On the security of MQ cryptographic systems for constructing secure Internet of medical things

Abstract

The Internet of Medical Things (IoMTs) are the group of medical devices connected to Internet, to perform the processes and services that support healthcare. The amount of data handled by medical devices grows exponentially, which means higher exposure of personal sensitive data. RSA, ECC and, other related public key cryptographic systems with countermeasures of power analysis and fault analysis, e.g., random masking, are often adapted by medical devices for guaranteing security and privacy. However, Shor algorithm has proven that they are not secure to quantum computer attacks. Fortunately, there exists a few quantum-resistant public key cryptographic schemes, e.g., Rainbow. To ensure end-to-end service delivery in the IoMTs under quantum attacks, there is a critical need for research into new designs and evaluation for the hardware security of new quantum-resistance cryptographic systems, e.g., rainbow, to make the medical devices more secure and reliable. Therefore, we present a physical analysis model of Rainbow by combining fault analysis and differential power analysis. The proposed model is implemented on cloud computing platform. Based on the experimental results, we successfully recover all the secret keys of Rainbow signature, which shows the importance of protecting multivariate signature with countermeasures on medical devices.