xTSeH: A Trusted Platform Module Sharing Scheme Towards Smart IoT-eHealth Devices

摘要

IoT based eHealth system brings a revolution to healthcare industry, with which the old healthcare systems can be updated into smarter and more personalized ones. The practitioners can continue monitoring the physical status of the patients at anytime and anywhere, and develop more precise treatment plans by analyzing the collected data, such as heart rate, blood pressure, blood glucose. Actually, these smart sensors used in eHealth system are smart embedded devices (SED). Due to the limitations on hardware capabilities, these inter-connected SEDs lack of security considerations in design and implementation, and face the threats from the network. To prevent the malicious users (or programs) from tampering with the SEDs, trusted platform module (TPM) is adopted, which can guarantee the system integrity via detecting unauthorized modifications to data and system environment. However, due to the limited scalability and insufficient system resources, not all SEDs can be deployed with TPM chips. To address this issue, in this paper, a TPM extension scheme (xTSeH) is proposed. In xTSeH, we have extended the functions of a TPM deployed in a SED (TSED) to those non-TPM-protected SEDs (N-TSED) via network. A shadow TPM in the form of a kernel module is designed as the trust base for the N-TSED, which is the representative of the TPM in TSED. Then, three protocols are proposed to implement the integrity verification and inter-SED authentication. Finally, a Raspberry Pi based prototype system is designed and implemented. The feasibility and usability of our scheme are proved by the analysis of the experimental results of system performance.