Developments in Universal Corein Universal Core-to-Cloud … · 2012-01-19 · eHealth Core to Cloud Securityyp Gaps • Software vulnerabilities, hardware insecurity and weak licensing

ETSI Security Workshop 2012Sophia AntipolisSophia Antipolis

Developments in Universal Core-to-CloudDevelopments in Universal Core-to-Cloud Layered Security Interface Model

Navin GovindFounder and CEO, Aventyn

Upkar DhaliwalCEO, Future Wireless Technologies, IEEE EMB-S Chapter Chair

1ETSI Security Workshop 2012Sophia Antipolis

eHealth Core to Cloud Securityy

• Universal eHealth security framework with a common programming model, standard interfaces and services

• Securing Core to Cloud platform layersg p y– CPU Firmware, BIOS and HAL level functions for medical

devices– OS, kernel services, virtualised layers for runtime security– Device level functions for identification, authentication and

ti f di di l d d iencryption of diverse user, medical grade devices– Middleware interface for trusted health data brokering

Application and data security


– Application and data security

eHealth Core to Cloud Security Gapsy p

• Software vulnerabilities, hardware insecurity and weak licensing models continue to displace whole solutions for securing platforms

• Cloud models evolving from public private hybridCloud models evolving from public, private, hybrid platforms challenge security, IP protection, device level user securitylevel user security


Common Problems

• As dumb sensor based hardware solutions are utilized, i di id l d t i t t it iindividual products require constant monitoring.

• These medical devices are serially connected and not integrated into the data flointegrated into the data flow.

Common problems:• Routers do not provide or know the content of servers, and cannot read

into the application flows.• Gateways or Servers do not know networking routes and cannot create• Gateways or Servers do not know networking routes and cannot create

Quality of Service (QoS) or Experience (QoE) for communications.• Wireless Sensors or Gateways cannot dynamically connect with data

sources to create different applications, compose new services, or modify end-user views.


Need for Dynamic Monitoring of IP layer Traffic

• There is move from static to mobile clients, infrastructures & services that are dynamic increasingly wireless & multi-purpose (e g smart phones/tablets)dynamic, increasingly wireless & multi purpose (e.g., smart phones/tablets).

• Medical applications & services need to be capable of being dynamically relocated over wireless connectivity & executed on mobile client.N t k ill i f ll i ibilit i t li ti fl t i• Networks will require full visibility into application flows to manage services delivery in a load balanced manner, like DPI.

• Certain Applications need to communicate computational/transport needs with t t t ktransport networks.

• Medical content should be customized to the medical device use and needs to be generated on demand.

• Mobile Applications are modular, composed of distributed elements of code.• Service delivery channels will be secure and created as needed.• Many services utilize disconnected execution “islands” that interact to generateMany services utilize disconnected execution islands that interact to generate

the needed deliverables.• The current, escalating level of dynamism required in infrastructure, content,

applications and services with mobile end users


applications, and services with mobile end users

Example of BAN/WANp


Calhoun, IEEE IMS2011 WSI RF Bio Medical Sensor Session

Need for Dynamic Monitoring of IP layer Traffic


Calhoun, IEEE IMS2011 WSI RF Bio Medical Sensor Session

Core to Cloud Security Frameworky

HardenedApplications

Secure Portal and Browser

Applications

Robust ManageabilityHardened

HypervisorHardenedHypervisorHypervisorHypervisor

Secure Data

Unique Platform Id tifi ti dIdentification and Authentication

S C dS C dSecure Code Execution(Intel VT/ TXT, AMD-V and ARM TZ)

Secure Code Execution(Intel VT/ TXT, AMD-V and ARM TZ)


*Marks are properties of respective owners

Core to Cloud Secure Connected ArchitectureCore to Cloud Secure Connected Architecture Integrates Health Information

eHealth and Cloud

Connected Health Smart CardM2M Bio-Sensors

Hospitals

Patients

InsurerA th ti ti Id tifi tiAuthentication

Encryption

Identification

Decryption

Labs

PharmacyConnected RFID Assets

Smart CityConnected Consumer

Interoperabilty, Security and Scalability


p y, y y

Programming Model Exampleg g p• Application programming services and interfaces connect eHealth cloud

services devices and applications to the platform provider complementingservices, devices and applications to the platform provider complementing SIM/uSIM

• Business transactions delivered platform specific along with carrier SIM• mHealth, device specific, clinical applications etc., that are downloaded

from health provider cloud, app stores are:– Protect identity, health data and prevent fraud– Encrypted to prevent malicious and un-authorized usage– Prevent unauthorized copying

• Usage Examples• Usage Examples– Scalable health information sharing services

• Connected and trusted user can switch from provider X to provider Y and still continue to share health information with main provider or insurer (instill continue to share health information with main provider or insurer (in US)

– Downloaded services and content delivered to trusted platformsSensitive patient clinical data cannot be “viewed” on another platform


– Sensitive patient, clinical data cannot be “viewed” on another platform

Programming Interfaces

Encrypt Security Software and Rich Application Source

Code Execution

Encrypt User ID, System S ft D i d D tSoftware, Device and Data

Rights

Hypervisor, Virtualization Layers Encryption and Cloud

Services Security


Seamless and Transparent Usage Model

API API

API

API API


Secure Clinical Information Processing PlatformSecure Clinical Information Processing Platform

Hospitals and SuppliersSecure critical assetsAutomate demand-supply R d d d i i t ti t

Real-time Asset Tracking

Hospitals and LabsMonitor correct patientRight medication and dosageR d d f

Secure Health Records

Reduced administrative costImproved patient safety

Reduced paper forms Increased physician utilization

EPCglobal, ISO, W3C and HL7Interoperable Clinical Information

Consumer, Insurer and PharmaEnterprise clinical information sharingIncreased administration throughput gainReduced cost of pre-clinical trailsImproved efficiency in care quality


eHealth Secure Core to Cloud Computing UseseHealth Secure Core to Cloud Computing Uses and Applications

Wireless Software Factory Cloud Infrastructure

Internet

Encrypt Application Unique User ID, AuthenticationSupport Multiple Devices

Secured ApplicationsSecure Portal ProvisioningFlexible Licensing/Audits

Games, Digital Media, Health and Financial Providers

Multiple Platform SupportX86 and ARM Specific

•License Content and Media•Mobile Medical Banking•Access, Monitor Health Data•Preventive and Wellness•Assisted Living

and Financial ProvidersSecure Users/Device/DataScalable PlatformsIncreased Revenue

X86 and ARM SpecificWin, Linux and Mac OS XCitrix, VMwareAndroid, S60, Snapdragon

Encrypt System Software, Apps, Data & PortalsPrevent Identity Theft and FraudTamper Resistant Device and DataTamper Resistant Device and DataHarden Against Malicious AttacksSecure User, Device Centric Data RightsImproved Licensing and Auditing Policies


Universal APIs Benefit

• Standard software solution for secure code execution and ti i t it ifi tirun-time integrity verification

• Multi factor secure identification and authentication of eHealth users, devices for increased security and manageability

• Tamper proof health content rights management, software activation, distribution and licensing solutionact at o , d st but o a d ce s g so ut o

• Reduces virtualization layer threats by securing and hardening hypervisors and custom software containershardening hypervisors and custom software containers

• Enforcing improved security policies for auditing,


compliance, updates and patches

Documents

Developments in Universal Corein Universal Core-to-Cloud … · 2012-01-19 · eHealth Core to Cloud Securityyp Gaps • Software vulnerabilities, hardware insecurity and weak licensing