Professor
System Security Laboratory
Center for Advance Security Research
Technical University Darmstadt, Germany

Scientific Director
Fraunhofer Institute for Secure Information Systems, Darmstadt, Germany

Webpage

From IMD to Cloud!

Embedded systems are increasingly deployed in medical applications, where they are used as external or implantable devices for medical diagnosis and therapy purposes (e.g., blood glucose meters and pacemakers).

The correct operation of medical devices is crucial for the patients' safety, and the data collected by them is highly privacy-sensitive. On the one hand, these devices themselves are attractive targets for attacks such as counterfeiting. On the other hand, the information they collect is typically processed by other devices with more computational and storage resources (e.g., smartphones), or by remote diagnosis services in the Cloud, which are also exposed to and subject of various attacks. In particular, emerging context-based applications in complex heterogeneous infrastructures (e.g., hospitals) are highly challenging with respect to security and privacy.

In this talk, we give an overview of our research with regard to various security and privacy aspects in (medical) embedded systems and their underlying infrastructures, representing our ongoing research within several e-health related projects. We consider authentication, identification and attestation of resource-constrained embedded devices based on physical security primitives such as Physically Unclonable Functions (PUFs). We continue with a discussion of the security of smartphones and similar devices, which we envision as (secure) gateways between the medical body area network and the Internet. Trusted Virtual Domains (TVDs) aim to prevent unauthorized updates of medical embedded systems and to restrict access to the collected medical information to groups of heterogeneous devices and users. Finally, we discuss the role of secure computation in this area by considering the use case of privacy-preserving classification of collected medical information by a cloud service.
 

About the speaker:

Prof. Dr.-Ing. Ahmad-Reza Sadeghi is the head of the System Security Lab at the Center for Advance Security Research (Technical University Darmstadt) and the Scientific Director of Fraunhofer Institute for Secure Information Systems (SIT) both in Darmstadt, Germany. He is also guest professor at Ruhr-University Bochum (RUB) in Germany. He received his PhD in Computer Science with the focus on privacy protecting cryptographic systems from the University of Saarland in Saarbrücken Germany. Prior to academia, he worked in Research and Development of Telecommunications enterprises, amongst others Ericson Telecommunications. Currently, Prof. Sadeghi leads several international research and development projects on design and implementation of trustworthy computing platforms and trusted computing, security hardware, particularly Physically Unclonable Functions (PUF), Cryptographic Privacy-protecting Systems, and cryptographic compilers (in particular for secure computation). He has been serving as a program chair or committee member for a variety of conferences and workshops on information security, trusted computing and applied cryptography. He is on Editorial Board of the ACM Transactions on Information and System Security. Prof. Sadeghi has been awarded with the renowned German award “Karl Heinz Beckurts” for his research on Trusted Computing technology and its transfer to industrial practice. The award honors excellent scientific achievements that gave visible industrial innovations in Germany. Further, his group received the second prize of German IT Security Competition Award 2010. His main research interests are security architectures, cryptographic protocols and security hardware.