To see a few of the proposed devices that fall into this standard see the group's recent spreadsheet. Also interesting is the proposed security requirements for such devices.
Multi-level security is desired so that each application can chose a level that best suits its needs. For example camera pill may not need strong encryption and authentication process. However, pacemakers may need strong authentication process. Devices needs to be interrogated by authorized personal for the lifecycle of the product. The highest level of security shall be equal to or stronger than those specified by IEEE 802.15.4_2006 standard. The security mechanism shall be energy efficient and lightweight.
Novel security mechanisms are need for medical applications to account for
1. The longevity of implanted devices. (Doctor may need to calibrate the device once a year or so. Patients may relocate to a different geographic region.)
2. Average person cannot be expected to play the role of network administrator who can set up and manage authentication process. Hence, limited user interaction during security configuration is desirable.
3. Inability of the user to provide passkeys when needed. (e.g. Devices should be accessible to paramedics/medics in a trauma condition. However, in such situations, the user may not be able to provide authentication information)
Of course this opens up a couple of paths for the robot uprising.
- They control us by threatening to shut off our pacemakers.
- They use our "BAN"s to tell us we lost our keys in that iron mine.
- "Deep Brain Stimulation"
Thanks to ExtremeTech
Posts
No comments:
Post a Comment