Emerging Security Mechanisms for Medical Cyber Physical Systems - PowerPoint Presentation

Emerging Security Mechanisms for Medical Cyber Physical Systems Ovunc Kocabas , Tolga Soyata , and Mehmet K. Aktas

MCPSs are safety-critical, interconnected, intelligent, networked systems of medical devices(e.g., sensors and therapeutic delivery actuators) that can provide high-quality continuous care for patients, where medical sensors collect patients’ physiological data and share these data with the decision support and then the decision support issues alarms to caregivers or control commands to therapeutic delivery actuators.What is a MCPS?

Two adversary models: Active (i.e., maliciously aiming at data privacy). An active adversary takes control of the host and can arbitrarily deviate from a specified protocol in order to steal secret information. A passive adversary follows the protocols correctly (honestly checks on private data), but can look at the encrypted data during the execution of protocols (but curiously accesses public data) to obtain information. Potential security attacks for MCPS

Possible Side Channel Attacks: Attackers take advantages of the vulnerabilities in software and hardware implementations of a system.Timing attacks are based on observing the execution time of the operations performed during encryption/decryption to reveal the secret key.Power analysis attacks are based on observing the power consumption during the execution of cryptographic operations.Fault-based attacks are based on introducing faults to bits during the execution of cryptographic operations. Cache attacks are based on measuring the cache access latency of the cryptographic instructions to recover the cache lines that store the secret key.Potential security attacks for MCPS

Structure of MCPS & data flow in MCPS

Where the data gets exposed(e.g. collected, transmitted, and stored), where security issues kick in Data Acquisition LayerLimited computational capability and battery life Generation & Management of security keys or agreed info Data Concentration Layer Sharing of the secret key among multiple parties Cloud Processing and Storage Layer Need of direct computations on encrypted data Action Layer

Encryption schemes for MCPS? Data Acquisition LayerLimited computational capability and battery life Generation & Management of security keys or agreed info Data Concentration Layer Sharing of the secret key among multiple parties Cloud Processing and Storage Layer Need of direct computations on encrypted data Action Layer Is there an one-size-fits-all encryption scheme that can address all the security issues in an MCPS?

Encryption schemes for MCPS? Data Acquisition LayerLimited computational capability and battery life Generation & Management of security keys or agreed info Data Concentration Layer Sharing of the secret key among multiple parties Cloud Processing and Storage Layer Need of direct computations on encrypted data Action Layer Is there a one-size-fits-all encryption scheme that can address all the security issues in an MCPS?

Identifying suitable encryption schemes for each layer Data Acquisition LayerLimited computational capability and battery life Advanced Encryption Standard (AES) & EC Integrated Encryption Scheme (ECIES) (Conventional) Data Concentration Layer Sharing of the secret key among multiple parties Attribute-Based Encryption(ABE) Cloud Processing and Storage Layer Need of direct computations on encrypted dataFully Homomorphic Encryption Action Layer

Identifying suitable encryption schemes for each layer Data Acquisition LayerLimited computational capability and battery life Advanced Encryption Standard (AES) & EC Integrated Encryption Scheme (ECIES) (Conventional) Data Concentration Layer Sharing of the secret key among multiple parties Attribute-Based Encryption(ABE) Cloud Processing and Storage Layer Need of direct computations on encrypted dataFully Homomorphic Encryption Action Layer Both Advanced Encryption Standard (AES) & EC Integrated Encryption Scheme (ECIES) schemes are seen as conventional encryption schemes and both of them can also use physiological or biomedical signals to agree on security keys. In conventional public-key cryptography, the receiver has two keys: The public key is shared by the sender, while the private key, which is kept only to the receiver himself/herself, is used to decrypt the received messages. AES uses a generic key exchange algorithm such as Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH). ECIES uses ECDH to generate security keys between the sender & receiver. After the generation of the security keys, the encryption schemes start the encryption & decryption procedures.

Identifying suitable encryption schemes for each layer Data Acquisition LayerLimited computational capability and battery life Advanced Encryption Standard (AES) & EC Integrated Encryption Scheme (ECIES) (Conventional) Data Concentration Layer Sharing of the secret key among multiple parties Attribute-Based Encryption(ABE) Cloud Processing and Storage Layer Need of direct computations on encrypted dataFully Homomorphic Encryption Action Layer Attribute-based encryption (ABE) is a public-key encryption that enables secure data sharing by multiple receivers. The data is encrypted using an access policy based on credentials (i.e., attributes). Only the receivers whose credentials satisfy the access policy can access data. Ciphertext-Policy ABE (CP-ABE): Private key of an user is associated with user credentials. Ciphertexts specify an access policy and only users whose credentials satisfy the policy requirements can decrypt them. Key-Policy ABE (KP-ABE): In KP-ABE, the access policy is encoded into the receivers’ private key and a ciphertext is labeled with a set of attributes . KP-ABE schemes place the access policy on the private key of the receivers and the attributes are associated with the ciphertexts.

Identifying suitable encryption schemes for each layer Data Acquisition LayerLimited computational capability and battery life Advanced Encryption Standard (AES) & EC Integrated Encryption Scheme (ECIES) (Conventional) Data Concentration Layer Sharing of the secret key among multiple parties Attribute-Based Encryption(ABE) Cloud Processing and Storage Layer Need of direct computations on encrypted dataFully Homomorphic Encryption Action Layer Homomorphic encryption schemes enable computation of meaningful operations on encrypted data without observing the actual data. Everyone may have access to the data but only ones who have the private key can perform related homomorphic addition or homomorphic multiplication or both. Partially Homomorphic Encryption scheme, which could perform only either homomorphic addition or homomorphic multiplication. E.g., Paillier Encryption scheme is a public-key cryptosystem that is additively-homomorphic. Fully Homomorphic Encryption scheme, which needs to perform both homomorphic addition and homomorphic multiplication. E.g., Brakerski -Gentry- Vaikuntanathan (BGV).

Comparison of encryption schemes – Capability comparison

Comparison of encryption schemes – Performance comparisonEvaluating six different encryption schemes based on four metrics: Encryption timeDecryption timeCiphertext sizeEvaluation time(Direct computation time on encrypted data)

Comparison of encryption schemes – Performance comparisonConclusion:Among the six different schemes studied in this paper, AES is the clear winner in terms of computation and storage requirements, while the other five suffer substantial storage and computation overheads, but AES has many limits. An one-size-fits-all encryption scheme simply does not exist for designing an MCPS. Even if such a scheme would be developed, computation overhead could be so tremendous that it won’t be suitable to be used in MCPS.

Thank You