Secure software attestation for military telesurgical robot systems

Telesurgical robot systems (TRS) are often deployed in unattended environments such as battlefields or rural areas. Therefore, adversaries can easily access the devices, compromise the system, and install their own malware. If the integrity and health of the system software and configuration files are not verified before their usage, the safety and lives of the injured soldiers and patients may be in danger. Many existing software attestation mechanisms depend on the calculation delay to distinguish a correct memory image from a compromised system. We cannot directly apply this technique to transcontinental TRS when we consider the long transmission delay between the verifier and the prover. In this paper, we propose a software attestation mechanism that can distinguish between these two kinds of delay. A secure communication protocol among the verifier, telesurgical robot, and secure token of the remote medical personnel is designed. The safety of the approach is analyzed and its overhead is evaluated.

[1]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[2]  Bart Preneel,et al.  A survey of recent developments in cryptographic algorithms for smart cards , 2007, Comput. Networks.

[3]  Blake Hannaford,et al.  The RAVEN: Design and Validation of a Telesurgery System , 2009, Int. J. Robotics Res..

[4]  Young-Geun Choi,et al.  Proactive Code Verification Protocol in Wireless Sensor Network , 2007, ICCSA.

[5]  Ahmad-Reza Sadeghi,et al.  Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks , 2009, STC '09.

[6]  A. van Wynsberghe,et al.  Telesurgery: an ethical appraisal , 2008, Journal of Medical Ethics.

[7]  N. Dowler,et al.  Safety issues in telesurgery-summary , 1995 .

[8]  Zheng Zhi-ming,et al.  Digital signature systems based on smart card and fingerprint feature , 2007 .

[9]  Robert H. Deng,et al.  Secure the image-based simulated telesurgery system , 2003, Proceedings of the 2003 International Symposium on Circuits and Systems, 2003. ISCAS '03..

[10]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[11]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[12]  Markus G. Kuhn,et al.  Known Attacks against Smartcards , 2022 .

[13]  Felix C. Freiling,et al.  Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms , 2009, USENIX Security Symposium.

[14]  Sencun Zhu,et al.  Distributed Software-based Attestation for Node Compromise Detection in Sensor Networks , 2007, 2007 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007).

[15]  Elske Ammenwerth,et al.  End-to-end Security in Telemedical Networks - A Practical Guideline , 2007, Int. J. Medical Informatics.

[16]  Blake Hannaford,et al.  Telesurgery Via Unmanned Aerial Vehicle (UAV) with a Field Deployable Surgical Robot , 2007, MMVR.

[17]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[18]  Carl A. Gunter,et al.  Cumulative Attestation Kernels for Embedded Systems , 2009, IEEE Transactions on Smart Grid.

[19]  Bruno Blanchet,et al.  Automatic verification of correspondences for security protocols , 2008, J. Comput. Secur..

[20]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[21]  Diomidis Spinellis,et al.  Trusted third party services for deploying secure telemedical applications over the WWW , 1999, Comput. Secur..

[22]  Claudio Soriente,et al.  On the difficulty of software-based attestation of embedded devices , 2009, CCS.

[23]  Yongdae Kim,et al.  Remote Software-Based Attestation for Wireless Sensors , 2005, ESAS.

[24]  Helena Handschuh,et al.  Smart Card Crypto-Coprocessors for Public-Key Cryptography , 1998, CARDIS.