{"title":"医疗设备软件中的自我认证:一种将网络安全纳入传统医疗设备的方法","authors":"Srinivasan Jagannathan, Adam Sorini","doi":"10.1109/ISPCE.2016.7492841","DOIUrl":null,"url":null,"abstract":"The FDA recommends that medical device manufacturers take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack, which could be initiated by the introduction of malware into the medical equipment. However, including safeguards into legacy devices in the field is not easy. One approach is to make software changes that are then distributed into the field. The problem with software-only changes is that they are easy to defeat by malicious attackers. This paper explores an approach that provides incremental security to software that is distributed in the field. Specifically, this paper describes an approach to \"self-authenticate\" software so that it is robust in detecting attempts to defeat security safeguards that are programmed into the compiled software code. Self-authentication relies on encrypting certain critical functions of the software so that decryption of those portions is necessary for proper operation of the device. The decrypted portions also include integrity-checking and/or authentication functions that confirm that the software has not been modified.","PeriodicalId":107512,"journal":{"name":"2016 IEEE Symposium on Product Compliance Engineering (ISPCE)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Self-authentication in medical device software: An approach to include cybersecurity in legacy medical devices\",\"authors\":\"Srinivasan Jagannathan, Adam Sorini\",\"doi\":\"10.1109/ISPCE.2016.7492841\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The FDA recommends that medical device manufacturers take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack, which could be initiated by the introduction of malware into the medical equipment. However, including safeguards into legacy devices in the field is not easy. One approach is to make software changes that are then distributed into the field. The problem with software-only changes is that they are easy to defeat by malicious attackers. This paper explores an approach that provides incremental security to software that is distributed in the field. Specifically, this paper describes an approach to \\\"self-authenticate\\\" software so that it is robust in detecting attempts to defeat security safeguards that are programmed into the compiled software code. Self-authentication relies on encrypting certain critical functions of the software so that decryption of those portions is necessary for proper operation of the device. The decrypted portions also include integrity-checking and/or authentication functions that confirm that the software has not been modified.\",\"PeriodicalId\":107512,\"journal\":{\"name\":\"2016 IEEE Symposium on Product Compliance Engineering (ISPCE)\",\"volume\":\"39 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-05-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE Symposium on Product Compliance Engineering (ISPCE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISPCE.2016.7492841\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Symposium on Product Compliance Engineering (ISPCE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISPCE.2016.7492841","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Self-authentication in medical device software: An approach to include cybersecurity in legacy medical devices
The FDA recommends that medical device manufacturers take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack, which could be initiated by the introduction of malware into the medical equipment. However, including safeguards into legacy devices in the field is not easy. One approach is to make software changes that are then distributed into the field. The problem with software-only changes is that they are easy to defeat by malicious attackers. This paper explores an approach that provides incremental security to software that is distributed in the field. Specifically, this paper describes an approach to "self-authenticate" software so that it is robust in detecting attempts to defeat security safeguards that are programmed into the compiled software code. Self-authentication relies on encrypting certain critical functions of the software so that decryption of those portions is necessary for proper operation of the device. The decrypted portions also include integrity-checking and/or authentication functions that confirm that the software has not been modified.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
