Before I dive into the issues regarding the possible means for connecting medical devices to the Internet, I would like to provide you with a little background on two relevant research programs I have lead. I was the principal investigator on two Federally supported research programs described below.
The first was a NIST Research grant to support the development of a secure and commercially viable wireless data communications technology. Much of that technology has been incorporated into today's smartphones, although not all of what we created has yet found its way into the current generation of smartphones. But with each iteration, more of what we created gets incorporated.
A central part of our program was to insure secure and private data communications. It would be secure from infiltration by malware and impenetrable by snoops ... including the NSA. The system worked by securing and controlling both ends of the communication. It was capable of sending a single file to over multiple communications channels simultaneously, the packets could be sent out of order using multiple forms of encryption including nonstandard or private encryption methods -- that are much harder to break. By securing and controlling both ends of the connection between devices, we could completely control what went in and out of the channel. Nothing would flow to the other end that was out of our view or control.
The second Federal grant was for a data security program. VoIP communications channels are lightly secured largely due to the requirements to insure that audio is clear and voices understandable. This fact makes VoIP channels particularly vulnerable vectors to use for an attack. There have been attempts to logically divide voice and data channels; however, there have been several demonstrations that this does not always work. Our research focused on methods to detect the presence of an intruder without disrupting or significantly lowering audio quality. And when we detected a possible intruder, we attacked this apparent intruder through a series of escalating techniques that could finally end with terminating the connection when it was clearly apparent that an intruder was using the VoIP connection to do something nefarious.
The first was a NIST Research grant to support the development of a secure and commercially viable wireless data communications technology. Much of that technology has been incorporated into today's smartphones, although not all of what we created has yet found its way into the current generation of smartphones. But with each iteration, more of what we created gets incorporated.
A central part of our program was to insure secure and private data communications. It would be secure from infiltration by malware and impenetrable by snoops ... including the NSA. The system worked by securing and controlling both ends of the communication. It was capable of sending a single file to over multiple communications channels simultaneously, the packets could be sent out of order using multiple forms of encryption including nonstandard or private encryption methods -- that are much harder to break. By securing and controlling both ends of the connection between devices, we could completely control what went in and out of the channel. Nothing would flow to the other end that was out of our view or control.
The second Federal grant was for a data security program. VoIP communications channels are lightly secured largely due to the requirements to insure that audio is clear and voices understandable. This fact makes VoIP channels particularly vulnerable vectors to use for an attack. There have been attempts to logically divide voice and data channels; however, there have been several demonstrations that this does not always work. Our research focused on methods to detect the presence of an intruder without disrupting or significantly lowering audio quality. And when we detected a possible intruder, we attacked this apparent intruder through a series of escalating techniques that could finally end with terminating the connection when it was clearly apparent that an intruder was using the VoIP connection to do something nefarious.
Architectures for the Internet of Things
The two architectures I would like to review are direct and mediated connections that could be used in the realm of the Internet of Things.
Direct and mediated connections are illustrated in the figure below.
Direct and mediated connections are illustrated in the figure below.
The real difference between the two diagrams is the way the Apple Watch is connected to the Internet. On the left the Watch is directly connected to the Internet. When connected, it is an addressable device on the Internet. On the right, the Watch is connected to the Internet through the iPhone. The iPhone mediates the connection to the Internet through the iPhone. All the data traffic to and from the Watch goes through the iPhone.
A mediated connection through the device can be as simple and unmanaged as one through a router. However, with the appropriate software on the iPhone, the iPhone should be able to manage the connection with and security of the Watch.
In the case of the direct connection, management of the connection to the Internet including security must be done by the Watch itself. The Watch could be subject to a direct attack and must defend against such an attack by itself.
A mediated connection through the device can be as simple and unmanaged as one through a router. However, with the appropriate software on the iPhone, the iPhone should be able to manage the connection with and security of the Watch.
In the case of the direct connection, management of the connection to the Internet including security must be done by the Watch itself. The Watch could be subject to a direct attack and must defend against such an attack by itself.
Best Architecture for Medical Devices?
In the diagram above, I'm treating the Watch as if it were a medical device ... and a medical device it could be. It would seem that the safest connection to the Internet would be a mediated connection. However, there are hybrid scenarios. For example, incoming communications including software updates could require a mediated connection. Encrypted uploads from the Watch to a centralized server system could use a direct connection.
This is a brief introduction into this topic. I'll have further explorations into this issue in future articles.
This is a brief introduction into this topic. I'll have further explorations into this issue in future articles.