Enabling Technologies for Post Market Surveillance of Medical Devices

Is blockchain, SDN or a legacy network best for post-market surveillance of medical devices?

By Junaid Chaudhry, Ali Kashif Bashir, Syed Hassan Ahmed, Jon Haas, Guanglou Zheng

IEEE Internet Policy Newsletter, March 2018

Medical devices perform health monitoring, diagnosis and life-saving functions for patients and are within the user domain of Health Information Systems (HIS)^[1]. These devices include Implantable Medical Devices (IMDs), Medical Devices (MDs), and Medical Support Devices (MSDs) for continuous health monitoring and treatment purposes^[2]. Some medical devices can be worn on the body, known as wearable medical devices, while others could be outside the body of patients, (i.e., smart beds, Magnetic Resonance Imaging (MRI) machines and wireless medical telemetry systems.) The HIS are increasingly adopting cloud-based computing systems^[11], and this trend makes medical devices more exposed to the internet and the challenges associated with their governance^[12]. In this article, we offer a discussion about three candidate post market governance technologies for the broad range of medical devices.

Blockchain is making headlines as a candidate technology that can bring an improved trust factor into distributed computing environments. Since the vast bulk of computing is performed on a daily basis, it is proposed that applications of blockchain can become important in every aspect of modern day online life. Examples have been seen in the financial sector with cryptocurrency proposed for trading, supply chain, and software validation. While the suitability of the technology is still to be proved^[3] for HIS; it is logically possible that its application in post market governance of medical devices may hold similar promises. For instance, it is still to be investigated whether the blockchain can play the key roles required in terms of device identity, performance, accuracy, reliability, tracking, lifecycle management, progression, or compliance of the medical devices to the prevailing legislations. Another critical issue is the seamless integration of blockchain in HIS. It is also worth investigating whether the blockchain is going to be an isolated or integral part of HIS. At its current state, the technology is still immature^[4]. Having said that, the passion with which researchers are innovating in the blockchain suggests the future applications are not far away.

On the other hand, network integration of medical devices has been on the rise since the beginning of this century. While network integration provides data sharing and remote operation capabilities, it exposes devices to various forms of potential cyberattacks^[5]. For this reason, as well as others (maintenance, performance, etc.), network integrated medical devices are connected in isolated subnets^[7] and governance of these connected devices is delegated to the authorized HIS administrators. The diversity and proliferation of non-standardized software implementations among medical devices makes it harder to build and stick to a standard device governance model, despite HL7 community claims of improved discipline recently^[6].

^[14]Silva et.al. proposed to use Software Defined Networking (SDN) for the separation of local data and the control plane. A decade ago, we proposed the use of Normal Functionality Models (NFM)^[13], the baseline reference model provided by device manufacturers, to fingerprint the activity of medical devices. Perhaps using control system NFM to monitor the functional activities of the medical devices can be a quick fix for legacy medical devices and networks. One of the advantages of using SDN in the HIS is seamless integration. While the technique has flaws that must be addressed, the immediate group work can be done to identify and mitigate the imminent threats to the infrastructure.

In its current state, to the best of our knowledge, there is no standard “best practice” for medical device governance. Due to technological gap, the device manufacturers are forced to use the traditional “tag-and-ship” methods of device tracking. In case of complaints of wrongdoing or device malfunction, it is impossible to perform active monitoring. The devices are analyzed by the device manufacturer (e.g., device local log file analysis)^[8] after receiving requests through the Medical Device Incident Reporting (MDIR) register^[9]. Due to the absence of any intrusion detection technique in medical devices, no fatalities have been recorded yet that took place due to cybercriminal activity^[11]. However, it is not to say that electronic crimes will not happen in the future. It is also not easy today to point out procedural mistakes on the part of technicians, manufacturers, or installers without an adequate logging and tracing mechanism. The immediate rescue plan is to choose a transition technology to prevent the potential vulnerabilities associated with medical devices that may lead to loss of life. The chosen transition technology should also provide data intelligence to the device manufacturers, so medical devices could evolve over time and their functionality can be improved^[10]. The social and ethical issues are also a major factor that must be addressed along with federal legislation and privacy.

Table 1. Features Comparison among blockchain, SDN, and LN

	Blockchain	Software Defined Networking	Legacy Networks
Technological Maturity	Experimental	Mature	Outdated
Computational Overhead	Intensive	Near Optimal	Negligible
Scalability	Excellent	Excellent	Good
Adoption Inertia	High	Low	Low
Supporting Enabling Technologies	Absent	Rare	Abundant
Investors Risk	High	Low to Medium	Low
Technology Management	Hard	Easy	NA
Prone to Convectional Security risks	Low	Medium	High

From the comparative analysis given in Table 1., the advent of blockchain has familiar “new-technology-adoption-blues” associated with it. It is also noticeable that blockchain, due to both its functional and architectural design, is less prone to conventional cybersecurity attacks. Without a doubt, security vulnerabilities in blockchain are still to appear. We believe that non-homogenous distribution of core nodes, hybrid modes of blockchain (public vs private), and anticipated diversity in rewards among blockchain-compliant organizations may start the same discrepancies that are forcing us to look for alternative and new secure distributed solutions.

