M. Cagnazzo, M. Hertlein, N. Pohlmann:,
„Interconnected, Secured and Authenticated Medical Devices“.
In Proceedings of the “Smart Innovation, Systems and Technologies” Conference,
Editors: R. J. Howlett, , L. C. Jain,
Springer International Publishing AG,
The following paper introduces a secure and efficient application concept that is capable of authenticating and accessing smart medical devices. The concept is based on two already developed applications. It describes the used technologies and discusses the outcome andpotential downfalls of the idea.
Modern smart medical devices (SMD) are often connected to the internet or intranet, for example a hospital network, and therefore need authentication to offerservices to an authenticating entitity. The reasons why connectivity need to beadded are diverse for example the components are used for telemetry. The confidentiality, availability and integrity requirements for authentication and transmission mechanisms are also important. The mechanisms should be secure, easyto use and reasonable fast so the user has no waiting time and the applicationbecomes tactile and tangible. If we consider nowadays common mechanisms toauthenticate against a service or a device the most used technique is to use username and password based approaches. These are prone to manifold attackvectors for example Brute Force-, Dictionary-, Rainbow Table and Keylogging-Attacks. Since users tend to use unsafe passwords or the same password for multiple services, attacks on and over the internet become more and more profitable. But not just users are tending to use unsafe passwords, vendors and manufacturers are also likely to use combinations like username: admin password: admin as recent discoveries around the Mirai botnet show. One alternative is multi-factor authentication which combinates knowledge (username/password), ownership (smartphone) and/or individual biological properties (biometry). Access to a system is therefore granted if and only if the combination of all thesechallenges return successful.