Wearables Demo: Transform a Tiny Wearable Device into a Secure One
A video presenting our INSTET prototype for secure IoT wearables.
In this video we present our INSTET prototype for secure IoT wearables.
One of INSTET’s market segments is the wearable and mobile healthcare. As use case we have selected the Maastricht Instruments Bluetooth low-power activity monitor, MOX2. It does physical activity classification and posture detection. It is used a lot for rehabilitation programs and fall detection. The core circuit of this product is a microcontroller, which senses, processes and sends the data to outside world.
The MOX2 Architecture
Here we present the high-level MOX2 connectivity architecture. Activity monitor digitizes the sensor inputs and pre-processes the data. Then the sensor data is transmitted to a smart phone via Bluetooth Low Energy. Then the smartphone forwards the data to the server, where doctor can connect to, and analyze, data.
Now, let’s see the security concerns with respect to this architecture. First, we need to set up a digital identity for the IoT. Digital identities are consisted from a private [key] and a certificate, which includes the public key. In this way, every device will be recognizable from outside, and being able to exchange information with other devices in a secure way.
Second, we see that the doctor is unable to verify that the medical device is the origin of the data and must assume that the entire link is trustworthy.
Then, a real-world problem is when a doctor decides to prescribe a certain treatment plan or drug based on false data.
Finally, secure boot is missing from this device. This allows someone to hack into the device and replace existing software with software containing malware. The system might run malicious code, so the result is a compromised device. This fact makes them attractive to attackers, because hackers can remotely steal data.
Unclonable Digital Identities and E2E for All IoT
We have integrated the software technology in Intrinsic ID BK software to MOX2 activity monitor, and we have transferred it to a secure device. Major benefit of BK software is that [it] does not require hardware on chip and a separate source of entropy.
BK software exploits the entropy which derives from the random variations of microprocessor hardware during manufacturing, and generates a reliable key per device. BK is using error correcting algorithms and randomness amplification to achieve lifetime reliability and security for the generated key. On top of BK we have implemented secure boot and end-to-end security.
Secure Bootloader and Software Update Mechanism
Now we present some details.
First, we build a secure bootloader together with a software update mechanism. The software application is signed externally by a programming tool using a private key, and a unique signature is generated.
Then the software application, the public key of the programming tool and the signature are placed back to the sensor. So, every time the device starts to boot it checks if the application has been modified. If not, the device boots.
Moreover, we can update the software image by signing the new images externally by the programming tool, and send them to the device.
E2E Data Security
The second use case is end-to-end security. As we see in [the] Figure, the flow spanning from medical device to application lacks an end-to-end data communication security mechanism.
Although data protection is provided in each individual link, the information is conveyed unencrypted through the intermediate participants. And if some of them are outside the chain of trust, they could have access to the unencrypted data, or could modify it. This point of vulnerability is one of the criticalities in medical wearable device monitoring ecosystems.
To implement full end-to-end security, we apply application data security on top of existing connectivity infrastructure. More particularly, we sign the application data using an SRAM PUF-derived private key.
By sharing the corresponding public key with the application, in the form of a device certificate, the application can verify the integrity of data, and prove that indeed data is coming from the medical wearable device.
Prototype and Demo
With BK, we have turned the MOX2 device into a secure MOX2 device, providing E2E security and software updates. Let’s see the prototype and demo.
This is a short technical demo about data signing part, where we use the BK library on our MOX device to sign the data.
The data goes to the telephone, where an app is running. And this app sends the data to a database now simulated on a laptop.
I will now start the application on the telephone. The telephone now asks me if I want to do the normal procedure without data corruption. So I press “no.”
Now it gets the data over Bluetooth from the MOX. When it has the data it sends the data to the database.
Now we can show that the data is on the database. The packages received are now gray, and then we press on the verify button. And when they are green, that means that the data is not manipulated in the datapath. So the data on the server – the signature is correct with the data received.
We have a second demo. We will first clear the database. I will stop the app. Now the database is empty.
We will do the same again and now we are going to simulate the man-in-the-middle attack. And that means that somewhere in the connection the data is corrupted, or manipulated. So the MOX signs the data. It goes over to the app. Now the app will run in a man-in-the-middle mode attack simulation and it sends the corrupted data to the database.
I will start the app. And when it asks me if it has the corrupted data I press “yes.” It loads the same packages again and sends them to the database. Now five packages received [in the database] and we now press the verify button. All the lines are marked red.
Intrinsic ID’s work in developing and deploying unique microchip fingerprint technology for new markets is supported by INSTET, a project funded under European Commission Project Grant Agreement ID 811509