»Challenges of X.509 certs«
2019-11-09, 17:50–18:00, Blue Day

The application of IoT security to medical devices fails from a clinical perspective. This session will explore the growing debate on whether the use of X.509 certificates is the right solution to securing medical devices.

As shown by the tripling of the DefCon Biohacking Village over the last couple of years, the threats that connected medical devices present to patient safety are starting to be understood by the healthcare ecosystem.

Those who have looked into the problem have seen that the application of IoT security to medical devices fails from a clinical perspective. One of the growing areas of disagreement is whether the use of X.509 certificates is the right solution to securing medical devices.

While the X.509 certificate uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the component contained within the certificate, the nature of medical devices has introduced unique challenges. Devices have unpredictable connectivity, work in an unknown network environment and need to fail in consideration of patient safety. Internet Web-Servers is a different management model than what will work in healthcare, where devices are frequently resource constrained