📓
mediam
  • doc.mediam.dev
  • D1 - Specification
    • Introduction
      • What are the risks?
      • What is specific to healthcare?
      • New regulations
      • Regulatory requirements
    • Market study
      • Competitive landscape
        • Features
      • Market characteristics
      • Interviews
    • Use cases
      • Healthcare IT
      • Connected medical devices
      • BMS
    • References
  • Prototypes
    • Hardware prototype
    • Technical issues today
    • Solution architecture
    • D2 - Network management
      • HTTP3
      • SCHC
      • End to end encryption
    • D3 - Lifecycle management
      • Machine identity
        • Decentralized identity
        • DIF KERI
      • Remote updates
    • D4 - User access
  • perspectives
    • D5 - Final report
      • How to implement regulatory requirements
      • Next steps
Powered by GitBook
On this page
  • Existing issues with current architectures
  • Hidden complexity costs of current architectures

Was this helpful?

  1. Prototypes

Technical issues today

Why state of the art protocols aren't enough

PreviousHardware prototypeNextSolution architecture

Last updated 3 years ago

Was this helpful?

Existing issues with current architectures

IoT devices operate by exchanging messages, with cloud services and other connected machines. So we must ensure that the messages that carry configuration data, sensor readings, control instructions and firmware updates (see the review of requirements in D1).

The current weaknesses are usually due to the following reasons:

  • implicit trust in network boundaries (e.g. segmentation of connected devices versus the rest of the IT infrastructure), without authenticating the sender or validating the integrity of the message.

  • most IoT systems optimize for one-way authentication, without managing unique credentials for the fleet of devices

  • every IoT development team ends up hand rolling mechanisms for provisioning keys, activating devices and bootstrapping trust, which is a source of mistakes like default passwords or hard coded secrets

  • most IoT message transport protocols support some way to establish a secure channel. However, such secure channel protocols have traditionally been tightly coupled to their corresponding transport protocols, and they are only connection based. Therefore security over multiple hops cannot be established, enabling too curious observers or even attacks at interception points.

  • there's a separation between IoT transport protocols (e.g. MQTT, CoAP) and IP protocols, which creates vulnerabilities in end to end solutions

  • remote updates are mostly ad-hoc

  • authorization protocols such as OAuth2 have lacked adoption for IoT, despite their , because the security model is hard to implement (mutual TLS often seems easier for developers, although that requires advanced networking setup).

Those choices are flawed trade-offs, because if customers/patients are relying on the information collected by these sensors, then an attacker can easily tamper or forge that information.

Hidden complexity costs of current architectures

Ockam.io provides a complementary use case in the following video: which shows how the current architectures make it very hard to protect its infrastructure that requires integration with many different vendors.

https://youtu.be/wEeLSbkU_jI
potential
Potential attack when multiple hops don't implement end to end encryption