Title: Cyber Security Issues in Assisted Living
1Cyber Security Issues in Assisted Living
- Carl A. Gunter
- University of Illinois
2Issues
- Reliability
- System failures frustrate users and jeopardize
outcomes. - Usability
- Complicated tasks will be avoided by users and
risk errors. - Interoperability
- Integrating the systems of many vendors is
challenging but can provides richer services at
lower cost. - Security
- Privacy and access rights of stakeholders must be
respected. - Regulatory (HIPPA) requirements must be satisfied.
3Architecture
- Drop-Box architecture
- Medical Devices
- Monitoring Service
- Clinician Service
- Home-Network Protection
- USB token-based approach
- Web service-based approach
- Web service standards SOAP, WS-Security,
WS-Reliability
- Security
- (End-to-End Confidentiality
- and Integrity)
- Reliability
- Security
- (Availability)
- Usability
4Drop-Box Architecture
Monitoring Service
Clinician
Medical Device
Store Forward
Enc Health status
Enc Reminder
Open specifications enable the monitoring service
and multiple clinicians to interoperate with
devices from many vendors.
5Security
- WS-Security
- OASIS Standard v 1.0 (2004) provides end-to-end
message level security. - It is possible to encrypt an element of a message.
SOAP Envelope
SOAP Envelope
- Double Encryption of SOAP Messages
- Step 1 Encrypt medical information using an
end-to-end key (patient-doctor key) - Step 2 Encrypt the whole message using a
transmission key (patient-monitoring server key)
SOAP Body
SOAP Element Routing Information
SOAP Element Medical Information
SOAP Element Medical Information
6Reliability
- WS-Reliability
- OASIS Standard V1.1 (2004)
7Home-Network Protection
- Home-network resources should be protected
- Availability access control to home network
router - Confidentiality, Integrity
- WPA (WiFi Protected Access 2) - Personal
- WPA-Personal (or WPA-PSK) does not require an
authentication server (c.f., WPA-Enterprise) - All major operating systems (Windows, Linux, Mac)
and Wireless AP products support WPA-Personal
8Tools for Secret Sharing
- Possible devices to create a location-limited
channels - USB storage tokens
- Infrared channels
- Audio channels
- Camera phones and 2D barcodes
9Functionalities
Home Network Protection Usability
Reliability
End-to-End Secure Communication
Interoperability
10Architecture
- Drop Box and AMY (Auth. Manager for You)
From Alice To Dr. Brown BloodSugarRate 135
From Alice To Dr. Brown
From Alice To Dr. Brown BloodSugarRate 135
11Testbed
Implementation H/W - One Linux Server / Two
Windows Clients - Digital Pulse Oximeter
(Bluetooth-enabled) S/W - Java 2 SE 5.0 -
Apache AXIS (SOAP) - Apache WSS4J
(WS-Security) - Apache Sandesha
(WS-Reliability) Network - LAN, WPA
12Test Bed
Implementation Environment
- - Java 2 SE 5.0
- Apache AXIS (SOAP)
- Apache WSS4J
- (WS-Security)
- Apache Sandesha
- (WS-Reliability)
- - Linux Server, Windows Clients
- - WPA Wireless Network Environment of Siebel
Center
Windows (Notebook)
Desktop (Linux)
Windows (Notebook)
13Conclusions
- Security considerations will be a significant
barrier to many applications of assisted living. - The drop box architecture provides a flexible
approach to a significant range of applications. - Many extensions of our basic framework are
possible, but some applications may require a
different approach.