How a Root of Trust Underpins Security in Intelligent IoT Healthcare Devices

Skip to content

The following article is written by our partners at Crypto Quantique as part of our In Conversation With … series. They examine how AI Is enabling Intelligent IoT healthcare devices and the role of a Root of Trust In securing these devices.

With the IoT becoming established in many sectors, even if not quite as quickly as predicted by some of the more enthusiastic commentators just a few years ago, a notable trend is the use of artificial intelligence (AI) to collect and analyze data to help us make better informed decisions.

Some of the analysis is done by implementing AI in IoT endpoints, using machine learning (ML) algorithms to produce meaningful, actionable information in real time. TinyML is one of the technologies making this approach viable, not least because of its energy efficiency; IoT endpoints rely on battery power, micro energy harvesting, or a combination of the two, so low energy consumption is paramount.

There are also applications where the sheer volume and nature of the data collected at the IoT edge will demand processing by more powerful cloud computers. However, AI at the edge and cloud computing are more usually complementary aspects of an IoT network. Healthcare is one area where this is commonly the case.

The healthcare sector is one that can benefit most from AI-IoT integration. Fitness trackers and smart watches run AI algorithms to collect and analyze data and interact with users. But the healthcare industry is moving beyond these familiar products. Bio sensors can now measure and analyze blood pressure, heart rate, skin temperature, concentrations of electrolytes in perspiration, and respiratory function. ECG monitors are now readily available consumer devices, and remote patient monitoring is well on the way to becoming mainstream medical practice.

While the benefits of these trends are clear, they come with a common risk. Every IoT endpoint is a potential window into an IoT network. And every IoT network is a potential window into an organization’s IT infrastructure. It is critical that healthcare data is protected from bad actors, or even inadvertent distribution. This is not only for the benefit of the individuals concerned but because the penalties for organizations who fail to protect such data can be immense, both in terms of brand reputation and commercial consequences. They may also fall foul of security and privacy regulations. These include FDA standards, MDR 2017/745/EC, IEC 62304, and even GDPR. And the regulatory framework is fast expanding.

So, how can system developers counter the threats to security in healthcare IoT applications where thousands, or tens of thousands, of devices need to be securely connected to applications that bring the benefits of AI processing to users?

Let’s look at the some of the fundamental requirements for a secure IoT network and how security can be implemented at scale, remembering that each IoT device will have a microcontroller (MCU) at its heart.

The Need for a Root of Trust (RoT) and How to Create One

PSA Certified sets out 10 security goals to help anyone involved in the design, development and management of connected devices and networks build a foundation of trust for users. All of these goals offer fundamental security capabilities, but two in particular offer fundamental conditions that must be met before healthcare, or other IoT devices, can function securely as part of a network:

  1. Goal #1 Unique Identification: The endpoint must have a unique identity that can be verified before it is permitted communication with the application.
  2. Goal #10 Cryptographic / Trusted Services: Messages and data in transit must be secure from external interference and must not be capable of being read by anyone except the intended recipient.  Cryptographic encryption and certificates of authentication are used to achieve this.
PSA Certified 10 Security Goals for Medical Applications

The combination of a unique identity and cryptographic keys in an MCU forms the Root of Trust (RoT). Without a unique RoT for each device, IoT security isn’t possible. The identities and cryptographic keys are random numbers and the more random they are, the more secure they are.

Commonly, random number generators are used to create identities and keys that are then injected into the non-volatile memory of MCUs. This process can be expensive and has substantial vulnerabilities: it involves a third party, which is a security risk itself, and because the keys are stored, they are vulnerable to theft or leakage.

At Crypto Quantique, we take a different approach to creating the RoT identity that eliminates the cost and risks of key injection and storage.

The company’s silicon hardware IP, QDID, is a design element that’s embedded into MCU chips. QDID, with its complementary firmware, then enables multiple random identities and cryptographic keys to be created on-demand, within the silicon, throughout the device lifecycle. This is how it works.

During the semiconductor manufacturing process, tiny variations occur in the thickness of an oxide layer on the silicon wafer. QDID measures the minute currents (femtoamps) produced by quantum tunneling of electrons through this oxide barrier. The thickness of the oxide layer is variable and unpredictable, and the nature of quantum tunneling – a quantum mechanics phenomenon – is probabilistic, so random numbers with exceptionally high entropy, or ‘randomness’ are produced. This high entropy underpins high security. The random numbers produced by QDID are called ‘seeds’. Unique, immutable and unclonable identities and cryptographic keys are then derived from these seeds.

Independent evaluation of QDID by security specialist eShard has verified that it’s secure against all known IoT attacks, providing a route for semiconductor companies to lower the cost of achieving EAL4+ security for their devices.

The technology has also been evaluated by PSA Certified evaluation lab, Riscure. They examined QDID for its ‘security function’ – F.SECURE STORAGE – describing the scope of the evaluation as: “PSA immutable root of trust, for example boot ROM, root secrets and IDs, isolation hardware, security lifecycle management and enforcement. This component cannot be updated.”

Riscure concluded that QDID is PSA Certified Level 2 Ready.

We place high value on our PSA Certified achievements because third-party evaluation of our technology reduces risks for our customers and partners. In turn, they pass this added assurance to their customers through products that are differentiated by an independently verified level of security.

How Crypto Quantique achieved PSA Certified Level 2 Ready

From Root of Trust to Application

With QDID at the heart of the RoT, the uniquely identifiable MCUs described earlier are registered on a global inventory platform. This may be located on company premises, hosted by us, or hosted on a cloud server.

IoT devices, such as those described above, are then built around the MCUs, and the next step is to connect them to cloud applications, often at scale – thousands at a time. An overview of the process is shown below.

The QuarkLink IoT Security Platform Provisions, Onboards and Manages Connected Devices

Although not part of Crypto Quantique’s PSA Certified application, our ‘QuarkLink’ software complements the QDID RoT. It’s a universal IoT security platform for connecting devices to in-house or cloud servers. Originally designed to work with QDID, it is also available as a standalone product for use with other RoTs.

QuarkLink handles secure provisioning of cryptographic keys and firmware and manages secure onboarding of IoT devices to one or more server platforms. Thousands of end-point devices can be connected to servers through cryptographic APIs, with just a few keystrokes that initiate an almost instantaneous, automated process. The complexities of cryptography are handled in the background so that the work can be completed in minutes by technicians without specialist IoT security knowledge. QuarkLink currently supports AWS, Microsoft and Mosquito cloud computing platforms and support for others is under development.  Once everything is up and running, QuarkLink then handles security monitoring, including firmware encryption, signing and secure updates over-the-air, and security certificate and key renewal and revocation.

Crypto Quantique CEO discusses why PSA Certified is important to their business

Here is a short video demonstration of how QuarkLink is used with QDID, but it functions in a similar way with other RoTs.

Summary

Every day, technological advances are helping us lead longer, healthier lives. The convergence of AI and IoT is only going to accelerate this trend, but only if we can be sure that the confidential data we share about ourselves is safe from prying eyes and unwanted interference. The billions of healthcare wearables and other IoT edge devices that are being deployed can only be secured against attack if their identities are both unique and secure, and if cryptography is successful in securing data as it traverses IoT networks. QDID, with its PSA Certified RoT, combined with QuarkLink’s broad functionality and user-friendly interface, make it far simpler to implement IoT security at scale. These complementary technologies bridge the IoT security scaling gap in a way that is perfectly aligned with the PSA Certified 10 Security Goals.