Low-energy encryption for medical devices: Security adds an extra design dimension

Smart medical devices will only be smart if they also include technology to provide security and privacy. In practice this means the inclusion of cryptographic algorithms of sufficient cryptographic strength. For battery operated devices or for passively powered devices, these cryptographic algorithms need highly efficient, low power, low energy realizations. Moreover, unique to cryptographic implementations is that they also need protection against physical tampering either active or passive. This means that countermeasures need to be included during the design process. Similar to design for low energy, design for physical protection needs to be addressed at all design abstraction levels. Differently, while skipping one optimization step in a design for low energy or low power, merely reduces the battery life time, skipping a countermeasure, means opening the door for a possible attack. Designing for security requires a thorough threat analysis and a balanced selection of countermeasures. This paper will discuss the different abstraction layers and design methods applied to obtain low power/low energy and at the same time side-channel and fault attack resistant cryptographic implementations. To provide a variety of security features, including location privacy, it is clear that medical devices need public key cryptography (PKC). It will be illustrated with the design of a low energy elliptic curve based public key programmable co-processor. It only needs 5.1μJ of energy in a 0.13 μm CMOS technology for one point multiplication and includes a selected set of countermeasures against physical attacks.