📓
mediam
  • doc.mediam.dev
  • D1 - Specification
    • Introduction
      • What are the risks?
      • What is specific to healthcare?
      • New regulations
      • Regulatory requirements
    • Market study
      • Competitive landscape
        • Features
      • Market characteristics
      • Interviews
    • Use cases
      • Healthcare IT
      • Connected medical devices
      • BMS
    • References
  • Prototypes
    • Hardware prototype
    • Technical issues today
    • Solution architecture
    • D2 - Network management
      • HTTP3
      • SCHC
      • End to end encryption
    • D3 - Lifecycle management
      • Machine identity
        • Decentralized identity
        • DIF KERI
      • Remote updates
    • D4 - User access
  • perspectives
    • D5 - Final report
      • How to implement regulatory requirements
      • Next steps
Powered by GitBook
On this page
  • Generic channels
  • HTTP message signatures
  • Other proofs of key possession methods

Was this helpful?

  1. Prototypes
  2. D2 - Network management

End to end encryption

Establish secure channels over multiple hops

PreviousSCHCNextD3 - Lifecycle management

Last updated 3 years ago

Was this helpful?

Generic channels

As part of the mediam project, we also reviewed and tested what other projects are building. We've evaluated ockam's proposal for secure channels, which is based on actor messaging. The aim of the platform is to support various types of transport, although . This part was used as an option in the remote update mechanism, between the device and the scheduler.

HTTP message signatures

Contrary to generic channels, this solution only supports HTTP. However, it better fits the requirements of advanced authorization protocols such as GNAP. Encryption layers such as TLS are used to provide secure communications, however only direct connections are secure. If for whatever reasons (CDN, load balancer, proxies, TLS inspection gateways, etc.), multiple hops are required, it is again possible to tamper with the message.

An is a digital signature over an HTTP request or response, so that the content can be protected over multiple hops. We integrated this specification into IETF GNAP. A prototype was implemented.

The building blocks are :

  • according to the rules defined in the draft

This part was used in the remote update mechanism, in the communication between the vendor and the scheduler, and optionally between the device and the scheduler.

Other proofs of key possession methods

Within IETF GNAP, we also defined other methods (including mutual TLS) to and tokens, instead of relying on bearer tokens. Also, the IETF GNAP opens the possibility for , not limited to JWT, and supporting capabilities (cf our prototype , which will be proposed as an IETF standard).

only TCP is currently implemented
HTTP message signature
structured HTTP headers
content canonicalization
prove possession of keys
various types of tokens
biscuitsec.org