New Generation of Wearable Medical Devices Require Secure, High-Density Non-Volatile Memory
September 28, 2020
The risk to connected, wearable devices is real. Official bodies such as the US Food and Drug Administration (FDA) have issued a stream of warnings to device users and manufacturers about known risks.
It is clear that post-COVID changes in patient health monitoring, and in the way that medical services are delivered face-to-face, are going to create a greater demand for personal and wearable medical devices. This change in the pattern of demand will require more robust and secure memory products that can store greater quantities of user data at a lower cost-per-bit while providing high levels of security.
Personal medical devices at risk of intrusion or attack
For the foreseeable future, social distancing is going to continue to be mandatory in indoor spaces for citizens in many countries. Like schools and factories, hospitals will be looking for ways to reduce the number of people gathered inside at any one time, to make it easier to maintain distance between people.
Health systems are therefore going to be giving high priority to technologies that enable monitoring and diagnosis to take place outside the hospital, which do not require the patient to be admitted to a ward for observation.
Consumers are already familiar with wearable activity trackers which monitor physiological signs such as the user’s heart rate.
Activity and health trackers provide a new way for consumers to maintain a healthier lifestyle and to increase their resistance to new illnesses.
So, both specialist wearable diagnostic equipment and consumer wearable devices seem likely to become much more widely used post-Covid.
This broad expansion of the user of wearable medical technology has huge implications for security, for two reasons:
- Specialist medical equipment will in some cases be safety-critical – the user’s life will depend on it. So, the device must be safe from malicious attacks, such as denial of service attack, which could disable or impair its operation.
- Private user data are logged and transmitted by a wearable device, normally over a wireless link such as a Bluetooth® Low Energy radio to a host device such as a smartphone. It is crucial to the user’s trust in their device that these data should only be shared with authorized entities such as the user’s physician.
The risk to connected, wearable devices is real. Official bodies such as the US Food and Drug Administration (FDA) have issued a stream of warnings to device users and manufacturers about known risks. Such risks include SweynTooth family of cybersecurity vulnerabilities affecting Bluetooth Low Energy radio chipsets. The FDA’s March 2020 announcement about SweynTooth said that software to exploit these vulnerabilities in certain situations is already publicly available.
In medical devices, exposure to threats is greatest when data or code are in transit. For instance, when logged heartbeat measurements are uploaded via a Bluetooth Low Energy link from a wearable heart monitor to the user’s smartphone, or when updated firmware is delivered over-the-air from the cloud to the wearable device.
In simple wearable products, security provision may be confined to a microcontroller or system-on-chip (SoC), which will include a small on-chip Flash memory area for secure code storage. If a system has serial or SPI flash, it is by definition security ready. In more sophisticated devices, however, the size of the code will be too large for the embedded MCU’s memory, requiring the use of external Flash for code storage. If this external memory does not provide security functions such as an encryption engine and a root-of-trust, then it will be vulnerable. No matter how secure the host MCU or SoC, if the external memory is at risk, the whole device and its data are at risk.
Protecting connected devices from remote software attacks can be achieved by ensuring robust, end-to-end security in connected medical devices with the following advanced features:
- Secure code updates, including over-the-air updates, via an end-to-end secure channel between an update authority when the host MCU or SoC has been compromised.
- Secure boot and root-of-trust
- Authenticated and encrypted data transfer between the Flash device and the host
- Execute-in-Place (XiP) of boot and application code
- System resilience, enabled by the key security functions of protection, detection and recovery
- Secure channel from flash to the cloud
The security should be assessed by an external accredited lab, be compliant with GDPR and Substantial Level of EU Cybersecurity Act, and meet these standards: CC EAL2 (VAN.2), IEC62443, SESIP, PSA.
The firmware must be as resilient. The National Institute of Standards and Technology (SP 800-193) specifies that mechanisms protect firmware and configuration data from attacks. Further, they can detect and recover from successful attacks. Memory should automatically and authentically recover platform firmware to a state of integrity in the event that any such firmware code or critical data are detected to have been corrupted or hacked.
How do you store a torrent of personal user data at lower cost?
The use of wearable and in-home patient monitoring equipment will relieve pressure on medical facilities and facilitate social distancing in surgeries and hospitals. But, this personal equipment will generate a torrent of personal data. Multi-sensor monitoring equipment is already available to track various vital signs simultaneously, such as heart rate, heart-rate variability, blood oxygen levels, and temperature.
Wearable devices cannot be assumed to have continuous access to the internet, so the system architecture has to allow for local storage of these user data. This means that wearable medical devices need high-density, non-volatile memory. Because decisions about a patient’s diagnosis and treatment might be based on the data, data integrity is a mission-critical requirement.
The traditional choice of memory type for non-volatile, error-free storage of data is NOR Flash. In low densities of below 512Mbits, NOR Flash is a cost-effective choice. When data capacity of 512Mbits or more is required, however, the fabrication process advantage of NAND Flash comes into play.
OctalNAND is setting a new benchmark for the read performance of technology: delivering a maximum continuous read throughput of 240Mbytes/s, almost 10 times faster than general QspiNAND Flash products on the market.
By transferring large amounts of data boot from internal ROM to Octal NAND, the speed of flash content accelerates and OctalNAND delivers the highest read throughput for embedded applications.
A new generation of personal medical devices
The implications of the COVID-19 pandemic are still emerging, but it is already clear that the medical world will need to embrace the use of more personal and wearable technology. Data are the key to these emerging personal medical devices – and this has huge implications for the design of security and storage systems.