Protecting interoperable clinical environment with authentication

Abstract

The Integrated Clinical Environment (ICE) is a standard dedicated to promote open coordination of heterogeneous medical devices in a plug-and-play manner. This carries the potential to radically improve medical care through coordinating, cooperating devices, but also to undermine the patient safety by giving rise to security vulnerabilities in the cyber world. In this paper, we propose an authentication framework as the first step to build an ICE security architecture. This framework is designed in a three-layered structure, allowing it to fit in the variety of authentication requirements from different ICE entities and of networking middleware from ICE instantiations. We implement the authentication framework on OpenICE, an open source ICE instantiation. Our experiments shows that the framework can help OpenICE mitigate the vulnerabilities caused by forged identity with negligible performance overload.

\setcopyright

acmcopyright

\conferenceinfo

MCPS’16 Vienna, Austria

\numberofauthors

5

\printccsdesc\keywords

Integrated Clinical Environment; Authentication; Medical cyber physical system

Introduction

Emerging interoperable medical systems indicate a promising future for the healthcare domain: coordinating medical devices from different vendors together to accomplish a clinical mission. Many case studies (Arney 2009, Arney 2011, King 2010, King 2009, King 2014, Taylor 2014) have shown that enabling the interoperability of medical systems can reduce medical errors and improve the productivity of medical care, as compared to the traditional practices that rely upon disconnected, standalone devices. An exemplar effort of promoting medical device interoperability is the ASTM F2761 standard (ASTM F2761-09(2013), ...), which defines a model-based system architecture to capture the general design principles of integrating cross-manufacturer medical devices to create an Integrated Clinical Environment (ICE). The ICE architecture defined in the ASTM F2761 standard, as illustrated in Figure \ref{fig:ice-arch}, consists of two major components: the supervisor and the network controller. The supervisor hosts ICE applications that interact with medical devices and communicates with external information systems such as an electronic health record (EHR) system. The network controller facilitates communications between the supervisor and the medical devices. Whenever a device connects to an ICE system, the network controller discovers the device and sets up the communication channel for it. Since its publication, the ASTM F2761 standard has been adopted by many stakeholders, such as Massachusetts General Hospital, Draeger Medical Systems and Kansas State University, to develop interoperable medical systems compliant to the ICE architecture. We refer to such systems as ICE systems in the rest of the paper.