Developing Secure Solutions for CPS in Healthcare.
Providing real-time, end-to-end security for healthcare's cyber-physical systems, protecting patient data and preventing breaches.
Created on 29th May 2025
•
Developing Secure Solutions for CPS in Healthcare.
Providing real-time, end-to-end security for healthcare's cyber-physical systems, protecting patient data and preventing breaches.
The problem Developing Secure Solutions for CPS in Healthcare. solves
Our project directly addresses the critical challenge of insecure data transmission and integration within Cyber-Physical Systems (CPS) in healthcare. Currently, vital patient data flowing from monitoring devices, sensors, and medical equipment is highly susceptible to breaches due to inadequate security, threatening privacy and safety.
How it helps:
For Patients & Remote Care: It ensures personal health data from smart devices (like smartwatches or home monitoring sensors) is transmitted securely and encrypted to providers. This enables safer remote patient monitoring, allowing continuous care while safeguarding sensitive information from interception or tampering.
For Hospitals & Clinics: Our solution provides a standardized, secure backbone for integrating diverse medical devices into existing IT infrastructure. It drastically reduces the risk of costly data breaches and helps organizations meet stringent regulatory compliance (e.g., HIPAA). Hospital IT teams can deploy and manage CPS with greater confidence, knowing data is protected end-to-end.
For Medical Device Manufacturers: It offers a robust, modular, and easily integrable security layer for their products, enhancing device security out-of-the-box.
Ultimately, our project makes healthcare data management safer, more reliable, and easier to integrate across various interconnected systems, ensuring patient trust and safeguarding critical health information.
Challenges we ran into
One significant challenge we ran into was implementing efficient and robust end-to-end encryption from resource-constrained ESP32 IoT devices to our cloud backend while maintaining real-time performance.
The Hurdle: Our initial attempts to use standard, heavy-duty encryption protocols (like full TLS/SSL over MQTT) directly on the ESP32 consumed significant processing power and memory. This resulted in noticeable latency in real-time data transmission and rapid battery drain for the connected sensors (simulated by ESP32), directly clashing with our "real-time secure data" requirement. Ensuring seamless decryption and verification across different languages (C++ on ESP32, Kotlin on Android, Java on Spring Boot) also presented interoperability bugs.
How We Got Over It:
Optimized Symmetric Encryption: We transitioned to a more lightweight and efficient symmetric encryption algorithm (AES-256 in GCM mode) for the raw data payloads. We extensively leveraged hardware acceleration features available on the ESP32 via optimized libraries.
Secure, Infrequent Key Exchange: Instead of full TLS handshakes for every packet, we established a secure, infrequent key exchange mechanism. During initial device pairing via the authenticated Android app, a unique session key was securely established and pushed to the ESP32. This key is periodically rotated to maintain security.
Payload Optimization: We designed a compact data payload format and implemented minimal data batching on the ESP32. This reduced the number of encryption operations, optimizing both performance and power consumption.
Cross-Language Consistency: Meticulous effort was put into ensuring consistent implementation of the chosen encryption scheme and key derivation functions across C++ (ESP32), Kotlin (Android app), and Java (Spring Boot backend) to prevent decryption or verification failures.