D5 - Final report

What we studied

An overview of the project is available at https://blog.fimbault.com/lessons-learned-from-our-mediam-project.

The mediam project studied:

the cybersecurity requirements for healthcare organisations and medical device vendors, both in terms of minimal regulatory requirements and continuous best practices
an architecture focused on machine identities and zero trust protocols at every step

We could validate the following architecture:

Compared to state of the art solution, the mediam project investigated the use of HTTP (and version 3 in particular) within IoT stacks, as a way to enable:

convergence of IP and non-IP networks (thanks to SCHC compression)
dependable updates
secure channels with end to end encryption
advanced authorization mechanisms using GNAP

This architecture is able to support secure communication of configuration data, sensor readings, control instructions and firmware updates. We implemented prototypes that demonstrated that the 3 business cases encountered by healthcare organisations (IT, biomedical devices, BMS) can be successfully implemented, contrary to existing architectures.

PreviousD4 - User access NextHow to implement regulatory requirements

Last updated 2 years ago