Launch HN: MedCrypt (YC W19) Medical Device Cybersecurity
I (Mike) was previously a product manager at a medical device company and witnessed an increasing concern about the security posture of Internet-enabled medical devices. This culminated in a couple of big device companies needing to issue recalls for their medical devices due to cybersecurity vulnerabilities. It struck me as an interesting transition from cybersecurity being a compliance requirement and instead a concern when managing patient safety.
Being concerned about the lack of resources available to implement data security properly, or at all in some cases, we decided to build a platform that helps healthcare software and medical device companies properly integrate data security features into their products, while actively monitoring them for vulnerabilities and suspicious behavior.
We address this problem by providing our customers with a configuration driven library that exposes a simple API to access data security operations, crypto library versioning/vulnerability tracking, key management, and device behavior monitoring. The features our solution provides also happen to cover all of the FDA’s new requirements for data security in medical devices (https://www.fda.gov/downloads/MedicalDevices/DeviceRegulatio...). These requirements place special emphasis on proper data encryption, signature verification, intrusion detection, and vulnerability monitoring.
While medical device vendors could go through the trouble of pulling together open source crypto libraries, certificate authority APIs, and monitoring solutions, or even write some of their own from scratch, we believe MedCrypt's platform offers a better alternative. We handle the complexity of integrating open source crypto libraries with PKI and monitoring infrastructure and provide simple API calls for key provisioning, certificate generation, data security ops, and monitoring.
Medical device vendors use their account on the MedCrypt platform to tell us about the individual computing components that make up their device, what types of data are stored or transmitted over the wire, and what kind of security is required. This allows us to point the vendor to the appropriate MedCrypt library (C/C++ libraries or bindings for NodeJS, Java, C# .NET, etc.) to use for each component and creates a generic provisioning configuration that the MedCrypt library uses to generate the appropriate key pairs, communicate with PKI, and register CBOM metadata for vulnerability tracking purposes.
Once the device and its keys are approved (via our provisioning API or predefined filters) and the certificates and signed configuration are delivered to the device, MedCrypt's library uses the certificates and the security configuration to enable simple API calls to secure the device's data.
For example, after being provisioned, if a glucose monitor is required to sign each set of measurement data sent to a central system called "data-capture", the API call is boiled down to:
int returnCode = glucoseMonitor.dataFor(&securedData, "data-capture", rawMeasurementData);
Under the hood the MedCrypt library is using the signed data security configuration to select the cryptography resource, sign the data with the appropriate secret key, construct a data payload that encapsulates the original data and signature for delivery to the "data-capture" server, and (if enabled) registers monitoring events with regard to when and with which keys a signing operation occurred.On the other end, the "data-capture" server can ...
14 comments
[ 3.3 ms ] story [ 43.5 ms ] threadI'm particularly interested if there is good interface with this platform and FHIR/HL7.
We definitely need some simple, high-level figures show how the libraries interact with the PKI nodes as well as local libraries and crypto elements on the device.
Users can also interact with a web API to control provisioning processes and retrieve telemetry data and we'll depict that as well.
Having something like this where I can focus on the function of the device and offload the difficulties of secure communication would have been a godsend.
The dynamic you describe plays itself out in almost every industry. Most biomedical engineers didn’t get into their field to implement cryptography. We’re hoping that a dedicated toolkit for securing medical devices will help their designers get back to work building life-saving technologies!
We do not write any of our own crypto. We use common open source libraries like libsodium, WolfSSL, OpenSSL, etc. under the hood. We provide binary versions of our library linked against the appropriate libraries for the customer, or customers can build their own combination of our library+crypto dependencies from source.
Sometimes we help customers get the compile options right to take advantage of, say, NEON instructions to optimize for an ARM target, but that's about the extent in terms of touching the actual crypto library.
I'm guessing there are almost certainly side-channel attacks (discovered or not) in most crypto libraries. How easily they're exploited is another topic.
We don't believe we need to build more cryptography engines. We just think we need to make the existing crypto libraries easier to use in conjunction with PKI, vulnerability monitoring, ease of patching, and especially in the context of documentation and testing in the eyes of the FDA.
Underneath, calls would be made to the open source crypto lib yielding, for example, data encrypted via ChaCha20 stream cipher with Poly1305 MAC authentication.
Also, our platform generates a provisioning configuration that tells the device to generate a dedicated set of keys for the purpose of encrypting data at rest. Those keys would not be used for any other signing or socket security operations. In general, if the target hardware can support it, we create dedicated keys for each type of data security operation (read multiple RPCs sending different types of data like log data, command-control data, images). We think this is especially important for encrypting data with LTKs since there have been cases where encrypting with a secret key has resulted in secret key leakage.