Nicola Wrachien, staff solutions architect and Brian Blum, senior product marketing manager - Silicon Labs, outlines some practical approaches to optimising power and security in Bluetooth low energy medical devices.
Shutterstock
1082513054
Bluetooth and security concept
Introduction
For the healthcare industry, apart from improved hygiene, reduced bacterial spread, and simpler logistics, the concept of connected, disposable medical devices will make it possible to offer safer, more cost-efficient medical devices to a broader population, as exemplified by the continuous glucose monitor (GGM). However, disposable medical devices must be replaced periodically, meaning that the bill of materials (BOM) must be kept as low as possible to be economically attractive. This article discusses two main (and interrelated) challenges – security and power consumption - to realising practical disposable medical devices powered by coin cell batteries and using the Bluetooth Low Energy (BLE) communications protocol. It also considers some practical solutions Silicon Labs proposes to address them.
Balancing privacy and security with cryptographic overheads
Patients and clinicians use data from remote medical devices to inform their decision-making about treatments meaning corrupt data can have severe consequences for patient health. They can happen deliberately (unwanted intrusion by a third party) or accidentally (due to environmental interference) as data travels from a device to the point of analysis. Privacy is also crucial for medical devices. Even detecting a device’s presence can be regarded as a privacy leak. Another privacy-related security concern is intruders could use an unprotected device to track a wearer’s movements. Therefore, they should not carry information which could allow their detection by an unauthorised third party.
Offloading security from the device microcontroller
Cryptographic techniques like authentication and encryption can help to mitigate security and privacy concerns, but implementing these is very computing intensive, requiring increased power consumption and adversely affecting battery life. A way to overcome this, which also increases device security is to store root encryption keys in a separate security core which communicates with the primary device microcontroller through a mailbox system (instead of shared memory); the security core receives encrypted keys, together with the data to be decrypted/encrypted from the main microcontroller, decrypts the encryption key using the root key, then communicates the encrypted/decrypted data to the main microcontroller using the same mailbox system.
Figure 1 Using a separate security core to protect data against intrusion.
Separate hardware accelerators
Intruders commonly use differential power analysis (DPA) to bypass cryptographic techniques. This approach involves analysing device power consumption while encryption operations are being performed, which can be used to ascertain encryption keys. For this reason, many device manufacturers implement DPA countermeasures, but these increase computing time, power consumption and circuit complexity. Furthermore, using a separate secure element might lead to increased power consumption due to the additional overhead due to communication between the secure element and the main core. A possible solution is to use two hardware accelerators – one on the main microcontroller managing the wireless communications protocol (prioritising speed and low power) and the other on the secure core. While this means that encryption/decryption operations may be slightly slower, it offers greater robustness and security.
Matching power consumption to product lifetime
A device’s battery must strike the optimum balance between having a practical form factor and providing sufficient power over a device's usable lifetime. Some of the other factors that affect the lifetime of a wearable medical device include chemical degradation and hygiene. A glucose monitor, for example, has a microneedle coated with glucose oxidase. When inserted subcutaneously, the needle suffers a degree of chemical degradation over time, gradually impacting device performance. Hygiene affects not only a device's usable lifetime but also its design. To slow the proliferation of bacteria, a device must be water and sweat resistant as this would affects electronics reliability by prematurely discharging the battery if the device is not hermetically sealed. However, sealing prevents the battery from being accessed, meaning replacement is not an option. Minimising power consumption enables using lower capacity (and hence smaller, lighter and lower cost) batteries. This helps reduce the BOM, size and weight and makes disposable devices more comfortable to wear over an extended period.
Optimising radio operation
The radio subsystem is among the most power-hungry peripherals in an RF System on a Chip (SoC). Transmit and receive operations can dramatically impact the battery’s lifetime, meaning an obvious way to lower power consumption is to reduce transmit power. In a wearable device, the distance to a receiving smartphone is usually relatively small, so the transmit power level is in the 0-dBm range. Apart from reducing distance, a way to optimise radio operation power usage is to reduce the duration of transmit/receive events relative to silent periods (the RF duty cycle). This can be done by adjusting the advertising and connection intervals. Table 1 shows the current consumption measurement as a function of transmission power and duty cycle on Silicon Labs’ EFR32BG1 Bluetooth SoC. This indicates that the duty cycle impacts current consumption significantly more than transmission power.
Table 1 Power consumption at different power levels and duty cycles for the EFR32BG1 Bluetooth SoC
Where BLE 5.0 connectivity is available, Silicon Labs’ 2M PHY, which transmits twice as fast as BLE 4.0, effectively halves the data transmission time, reducing power consumption by 15% for a 25-ms connection interval.
Lowering shelf mode power consumption
Logistically, a device could spend much of its lifetime in storage (shelf mode). This is because after it is manufactured, it could be several months before it is purchased by a customer, especially in a long supply chain. Another reason is that sometimes a customer might only need to use the product for several weeks or months after purchase (common with disposables). However, without proper design, a device’s battery could continue to drain, reducing its useful lifetime, or, in a worst-case scenario, the battery could be drained entirely before a customer gets to use the device. To prevent this, many consumer devices have a thin removable plastic insulator between one battery contact and the battery holder. Unfortunately, disposable medical devices cannot use this approach as they are commonly hermetically sealed.
A way to solve this issue is to place a device in a low-power state from which it wakes up sporadically, advertises its presence, and waits for a central device to connect before pairing or returning to a low-power state. However, this solution is not ideal because it requires a very long advertising interval, increasing the time needed for a device to associate with a smartphone app. Furthermore, the device still has to transmit advertising packets - shelf mode current consumption, which is not negligible (Figure 2).
Figure 2 Percentage of battery charge lost for different current consumption levels when a device is ‘on the shelf. The battery capacity is assumed to be 24 mAh (SR66 cell).
A superior option is to provide an electrical means to activate a device from a very low power state. For example, the microcontroller could have a power-enable signal which, when in an active state, is used to enable internal power supplies for regular operation. Alternatively, external circuitry can be added to generate the enable signal using a mechanical (or magnetic) switch or energy-harvesting circuitry based on a photovoltaic or a near field contact-less (NFC) sensor. Current consumption levels below 100 nA can sustain a device for many years in shelf mode without significantly draining the battery. This means the battery is not the limiting factor impacting a device’s lifetime relative to the previously mentioned hygiene and material degradation factors.
Conclusion
This article discussed two interrelated challenges – security and power consumption - to realising practical disposable medical devices. It also presented some practical solutions to these challenges proposed by Silicon Labs’ to enable the healthcare industry to offer more hygienic, safer, cost-efficient disposable medical devices to a broader population.