group’s TMP 1.2 security module. This additional security doesn’t affect or reduce the system’s productivity or introduce new obstacles in its manageability. This type of approach helps medical OEMs satisfy HIPAA and HIMSS security standards. Medical system designers can leverage the graphics performance and security capabilities native in the microETXexpress-OH for a broad range of graphics-intensive applications such as cart-mounted patient monitoring and ultrasound systems.

Featured Image: