Project description
Improving cybersecurity in connected healthcare
Cyberattacks targeting healthcare networks could potentially compromise clinical data, personal health information and proprietary research initiatives. The EU-funded ENTRUST project will seek to tackle the lack of cybersecurity implementations in connected medical devices without limiting their wide applicability. The proposed trust management architecture will dynamically and holistically manage the life cycle of connected medical devices, strengthening trust and privacy in the entire medical ecosystem. This includes formally verified trust models, risk assessment processes, secure life cycle procedures, security policies, technical recommendations and real-time conformity certificates. The added value and effectiveness of the ENTRUST Trust Management Framework will be validated and evaluated in four real-world use cases ranging from wearable and medical devices used for remote patient monitoring to high-end stationery equipment used in hospitals and clinics.
Objective
Aligned with the guidelines of the Cybersecurity Act and the existing guidance on cybersecurity for medical devices, ENTRUST envisions a Trust Management Architecture intended to dynamically and holistically manage the lifecycle of connected medical devices, strengthening trust and privacy in the entire medical ecosystem. Even from the proposal stage, ENTRUST has identified gaps and necessary revisions of the current guidance (e.g. absence of post-market conformity and certification, real-time surveillance and corrective mechanisms – see 1.2.2). Towards that ENTRUST will leverage a series of breakthrough solutions to enhance assurance without limiting the applicability of connected medical devices by enclosing to them cybersecurity features. The project will introduce a novel remote attestation mechanism to ensure the device’s correct operation at runtime regardless of its computational power; will be efficient enough to run in also resource-constrained real-time systems such as the medical devices. This will be accompanied by dynamic trust assessment models capable of identifying the Required Level of Trustworthiness (RTL) per device and function (service) that will then be verified through a new breed of efficient, attestation mechanisms (to be deployed and executed during runtime). This will also enable us to be aligned with the existing standards on defining appropriate Protection profiles per device (especially considering the heterogeneous types of medical devices provided by different vendors with different requirements) including Targets of Validation Properties to be attested during runtime. The motivation behind ENTRUST is to ensure end-to-end trust management of medical devices including formally verified trust models, risk assessment process, secure lifecycle procedures, security policies, technical recommendations, and the first-ever real-time Conformity Certificates to safeguard connected medical devices.
Fields of science
Keywords
Programme(s)
Funding Scheme
HORIZON-RIA - HORIZON Research and Innovation ActionsCoordinator
8070 Bertrange
Luxembourg
See on map
Participants (18)
Legal entity other than a subcontractor which is affiliated or legally linked to a participant. The entity carries out work under the conditions laid down in the Grant Agreement, supplies goods or provides services for the action, but did not sign the Grant Agreement. A third party abides by the rules applicable to its related participant under the Grant Agreement with regard to eligibility of costs and control of expenditure.
176 71 Athina
See on map
5612 AE Eindhoven
See on map
7034 Trondheim
See on map
30003 Murcia
See on map
185 33 PIRAEUS
See on map
062204 Bucuresti
See on map
407062 Suceagu
See on map
153 41 Aghia Paraskevi Athina
See on map
11632 Athina
See on map
The organization defined itself as SME (small and medium-sized enterprise) at the time the Grant Agreement was signed.
Legal entity other than a subcontractor which is affiliated or legally linked to a participant. The entity carries out work under the conditions laid down in the Grant Agreement, supplies goods or provides services for the action, but did not sign the Grant Agreement. A third party abides by the rules applicable to its related participant under the Grant Agreement with regard to eligibility of costs and control of expenditure.
15231 CHALANDRI
See on map
The organization defined itself as SME (small and medium-sized enterprise) at the time the Grant Agreement was signed.
2042 Nicosia
See on map
The organization defined itself as SME (small and medium-sized enterprise) at the time the Grant Agreement was signed.
1366 Lysaker
See on map
The organization defined itself as SME (small and medium-sized enterprise) at the time the Grant Agreement was signed.
94140 Alfortville
See on map
The organization defined itself as SME (small and medium-sized enterprise) at the time the Grant Agreement was signed.
3013 Limassol
See on map
The organization defined itself as SME (small and medium-sized enterprise) at the time the Grant Agreement was signed.
06800 Ankara
See on map
The organization defined itself as SME (small and medium-sized enterprise) at the time the Grant Agreement was signed.
152 35 CHALANDRI
See on map
The organization defined itself as SME (small and medium-sized enterprise) at the time the Grant Agreement was signed.
1500 618 Lisbon
See on map
The organization defined itself as SME (small and medium-sized enterprise) at the time the Grant Agreement was signed.
7000-811 EVORA
See on map
Partners (2)
Partner organisations contribute to the implementation of the action, but do not sign the Grant Agreement.
1209 Geneva
See on map
Partner organisations contribute to the implementation of the action, but do not sign the Grant Agreement.
GU2 7XH Guildford
See on map