City Research Online

Authentication for Operators of Critical Medical Devices: A Contribution to Analysis of Design Trade-offs

Gadala, M., Strigini, L. ORCID: 0000-0002-4246-2866 & Fujdiak, R. (2022). Authentication for Operators of Critical Medical Devices: A Contribution to Analysis of Design Trade-offs. In: Proceedings of the 17th International Conference on Availability, Reliability and Security. . ACM. ISBN 9781450396707 doi: 10.1145/3538969.3544474


Increasingly evident safety risks due to attacks on safety-critical devices are causing new requirements for authentication of these devices’ human operators. These requirements have now extended to medical devices. However, authentication may also introduce new safety risks, reduce usability, cause delays, and/or encourage user behaviors that compromise the very security it should protect. Thus, design of authentication mechanisms needs to take on a holistic approach that considers such interrelationships, and the effects not just of the general method chosen (say, passwords vs. fingerprints), but also of its implementation details. We illustrate this problem on a medical case study. We report early steps in a trade-off analysis that captures interactions between safety, security, usability and performance issues, to assist designers in choosing and tuning viable solutions. A qualitative analysis to narrow down the field of possible solutions is followed by a probabilistic analysis. The analyses highlight non-obvious links between system attributes, especially links due to the complex way humans interact with, and adapt to, such devices. The probabilistic analysis systematically describes risk as a function of the authentication method and its design parameters. We show example results quantifying how some key design parameters produce opposite effects on risk due to accidental and malicious causes, requiring a trade-off: the quantitative model allows the designer to manage this trade-off to achieve an acceptable level of overall risk, taking into account environmental factors like the expected prevalence of certain attack types. Both the qualitative and quantitative approaches aim to help device designers make rational decisions about authentication options and the tuning of their design parameters.

Publication Type: Conference or Workshop Item (Paper)
Additional Information: © 2022 Copyright held by the owner/author(s).
Publisher Keywords: authentication,medical security,trade-offs,access control,medical devices,safety risk,usability,qualitative analysis,probabilistic model,critical device,grace period
Subjects: Q Science > QA Mathematics > QA76 Computer software
R Medicine > RA Public aspects of medicine > RA0421 Public health. Hygiene. Preventive Medicine
T Technology > T Technology (General)
Departments: School of Science & Technology > Computer Science
School of Science & Technology > Computer Science > Software Reliability
Text - Published Version
Available under License Creative Commons Attribution.

Download (532kB) | Preview



Downloads per month over past year

View more statistics

Actions (login required)

Admin Login Admin Login