ENTRUST D4.1 Conceptual Architecture of ENTRUST Customizable TC & Attestation Models Specifications

The core vision of ENTRUST entails the secure management of the entire lifecycle of Connected Medical Devices (CMDs), starting from their manufacturing and including their deployment and operation within the infrastructure of a healthchare delivery organization. In this regard, Deliverable D4.1 puts forth the core functionalities, building blocks, and engineering stories pertaining to the components and security enablers of ENTRUST dedicated to the maintenance of the trust level of CMDs, as well as the system as a whole. Specifically, we first provide a description of the core building blocks of the Trusted Computing Base (TCB) of ENTRUST, as well as the motivation behind the design choices made for the definition of the Trusted Execution Environment (TEE) for running trusted applications in a secure and isolated manner. Next, we outline the notion of Physical Unclonable Functions (PUFs), whose unique inherent properties are leveraged by ENTRUST for safeguarding resource- constrained CMDs as a solution for obtaining identifiers and cryptographic keys to be utilized by the security enablers of ENTRUST. Considering the above, we provide high-level descriptions of the TCB security architecture of ENTRUST considering the computational capabilities of the devices, i.e., for both high-end and low-end CMDs. Next, we outline the set of cryptographic functionalities provided by ENTRUST for securing the operational lifecycles of CMDs, including novel Attribute-Based Encryption (ABE) and Attribute-Based Signature (ABS) schemes, and we provide information on the security controls needed for establishing the trust level of a CMD during runtime. Finally, we provide functional specifications for the PUF-based functionalities employed in order to support the aforementioned security enablers. Overall, this document provides the basis for the development of the ENTRUST secure management framework, which will be refined and implemented throughout the lifecycle of the project.