Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
ETSI Security Workshop 2012Sophia AntipolisSophia Antipolis
Developments in Universal Core-to-CloudDevelopments in Universal Core-to-Cloud Layered Security Interface Model
Navin GovindFounder and CEO, Aventyn
Upkar DhaliwalCEO, Future Wireless Technologies, IEEE EMB-S Chapter Chair
1ETSI Security Workshop 2012Sophia Antipolis
eHealth Core to Cloud Securityy
• Universal eHealth security framework with a common programming model, standard interfaces and services
• Securing Core to Cloud platform layersg p y– CPU Firmware, BIOS and HAL level functions for medical
devices– OS, kernel services, virtualised layers for runtime security– Device level functions for identification, authentication and
ti f di di l d d iencryption of diverse user, medical grade devices– Middleware interface for trusted health data brokering
Application and data security
2ETSI Security Workshop 2012Sophia Antipolis
– Application and data security
eHealth Core to Cloud Security Gapsy p
• Software vulnerabilities, hardware insecurity and weak licensing models continue to displace whole solutions for securing platforms
• Cloud models evolving from public private hybridCloud models evolving from public, private, hybrid platforms challenge security, IP protection, device level user securitylevel user security
3ETSI Security Workshop 2012Sophia Antipolis
Common Problems
• As dumb sensor based hardware solutions are utilized, i di id l d t i t t it iindividual products require constant monitoring.
• These medical devices are serially connected and not integrated into the data flointegrated into the data flow.
Common problems:• Routers do not provide or know the content of servers, and cannot read
into the application flows.• Gateways or Servers do not know networking routes and cannot create• Gateways or Servers do not know networking routes and cannot create
Quality of Service (QoS) or Experience (QoE) for communications.• Wireless Sensors or Gateways cannot dynamically connect with data
sources to create different applications, compose new services, or modify end-user views.
4ETSI Security Workshop 2012Sophia Antipolis
Need for Dynamic Monitoring of IP layer Traffic
• There is move from static to mobile clients, infrastructures & services that are dynamic increasingly wireless & multi-purpose (e g smart phones/tablets)dynamic, increasingly wireless & multi purpose (e.g., smart phones/tablets).
• Medical applications & services need to be capable of being dynamically relocated over wireless connectivity & executed on mobile client.N t k ill i f ll i ibilit i t li ti fl t i• Networks will require full visibility into application flows to manage services delivery in a load balanced manner, like DPI.
• Certain Applications need to communicate computational/transport needs with t t t ktransport networks.
• Medical content should be customized to the medical device use and needs to be generated on demand.
• Mobile Applications are modular, composed of distributed elements of code.• Service delivery channels will be secure and created as needed.• Many services utilize disconnected execution “islands” that interact to generateMany services utilize disconnected execution islands that interact to generate
the needed deliverables.• The current, escalating level of dynamism required in infrastructure, content,
applications and services with mobile end users
5ETSI Security Workshop 2012Sophia Antipolis
applications, and services with mobile end users
Example of BAN/WANp
6ETSI Security Workshop 2012Sophia Antipolis
Calhoun, IEEE IMS2011 WSI RF Bio Medical Sensor Session
Need for Dynamic Monitoring of IP layer Traffic
7ETSI Security Workshop 2012Sophia Antipolis
Calhoun, IEEE IMS2011 WSI RF Bio Medical Sensor Session
Core to Cloud Security Frameworky
HardenedApplications
Secure Portal and Browser
Applications
Robust ManageabilityHardened
HypervisorHardenedHypervisorHypervisorHypervisor
Secure Data
Unique Platform Id tifi ti dIdentification and Authentication
S C dS C dSecure Code Execution(Intel VT/ TXT, AMD-V and ARM TZ)
Secure Code Execution(Intel VT/ TXT, AMD-V and ARM TZ)
8ETSI Security Workshop 2012Sophia Antipolis
*Marks are properties of respective owners
