Towards Securing Medical IoT

The case for adopting SRAM PUF for medical and other devices

Personal medical information is definitely something we want kept private. Perhaps no other information besides financial and military can have such profound and direct effect on our lives. Yes, it is bad if your identity is stolen. Yes, it is bad when the Internet is inaccessible. But what if your medication was delivered incorrectly or not at all? What if your pacemaker didn’t work? What if the cancer diagnostic equipment gave your doctor false results? Securing our sensitive medical devices and data should definitely be on the forefront of the medical community’s mind. However, as it is with so many other Internet of Things devices, security seems to be an afterthought.

Moreover this approach also works on existing silicon….

  • University of Washington researchers proved they could hack into a remote surgery robot and get it to fail[1].
  • Billy Rios, an ethical hacker, demonstrated a hacked insulin pump could be made to deliver wrong dosage[2].
  • Implantable cardio defibrillators are often used with a default password and could be used to deliver unwarranted shocks to patients who are susceptible to cardiac arrest[3].
  • X-Ray systems were backed up to centralized storage without any authentication needed to access them[4].
  • Blood refrigeration remote interface allowed easy manipulation of temperature, potentially ruining blood supplies[5].
  • CT Scanners could be remotely hacked to change limits on the amount of exposure to radiation a patient might receive[6].

As early as 2007, Vice President Dick Cheney’s cardiologist was concerned that terrorist hackers might kill the Vice President through an attack on his implanted heart defibrillator. Dr. Jonathan Reiner, Cheney’s doctor, ordered the manufacturer to disable the wireless feature to prevent anyone from sending a signal that might harm him[7].

Despite the real and documented threats to our medical devices and the critical data or instructions they contain, efforts to develop a Medical IoT standard for security are still in nascent form.

Guidelines Emerging

The FDA recently published a draft entitled Postmarket Management of Cybersecurity in Medical Devices Draft Guidance for Industry and Food and Drug Administration Staff. Unfortunately, this 2016 draft is for comment and review only, and its recommendations are non-binding. It does establish models for best practices and sharing of security information. However, as other security experts have pointed out, without enforcement there really is no protection for the patient. “It’s basically industry best practice,” says Bruce Schneier, noted cybersecurity expert. “But without enforcement, it’s just pleading.[8]”

There are many factors as to why so many medical devices are vulnerable. Medical device developers are not trained to be security experts. Device makers are so busy focusing on getting their devices to work correctly, complying with existing FDA regulations, that the thought of deliberate malice is the last thing they think of. Cost and time to market are factors that are a consideration in deploying security.

Devices Need to be Trusted

The FDA draft, mentioned above, specifically calls for Unique Device Identification on page 21, line 692. Devices need a way of establishing that it should only communicate with other devices that it knows have the proper credentials. Just as you only want doctors you know and trust to prescribe you a treatment plan, so it is with devices. They need to be able to interact with other known and trusted devices to give you results you can trust.

Currently, it takes chip or board manufacturers an extra manufacturing step to add a unique identity to a chip. This is not free and adds considerable time, effort and cost to a product.

SRAM PUF, Using What’s Already There

A newer technology as offered by Intrinsic-ID, Physical Unclonable Functions (PUF), may offer an inexpensive and easy-to-deploy method to make many of the devices tamper resistant. In Q4 2016, Intrinsic-ID announced the availability of SRAM PUF tightly integrated with Wind River® VxWorks® real-time operating system as a kernel library.

PUF relies on the fact that every microprocessor has SRAM to leverage a hidden identity within the chip. The symmetric design of the SRAM cell leads to a natural amplification of transistor differences when the SRAM cell is powered up. Silicon variations can simply be measured by reading out the start-up values of the uninitialized memory. Every individual SRAM cell has a preferred start-up state of 0 or 1, which is determined by the relative variation in transistor threshold voltages. For a block of SRAM cells, this leads to a pattern unique for every chip. In effect, SRAM PUF gives chips a unique “silicon fingerprint.”

“This approach is very scalable,” says Pim Tuyls, CEO of Intrinsic-ID. “By reusing SRAM Memory that is available by default, no specific test runs are needed in the manufacturing process to test the performance in new process and technology nodes. Moreover this approach also works on existing silicon, which allows for retrofitting security onto devices already in the field by updating their software[9].

A PUF is very hard to clone due to unique physical characteristics deep down in the transistors that originate from uncontrollable manufacturing process variations. These variations provide a good source of internal entropy. The PUF structure is unique as-is, it does not need to be programmed or altered to store a key, which means that there is nothing to read out with reverse engineering equipment.

SRAM cells have been exhaustively characterized under all possible environmental conditions. Optimal Error Correction and Privacy Amplification algorithms have been developed that make the SRAM PUF extremely reliable under a wide range of operating conditions. Companies have been adopting the SRAM PUF and achieved the highest level of certification. The technology is now deployed in many devices from tiny microcontrollers and sensors to high performance FPGAs and secure elements. These implementations have consistently demonstrated the reliability and security of the technology.

Using SRAM PUF for medical devices can enhance the overall security of medical systems already deployed in the field as well as help medical device companies comply with future FDA requirements. Intrinsic-ID is working with chip and microcontrollers companies to develop systematic layered security using SRAM PUF to establish device authentications. The medical devices market will grow to over $163 Billion by 2020[10]. As more and more devices are deployed, the need for secure authentication will also grow. SRAM PUF offers a cost effective and tested way of ensuring trust and ultimately patient safety.


[1] Langston, Jennifer (May 7, 2015) UW researchers hack a teleoperated surgical robot to reveal security flaws. Retrieved from

[2] Zetter, Kim (June 8, 2015) Hacker Can Send Fatal Dose to Hospital Drug Pumps. Retrieved from

[3] Zetter, Kim (April 25, 2014) It’s Insanely Easy to Hack Hospital Equipment. Retrieved from

[4] Ibid

[5] ibid

[6] ibid

[7] Ford, Dana (October 4, 2013) Cheney’s defibrillator was modified to prevent hacking. Retrieved from

[8] Howshaw, Lindsey (January 25, 2016) Hacked Medical Devices Still a Big Threat in 2016 Retrieved from

[9] Kevan, Tom (November 2016) The Birth of Chip-Level Security. Retrieved from

[10] Markets and Markets (October, 2015) IoT Healthcare Market worth 163.24 Billion USD by 2020.  Retrieved from


takamoto_webMichael Takamoto has over three decades of experience in high technology and has served in various positions at Oracle Corporation, Frame Technology (now Adobe), the Palo Alto Medical Foundation, and various start-ups. He is well versed in a wide range of technologies and enjoys writing about them.

Share and Enjoy:
  • Digg
  • Sphinn
  • Facebook
  • Mixx
  • Google
  • TwitThis

Tags: ,