Personal data security in telemedicine
M. Grayvoronskyy, A. Novikov NTUU “KPI”, Kiev, Ukraine
Characteristics of the information
Confidentialityonly authorized persons may become familiar with the
information
Integrityonly authorized persons may in any way modify the information
Accessibilityany authorized object may obtain data within the certain (short)
time interval
Teleworkers
Remote SitesCentral Sites
ATM / FR / ISDN
WANRouter
Network Reference Model
PBX
Hub
IPTGateway
Hub
PSTN
Router
WAN
Violator (internal)
L3 SwitchL2
Switch
PBX
Violator (External)
Internet
WAN Router/IPT Gateway
Confidentiality
The violation of confidentiality (privacy): disclosure of information Typical ways for disclosure of information: – “sniffing”: listening of the data transmitted via a
telecommunication channel– “spoofing”: an authorized object of
telecommunication exchange is substituted by an unauthorized object
TeleworkersSpoofing
Sniffing
WANRouter
Violation of confidentiality
HubHub
WANL3 Switch
L2Switch
Internet
WAN Router/IPT Gateway
Router
Integrity
The violation of integrity: – partial or complete loss of the information– falsification of data
Hub
WAN Router/IPT Gateway
Router
Accessibility
The violation of accessibility: denial of service (DoS) attacks
Hub
WAN Router/IPT Gateway
Router
Methods of information protection
Authentication of objectsData ciphering (encryption)Signing of dataRedundancy and backup in storage of dataRedundant data channels
Virtual Private Networks
Public Internet(Untrusted network)
PrivatePublic
Private
Public
FR or Leased Line(Intranet, trusted private network)
Public WAN VPN(Dynamic routing over
encrypted tunnels)
Public WAN(Clear-text, static routing)
Private WAN(Clear-text or Encrypted
Routing - Static, RIP, OSPF)
Branch Office Tunnel
IP Phones
Video conference
Transport and Tunnel Mode
New IPHeader
Sec ProtocolHeader
Data
IP Header Data
Tunnel Mode
Original IPHeader
Sec ProtocolHeader
Transport Mode
Original IPHeader
Data
Encryption
Encryption
Outer IP Header
Inner IP Header
A good example: Nortel Networks Contivity
Mo
du
lar
Ser
vice
Op
tio
ns
Dec
reas
ed C
ost
Software License KeysSoftware License Keys
Firewall Firewall ServicesServices
VPN VPN ServicesServices
Adv Adv RoutingRouting
Base ServicesBase Services
Contivity can function as – VPN device– Router – Firewall– Or any combination