New IoT security framework from CISCO for healthcare devices

iot security framework

The Internet of Things (IoT) is the talk of the town and holds major promises throughout health sector given its advantages and widespread coverage. But it also presents a set of new challenges to overcome, especially regarding privacy and security in Proactive Personal eHealth. In this article, we shall carefully examine the safety, the importance of IoT security framework and limitations of new security framework provided by CISCO for healthcare devices.

What is new IoT security framework from CISCO?

The 1990s saw the advent of several e-related terms bound to change forever the way society worked. It saw the rise of emails, followed by e-commerce that enabled new ways to conduct business and financial transactions through the Internet. Finally, came eHealth that brought the promise to improve health care system by leveraging Information and Communication Technologies (ICT).

The term “Internet of Things” was formerly associated with applications that involve Radio Frequency Identification (RFID). Lately, IoT also encompasses “Machine to Machine communication” (M2M). It is used by academic institutions, professional bodies, and standards organizations. Few methods are: monitoring systems for the elderly or post trauma patients or physically and mentally ill patients, blood glucose, blood pressure, pulse oximetry, or heart monitoring. The IoT landscape, enterprise, networking, endpoint devices, cloud-based services, data storage,  and federated access are few aspects of IoT that should be taken into legal consideration for the proper execution of health services and prevent mismanagement.

To address the highly diverse IoT environment and the related security challenges, a flexible security framework is required. CISCO has offered a new security framework for this purpose. The IoT/M2M endpoints should be fingerprinted by measures that do not require human interaction. Such identifiers include  X.509 certificates, shared secret, radio-frequency identification (RFID), the MAC address of the endpoint, or some immutable hardware based root of trust. Authorization builds upon the core authentication layer by gathering the identity information of an entity. It includes all objects that transport and route endpoint traffic safely over the infrastructure, whether it’s management, control, or actual data traffic. Finally, the secure analytics layer envelops all elements that may participate to provide telemetry which helps to gain visibility and monitoring the IoT/M2M ecosystem.

The architecture for e-Health requires considering six C’s of the life cycle of devices: Connection, Collection, Correlation, Calculation, Conclusion, and Collaboration. It should also support an interoperable ecosystem of different types of applications, devices, and back-end systems to enable the free flow of information to increase precision and access to data.

Recommended for you
Live hacking of medical devices 
Medical devices meet IT: Integration challenges 
Regulatory and policy framework for medical devices in India

Why is it important?

Following four things are required for securing the IoT environment:

  1. Authentication
  2. Authorization
  3. Network Enforced Policy Secure Analytics
  4. Visibility and Control

With increased applications of IoT/M2M in our daily lives like industrial control, transportation, smart grid or healthcare verticals, it has become essential to secure IoT/M2M system. As IP networks are continuously adopted, IoT/M2M systems have increasingly become favorite targets for hackers regarding both sophistication and magnitude of the attack. Primary not only brings harm to companies, organizations, nations, and people but affects their production with significant damage to life and potential drug discovery and diagnosis.

Device identity and mechanisms to authenticate it are two fundamental elements to secure IoT/M2M. The secure encryption routes used nowadays are Advanced Encryption Suite (AES) for private data transport, Rivest-Shamir-Adleman (RSA) for digital signatures and key transport and Diffie-Hellman (DH) for critical negotiations and management. Although they are robust, the high computational platform is unavailable in all IoT devices. Appropriate re-engineering is required to accommodate our new IoT world.

Also, the protocols require user-intervention regarding configuration and provisioning, which makes it susceptible to tampering, theft and other forms of compromise throughout its usable life. Additionally, increasing privacy, solving problems due to geographical position, strengthening identities, DNS, etc. make it important to adopt a new security framework.

How good is it?

Privacy has been the primary concern with the introduction of IoT which can be secured to the proposed security framework. They are relevant to health care that falls within the realm of IoT.  For example,  the monitoring of vital statistics for patients at home, or tracking of medical equipment in a hospital are few instances where it plays an important role. The framework is flexible and straightforward enough to be applied to all devices residing in IoT regime.


The four layers of the security framework devised by CISCO require

  • the large memory system
  • heavy CPU system.

Does it deliver 100 percent protection from threats by leveraging this framework? Unfortunately, no. The big data and analytics platforms shall play a fundamental role in improving the security in coming years.

Future predictions in medical sector

IoT presents new challenges to network and security architects. Smarter security systems that include managed anomaly detection, threat detection and predictive analysis need to evolve. According to Cisco’s prediction, there will be 50 billion devices by the year 2020. It is fair to claim that judging by the rate at which innovations in the bio sensor market are progressing and the increasing use of the data to inform decisions, healthcare will see its share of devices in the IoT space. Based on how the devices are connected to the patient, the devices can be classified into implantable, wearable, unconnected, or connected on a need basis.

With the increase in the number of apps and devices, it is important to raise our bars to reduce tampering, hacking and mismanagement of medical devices like blood pressure monitoring device, heart rate monitor, etc.

For the instrument and communication channel, one should:

  • Secure Boot the device for boot loader authenticity, platform integrity check, and storage of the secret keys
  • Securely store data
  • Make device identification unique
  • Ensure data integrity
  • Necessitate mutual authentication
  • Maintain data confidentiality

Image credit:


Leave a reply

Your email address will not be published. Required fields are marked *


© 2018 Dr. Hempel Digital Health Network

Dr. Hempel Digital Health Network is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to


Log in with your credentials

Forgot your details?