Core to Cloud Secure Connected ArchitectureCore to Cloud Secure Connected Architecture Integrates Health Information
eHealth and Cloud
Connected Health Smart CardM2M Bio-Sensors
Hospitals
Patients
InsurerA th ti ti Id tifi tiAuthentication
Encryption
Identification
Decryption
Labs
PharmacyConnected RFID Assets
Smart CityConnected Consumer
Interoperabilty, Security and Scalability
9ETSI Security Workshop 2012Sophia Antipolis
p y, y y
Programming Model Exampleg g p• Application programming services and interfaces connect eHealth cloud
services devices and applications to the platform provider complementingservices, devices and applications to the platform provider complementing SIM/uSIM
• Business transactions delivered platform specific along with carrier SIM• mHealth, device specific, clinical applications etc., that are downloaded
from health provider cloud, app stores are:– Protect identity, health data and prevent fraud– Encrypted to prevent malicious and un-authorized usage– Prevent unauthorized copying
• Usage Examples• Usage Examples– Scalable health information sharing services
• Connected and trusted user can switch from provider X to provider Y and still continue to share health information with main provider or insurer (instill continue to share health information with main provider or insurer (in US)
– Downloaded services and content delivered to trusted platformsSensitive patient clinical data cannot be “viewed” on another platform
10ETSI Security Workshop 2012Sophia Antipolis
– Sensitive patient, clinical data cannot be “viewed” on another platform
Programming Interfaces
Encrypt Security Software and Rich Application Source
Code Execution
Encrypt User ID, System S ft D i d D tSoftware, Device and Data
Rights
Hypervisor, Virtualization Layers Encryption and Cloud
Services Security
11ETSI Security Workshop 2012Sophia Antipolis
Seamless and Transparent Usage Model
API API
API
API API
12ETSI Security Workshop 2012Sophia Antipolis
Secure Clinical Information Processing PlatformSecure Clinical Information Processing Platform
Hospitals and SuppliersSecure critical assetsAutomate demand-supply R d d d i i t ti t
Real-time Asset Tracking
Hospitals and LabsMonitor correct patientRight medication and dosageR d d f
Secure Health Records
Reduced administrative costImproved patient safety
Reduced paper forms Increased physician utilization
EPCglobal, ISO, W3C and HL7Interoperable Clinical Information
Consumer, Insurer and PharmaEnterprise clinical information sharingIncreased administration throughput gainReduced cost of pre-clinical trailsImproved efficiency in care quality
13ETSI Security Workshop 2012Sophia Antipolis
eHealth Secure Core to Cloud Computing UseseHealth Secure Core to Cloud Computing Uses and Applications
Wireless Software Factory Cloud Infrastructure
Internet
Encrypt Application Unique User ID, AuthenticationSupport Multiple Devices
Secured ApplicationsSecure Portal ProvisioningFlexible Licensing/Audits
Games, Digital Media, Health and Financial Providers
Multiple Platform SupportX86 and ARM Specific
•License Content and Media•Mobile Medical Banking•Access, Monitor Health Data•Preventive and Wellness•Assisted Living
and Financial ProvidersSecure Users/Device/DataScalable PlatformsIncreased Revenue
X86 and ARM SpecificWin, Linux and Mac OS XCitrix, VMwareAndroid, S60, Snapdragon
Encrypt System Software, Apps, Data & PortalsPrevent Identity Theft and FraudTamper Resistant Device and DataTamper Resistant Device and DataHarden Against Malicious AttacksSecure User, Device Centric Data RightsImproved Licensing and Auditing Policies
14ETSI Security Workshop 2012Sophia Antipolis
Universal APIs Benefit
• Standard software solution for secure code execution and ti i t it ifi tirun-time integrity verification
• Multi factor secure identification and authentication of eHealth users, devices for increased security and manageability
• Tamper proof health content rights management, software activation, distribution and licensing solutionact at o , d st but o a d ce s g so ut o
• Reduces virtualization layer threats by securing and hardening hypervisors and custom software containershardening hypervisors and custom software containers
• Enforcing improved security policies for auditing,
15ETSI Security Workshop 2012Sophia Antipolis
compliance, updates and patches