References:

^[1] G. Zheng, R. Shankaran, M. A. Orgun, L. Qiao and K. Saleem, “Ideas and Challenges for Securing Wireless Implantable Medical Devices: A Review,” in IEEE Sensors Journal, vol. 17, no. 3, pp. 562-576, Feb.1, 1 2017.

^[2] G. Zheng, G. Fang, R. Shankaran and M. A. Orgun, “Encryption for Implantable Medical Devices Using Modified One-Time Pads,” in IEEE Access, vol. 3, pp. 825-836, 2015.

^[3] M.E. Peck, “Blockchains: How They Work and Why They’ll Change the World,” in IEEE Spectrum, 28 Sept. 2017.

^[4] M. Pilkington, “Blockchain Technology: Principles and Applications,” Research Handbook on Digital Transformations, edited by F. Xavier Olleros, Majlinda Zhegu and Edward Elgar, 2016.

^[5] Chaudhry, J., Saleem, K., Islam, R., Selamat, A., Ahmed, M., Valli, C., (2017), AZSPM: Autonomic Zero-Knowledge Security Provisioning Model for Medical Control Systems in Fog Computing Environments, pp. 121-127, IEEE, DOI: 10.1109/LCN.Workshops.2017.73.

^[6] A. Hasman, “HL7 RIM: an incoherent standard,” in Ubiquity: Technologies for Better Health in Aging Societies, Proceedings of Mie, vol. 124, p. 133, 2006.

^[7] J. Chaudhry, U. Qidwai, HM. Zeeshan, C. Valli, “Secure Detection of Critical Cardiac Abnormalities for Wireless Body Area Networks. Computer Systems Science and Engineering,” p. 11, Leicester, United Kingdom, CRL Publishing.

^[8] P. Oladimeji, Y. Li, A. Cauchi, P. Eslambolchilar, P. Lee, & H. Thimbleby, “Visualising medical device logs,”,2011.

^[9] MCG OPR Medical devices, “Medical device incident reporting (MDIR) user guide,” 2013.

^[10] Junaid Chaudhry, Samaneh Farmand, Syed M S Islam, et al., “Discovering Trends for the Development of Novel Authentication Applications for Dementia Patients, Advances in Intelligent Systems and Computing,” 2017.

^[11] J. Chaudhry, K. Saleem, R. Islam, A. Selamat, M. Ahmad and C. Valli, “AZSPM: Autonomic Zero-Knowledge Security Provisioning Model for Medical Control Systems in Fog Computing Environments,” 2017 IEEE 42nd Conference on Local Computer Networks Workshops (LCN Workshops), Singapore, 2017, pp. 121-127.

^[12] J. A. Chaudhry and U. A. Qidwai, “On critical point avoidance among mobile terminals in healthcare monitoring applications: Saving lives through reliable communication software,” 2012 IEEE Conference on Open Systems, Kuala Lumpur, 2012, pp. 1-5.

^[13] J. A. Chaudhry and S. Park. Ahsen, “Autonomic healing-based self-management engine for network management in hybrid networks.” In GPC, pp. 193-203, 2007.

^[14] 14. E. Germano da Silva, L. A. Dias Knob, J. A. Wickboldt, L. P. Gaspary, L. Z. Granville and A. Schaeffer-Filho, “Capitalizing on SDN-based SCADA systems: An anti-eavesdropping case-study,” 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), Ottawa, ON, 2015, pp. 165-173.

Dr. Chaudhry

Dr. Chaudhry is Cyber Security faculty at College of Security and Intelligence, Embry-Riddle Aeronautical University, Prescott, Arizona. Junaid has over 15 years of exciting experience in academia, industry, law- enforcement, and in the corporate world in the information and cyber security domain. After getting his Ph.D. in Cyber Security from Ajou University, Dr. Chaudhry obtained training at Harvard Business School, University of Amsterdam, and Kaspersky Research Lab in cyber hunting and training. He is a Senior Member of IEEE, a Practicing Engineer, member of High Technology Crime Investigation Association (HTCIA), Australian Computing Society, Australian Information Security Association, and frequently volunteers in promotion of science through public speaking, conference organisation, and by editing the scientific journals (i.e., IEEE Access, Computer and Security by Elsevier, IEEE Internet Policy and IEEE Future Directions), and serving as a board member of tech startups. He has authored three books and 75+ research papers. He received awards for his research achievements from Government of South Korea, Qatar, Pakistan and from Saudi Arabia. Dr. Chaudhry believes in collaborative research and actively seeks opportunities to collaborate in developing solutions in cross disciplinary domains.

