German Project (PQC4MED) to Develop Post-Quantum Cryptographic Update Method for Medical Devices

Protection from attacks by quantum computers: DFKI starts project for long-term encryption of medical data

Excerpts and salient points ~

+  While patient data requires a particularly high level of protection, the medical devices that record and process this data are designed for long-term usage due to their complexity and acquisition costs. For this reason, the Cyber-Physical Systems research group of the DFKI led by Prof. Dr. Rolf Drechsler and several partners have started the project “PCQ-Technologies for the Data Protection in Medical Care in Germany (PQC4MED”. The aim is to develop new long-term update mechanisms, guaranteeing that medical devices can be equipped with the most current cryptographic methods and are thus protected from quantum computers on the long run.

The project “PQC4MED” is funded by the Federal Ministry for Education and Science (BMBF) with roughly 690 000 Euros. The run time amounts to 36 months; the completion of the project is set for 31 October 2022. Until then, the determination of standards for PQC methods that can be deployed via the update platform is also expected.

+  The ability of devices to update their encryption is called crypto-agility. This capacity for updates is an important criterion especially for embedded systems, as their exchange is more cost-intensive and, due to their different components, riskier in comparison to individual computer systems. For this reason, the project “PQC4MED” involves creating an update platform for embedded system in medical technology that allows crypto-agility both on a hardware and software level and thus enables the future deployment of QC resistant algorithms.

+  An important part in this QC resistance is the secure element (SE), a chip that guarantees the protection of processed data in a device and therefore plays a vital role during a possible attack by a quantum computer. For this reason, the project includes the development of a secure element that can be updated with new encryption methods. This work is based upon cryptographic standards that are currently being determined regarding their resistance against quantum computing. But also medical devices that are already in use are meant to be made crypto-agile via new updating methods. This would make the exchange of secure elements avoidable.

Source:  MEDIZIN ASPEKTE.  Prof. Dr.-Ing. Tim Erhan Güneysu,  Protection from attacks by quantum computers: DFKI starts project for long-term encryption of medical data…

Content may have been edited for style and clarity.