Secure boot concept for patient monitoring systems

No Thumbnail Available

URL

Journal Title

Journal ISSN

Volume Title

Sähkötekniikan korkeakoulu | Master's thesis

Authors

Date

2021-08-23

Department

Major/Subject

Control, Robotics and Autonomous Systems

Mcode

ELEC3025

Degree programme

AEE - Master’s Programme in Automation and Electrical Engineering (TS2013)

Language

en

Pages

40 + 2

Series

Abstract

Embedded System security is a key concern to security experts, especially since these systems have grown in complexity and are becoming more widespread and connected. This ubiquity raises the concern whether any embedded device should be trusted to run only authorized software. One of the solutions to achieve this is to establish a trusted execution zone between the device's start-up and the operating system by implementing secure boot. Secure boot is a protocol for implementing a trusted execution zone in Embedded System by signing components of the boot sequence, such as the boot loader, with a digital signature that is verified by immutable elements of the firmware or hardware. Proportionally to the increased digitization of medical equipment and patient data, the concern that these have been in some way tampered with or stolen has also grown. However, few studies have considered medical Embedded System security in this context. This thesis focuses on one particular type of medical device and embedded system: patient monitors. More specifically, it investigates the feasibility, benefits and drawbacks of utilising secure boot to GE Healthcare’s Monitoring Solution Software Platform. The aim of this thesis is to identify and implement the current verified boot solutions able to improve security of this system. This was accomplished by analysing the components that comprise secure boot, the threats to patient monitors viewed as Embedded Systems, and security engineering from a corporate perspective. As a result, a proof of concept was developed and evaluated as the basis for a prototype implementation. As a final outcome the prototype solution was further refined and appropriate procedures for security features, development pipeline, and software implementation was proposed in order to support fully integrate into the product family.

Description

Supervisor

Vujaklija, Ivan

Thesis advisor

Koivunen, Rami

Keywords

secure boot, embedded system security, cyber security, cryptography

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202108298664

Collections

[dipl] Sähkötekniikan korkeakoulu / ELEC