top of page

Technical Goals

ENTRUST is dedicated to ensuring end-to-end trust management of medical devices, securing trust and privacy across the entire medical ecosystem. Our comprehensive approach integrates cybersecurity features, formally verified trust models, risk assessment processes, secure lifecycle procedures, robust security policies, and technical recommendations. Explore how ENTRUST's technical goals are reshaping the future of security in the medical domain through precision and innovation. 

01

HOLISTIC Graph-based Cybersecurity & Privacy Risk Assessment: Framework for the dynamic calculation and maintenance of the risk graph concerning the entire Connected Medical Devices (CMDs) ecosystem capable of also considering the identification of zero-day exploits. 

02

Trust Assessment Framework using Subjective Logic: Library of data harmonization and trust management techniques for extracting (during runtime) the types of security claims that need to be produced by devices as measures of evidence on their trustworthiness.

03

Digital Twin Prototype for Misbehaviour Detection & Attack Validation: Offers the capabilities to launch virtualized representations of the medical devices capturing all of their operational profiles and interconnections for enabling real-time device monitoring software-based attack simulation and validation. 

04

Trust Protocols: Mechanisms for building communities of chains of trusted devices by producing verifiable evidence on the correct configuration and operations of the target devices. 

05

Virtualized TC-based Extensions: Trusted Execution Environments (TEEs) for protecting the execution of sensitive workloads.

06

Remote Attestation Enablers: Measures the integrity of all executables and libraries before loading them to the volatile memory, providing trustworthy and privacy-aware support for CMDs.

07

Verifiable Credentials Bridge: Library for the creation & management of verifiable credentials towards trust-aware authorization and authentication based on the Self Sovereign Identity (SSI) standards.

08

Blockchain Data Brokerage Engine: Lightweight crypto mechanisms, leveraging Trusted Platform Module (TPM) based wallets, for the secure on- and off-chain data and knowledge extraction. 

09

Portable Devices Testbed: Adaptable testbed offered by Kardinero, comprising various Electrocardiogram (ECG) monitoring and other portable devices. 

10

Ambient Intelligence Testbed: Testbed offered by TLU comprising of a Health gateway acting as a “bridge” for interconnecting multiple heterogeneous medical devices operated under different administrative domains.

11

Smart Ambulance Testbed: Testbed offered by PARTICLE and HESE emulating the patient monitoring system in a (moving) ambulance that continuously sends data to the hospital and will be equipped with various wearable devices. 

12

Mental Health monitoring Testbed: Testbed offered by SL comprising multiple wristband wearable devices capable of monitoring patient physiological signals for assessing their mental health state.

13

AI-based Misbehavior Detection: Module for the detection of potential threats on medical devices, either from external sources or malfunctioning, through dedicated AI/ML algorithms.

14

ENTRUST framework will be integrated into various testbeds offered by use case partners including portable medical devices, gateways in which heterogeneous medical devices are interconnecting, patient monitoring systems that exist in ambulances and multiple wearable devices. In addition, several experiments will be conducted on the above use cases for the verification and evaluation of the ENTRUST framework under special conditions and real case scenarios.

15

MUD/Threat MUD: Module to limit the threat and attack surface of CMDs by allowing manufactures to establish network behaviour profiles for their devices. Each is built around a set of policies that specify the communication’s endpoints with a scalable and flexible approach.

16

Certification and Runtime Auditing: Framework for continuous certification of the device behaviour, monitoring the attestation to identify any misbehaviour and request a possible mitigation based on the MUD and Protection Profile. Or monitoring the manufactures certification in case any Threat MUD is being generated and request new mitigation based on an updated MUD.

bottom of page