Title:  Medical Device Security Through Hardware Signatures

Committee:

Dr. Vincent Mooney, ECE, Chair , Advisor

Dr. David Keezer, ECE, Co-Advisor

Dr. Omer Inan, ECE

Dr. Brendan Saltaformaggio, ECE

Dr. Yousef Iskander, Cisco

Dr. Santosh Pande, CS

Abstract:

This dissertation presents techniques based on hardware signatures aiming to detect malicious modifications to both hardware and software of embedded and medical devices.  On the hardware side, our novel approach focuses on a run-time method for rapidly detecting Hardware Trojans (i.e., malicious hardware circuitry inserted during the manufacturing process of a digital microchip) by checking for correct functionality of the underlying hardware.  An architecture that addresses these threats by splitting the design into a two-chip approach is presented where signatures are generated in the hardware at the very beginning of data harvesting and are then checked during data processing and encryption.  In addition, known physiological relationships between medical data are utilized to ensure the integrity of the data that is processed by the hardware.  On the software side, we present a novel hardware-assisted run-time code integrity checking technique which aims to detect if executable code resident in memory is modified at run-time by an adversary.  Specifically, a hardware monitor is designed and attached to the device’s main memory system.  The monitor creates page-based signatures (hashes) of the code running on the system at compile-time and stores them in a secure database.  It then checks for the integrity of the code pages at run-time by regenerating the page-based hashes (with data segments zeroed out) and comparing them to the legitimate hashes.  The goal is for any modification to the binary of a user-level or kernel-level process that is resident in memory to cause a comparison failure and lead to a kernel interrupt which allows the affected application to halt safely.  We were able to check the majority of executable code with the exception of a few page table entries to redirect application code to libraries.  Our experimental results demonstrate the efficiency and effectiveness of our proposed and implemented techniques in detecting such types of attacks while introducing minimal resource overhead and negligible performance degradation on applications running on an embedded medical device such as a heart rate monitoring application.