Ali Kashif Bashir

Ali Kashif Bashir (M’15, SM’16) is working as an Associate Professor in Faculty of Science and Technology, University of the Faroe Islands, Faroe Islands, Denmark. He received his Ph.D. degree in computer science and engineering from Korea University, South Korea. In the past, he held appointments with Osaka University, Japan; Nara National College of Technology, Japan; the National Fusion Research Institute, South Korea; Southern Power Company Ltd., South Korea, and the Seoul Metropolitan Government, South Korea. He is also attached to Advanced Network Architecture Lab as a joint researcher. He is supervising/co-supervising several graduate (MS and PhD) students. His research interests include: cloud computing, NFV/SDN, network virtualization, network security, IoT, computer networks, RFID, sensor networks, wireless networks, and distributed computing. He is serving as the Editor-in-chief of the IEEE INTERNET TECHNOLOGY POLICY NEWSLETTER and the IEEE FUTURE DIRECTIONS NEWSLETTER. He is an Editorial Board Member of journals, such as the IEEE ACCESS, the Journal of Sensor Networks, and the Data Communications. He has also served/serving as guest editor on several special issues in journals of IEEE, Elsevier, and Springer. He is actively involved in organizing workshops and conferences. He has chaired several conference sessions, gave several invited and keynote talks, and reviewed the technology leading articles for journals, such as the IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, the IEEE Communication Magazine, the IEEE COMMUNICATION LETTERS, IEEE Internet of Things, and the IEICE Journals, and conferences, such as the IEEE Infocom, the IEEE ICC, the IEEE Globecom, and the IEEE Cloud of Things.

Dr. Ahmed

Dr. Ahmed (S’13 – M’17) completed his B.S in Computer Science from Kohat University of Science & Technology (KUST), Pakistan and Masters combined Ph.D. Degree from School of Computer Science and Engineering (SCSE), Kyungpook National University (KNU), Republic of Korea. In summer 2015, he was also a visiting researcher at the Georgia Tech, Atlanta, USA. Collectively, Dr. Hassan authored/co-authored over 100 international publications including Journal articles, Conference Proceedings, Book Chapters, and 02 books. From the year 2014 to 2016, he consequently won the Research Contribution awards by SCSE at KNU, Korea. In 2016, his work on robust content retrieval in future vehicular networks lead him to win the Qualcomm Innovation Award at KNU, Korea. Currently, Dr. Hassan is a Post-Doctoral Fellow in the Department of Electrical and Computer Engineering, University of Central Florida, Orlando, FL, USA. His research interests include Sensor and Ad hoc Networks, Cyber-Physical Systems, Vehicular Communications and Future Internet.

Dr. Haass

Dr. Haass is the founding professor and department chair of the Cyber Intelligence and Security degree program at the nation’s first College of Security and Intelligence at Embry-Riddle Aeronautical University. He is author and presenter of articles in a variety of subject areas including Cyber Threat Intelligence Sharing. Dr. Haass serves as advisory board member for the Arizona Cyber Threat Response Alliance (ACTRA), a regional information sharing and analysis organization that includes companies in 14 of the critical infrastructure sectors. He received his Ph.D. from MIT where he also served after graduation as a CLE Moore Instructor before starting his first company. His areas of research interest include the security issues associated with connected cyber-physical systems that encompass aircraft, cars, industrial controls, and medical devices. /

Dr. Zheng

Dr. Zheng (S’13 -- M’17) received his Ph.D. degree in computer science from the Macquarie University, Sydney, Australia, in 2017, with the thesis title “Securing wireless implantable medical devices using electrocardiogram signals”. He completed his B.E. and M.E. from the Nanjing University of Aeronautics and Astronautics, Nanjing, China, in 2006 and 2009, respectively. Dr. Guanglou is now a Post-Doctoral Researcher with the Security Research Institute, Edith Cowan University (ECU), Perth, Australia. His research interests include wireless network security, medical system security, biometrics, IoT security, cyber-physical system security, spacecraft orbit determination, GPS/GNSS, and precise navigation and positioning technologies.

Editor:

Muhammed Bilal

Muhammad Bilal is an assistant professor of Computer Science in the Department of Computer and Electronic Systems Engineering at Hankuk University of Foreign Studies, Yongin, Rep. of Korea. He received his Ph.D. degree in Information and Communication Network Engineering from Korea University of Science and Technology, School of Electronics and Telecommunications Research Institute (ETRI), MS in Computer Engineering from Chosun University, Gwangju, Rep. of Korea, and a BS degree in Computer Systems Engineering from the University of Engineering and Technology, Peshawar, Pakistan. Prior to joining Hankuk University of Foreign Studies, he was a postdoctoral research fellow at Smart Quantum Communication Center, Korea University. He has served as a reviewer of various international journals including IEEE Systems Journal, IEEE Access, IEEE Communications Letters, IEEE Transactions on Network and Service Management, Journal of Network and Computer Applications, Personal and Ubiquitous Computing and International Journal of Communication Systems. He has also served as a program committee member on many international conferences. His primary research interests are Design and Analysis of Network Protocols, Network Architecture, Network Security, IoT, Named Data Networking, Cryptology and Future Internet.