Authentication for Operators of Critical Medical Devices: A Contribution to Analysis of Design Trade-offs
Gadala, M., Strigini, L. ORCID: 0000-0002-4246-2866 & Fujdiak, R. (2022). Authentication for Operators of Critical Medical Devices: A Contribution to Analysis of Design Trade-offs. In: Proceedings of the 17th International Conference on Availability, Reliability and Security. ARES 20222: The 17th International Conference on Availability, Reliability and Security, 23-26 Aug 2022, Vienna, Austria. doi: 10.1145/3538969.3544474
Abstract
Increasingly evident safety risks due to attacks on safety-critical devices are causing new requirements for authentication of these devices’ human operators. These requirements have now extended to medical devices. However, authentication may also introduce new safety risks, reduce usability, cause delays, and/or encourage user behaviors that compromise the very security it should protect. Thus, design of authentication mechanisms needs to take on a holistic approach that considers such interrelationships, and the effects not just of the general method chosen (say, passwords vs. fingerprints), but also of its implementation details. We illustrate this problem on a medical case study. We report early steps in a trade-off analysis that captures interactions between safety, security, usability and performance issues, to assist designers in choosing and tuning viable solutions. A qualitative analysis to narrow down the field of possible solutions is followed by a probabilistic analysis. The analyses highlight non-obvious links between system attributes, especially links due to the complex way humans interact with, and adapt to, such devices. The probabilistic analysis systematically describes risk as a function of the authentication method and its design parameters. We show example results quantifying how some key design parameters produce opposite effects on risk due to accidental and malicious causes, requiring a trade-off: the quantitative model allows the designer to manage this trade-off to achieve an acceptable level of overall risk, taking into account environmental factors like the expected prevalence of certain attack types. Both the qualitative and quantitative approaches aim to help device designers make rational decisions about authentication options and the tuning of their design parameters.
Publication Type: | Conference or Workshop Item (Paper) |
---|---|
Additional Information: | © 2022 Copyright held by the owner/author(s). |
Publisher Keywords: | authentication,medical security,trade-offs,access control,medical devices,safety risk,usability,qualitative analysis,probabilistic model,critical device,grace period |
Subjects: | Q Science > QA Mathematics > QA76 Computer software R Medicine > RA Public aspects of medicine > RA0421 Public health. Hygiene. Preventive Medicine T Technology > T Technology (General) |
Departments: | School of Science & Technology > Computer Science School of Science & Technology > Computer Science > Software Reliability |
Available under License Creative Commons Attribution.
Download (532kB) | Preview