Internet in TeleMedicine

1
Internet in (Tele)MedicineData Security issues
VI CATAI Summer Course Athens, Greece, October
1998

• Vincenzo Della Mea
• Dept. of Pathology, University of Udine
• dellamea_at_dimi.uniud.it

2
SUMMARY

• The Internet
• Basic concepts
• E-mail
• Mailing lists and newsgroups
• WWW
• Security
• Cryptography
• Certification
• Internet and (Tele)medicine

3
The Internet is...

• Physically a collection of networks
• Technically a collection of common, standard,
  machine-independent protocols
• SociallyAn attitude to intercommunicate

4
Why to use the Internet?

• it is cheap
• it is widely available
• it is easy
• it is already used for other tasks

5
Internet capabilities

• Basic Protocols
• Personal communicationsE-Mail
• Group collaborationsNewsgroups, mailing lists,
  web-based discussion groups
• Dissemination of informationWorld Wide Web

6
Basic Concepts

• four-layer set of protocols
• each connected computer is designated by a 32-bit
  number
• a port number is also associated to each
  connection
• TCP/IP are connectionless protocols
• information is transferred in packets
• client/server paradigm

7
Communication Layers

• An application protocol defines commands and
  formats for the exchange of messages of any size
  between two computers.
• TCP manages connection-oriented streams of data,
  by multiplexing the message into datagrams,
  reassembling them at the other end, and sending
  again lost data.
• IP is responsible for routing individual
  datagrams. IP finds a route for the datagram
  after adding its own header to it.
• Common interface to the physical media where data
  are carried. The most diffused one is Ethernet.

8
Security Considerations

• Secure Socket Layer (SSL) data encryption on the
  sockets layer for secure low-level
  communications, with server authentication,
  encryption of data in transit, and optional
  client authentication.
• Network firewalls for protecting one network
  from another untrusted network, by means of,
  traffic blockage, traffic permission, and
  tracing.
• Proxies high-level applications which act as a
  gateway between specific applications and the
  network this allows to filter and log traffic.
• Future evolutions in IPng

9
Quality of Service

• IP does not provide any guarantee on the delivery
  of datagrams this means that information can be
  lost during transmission.
• TCP implements quality of service by
  automatically resending lost datagrams.
• Currently there aren't guarantees on performance,
  as well as on priority of messages (but they will
  be introduced with IPv6).
• Use of Intranets may allow some QoS guarantee.

10
Personal Communications through E-mail

• Among Internet protocols, e-mail plays a relevant
  role in interpersonal communications on the
  Internet.
• Being telemedicine a particular form of dialogue
  between distant actors, electronic mail may be
  adopted as a mean for carrying out such dialogue,
  under precise constraints and with some
  limitation.
• Store-and-forward communications

11
Basic e-mail protocols

• Store-and-forward transmissions
• Communication protocol SMTP, Simple Mail
  Transfer Protocol
• Message formatRFC822 (plain text messaging)
• Protocols for message retrieval POP3, IMAP4

12
E-mail basic protocols
CLIENT
SERVER
SMTP
outgoing messages
POP3, IMAP4
ingoing messages
MUA
SMTP server POP server IMAP4 server ...
13
Message Format

• RFC822 comprises a header with a series of
  fields, including among other information
  sender, recipient, subject, date and the message
  body given by pairs fieldvalue.
• Some of these fields are automatically filled by
  the MUA, some by the user, and finally some by
  the SMTP server.
• A user address is designated as follows
  user.name_at_domain.org

14
Multimedia E-mail

• MIME (Multipurpose Internet Mail Extensions)
• internal organization of the message body, and
  methods for encoding binary data.
• seven content types text, multipart,
  application, message, image, audio, video.
• the multipart type allows to combine several body
  parts, also nested and of different type.
• Standard subtypes image/jpeg, image/gif, etc.
• Content-Transfer -Encoding header field
  specifies how data are encoded (usually with
  Base64).

15
Security considerations

• Plain e-mail no privacy of data (readable during
  all the path between sender and recipient)
• A recent proposal introduces PEM (Privacy
  Enhanced Mail) as a natural use of MIME
  capabilities (through multipart/signed and
  multipart/encrypted)
• PGP (Pretty Good Privacy) a DES-based software
  for PEM, current de-facto standard for personal
  private communications
• No standard, diffused implementations
• No easy way to have certification

16
Quality of Service

• E-mail protocols provide for a very accurate
  range of services, including
• automatic retry in sending messages with
  configurable frequence and for a configurable
  amount of time
• different levels of user notification, are
  available for any failure that can occur.
• Performance control is not specified, also
  because the intrinsically asynchronous nature of
  e-mail makes it less sensitive to delays.

17
Newsgroups

• Apparently topic-based public discussion groups
• based on NNTP protocol
• very useful for some exchange of information
  (i.e. the Linux project)
• in the reality, not very focussed
• New problem SPAM

18
Mailing lists

• distribution lists based on e-mail
• sometimes there is a moderator
• better focussed than newsgroups
• Our experience we are running ITAPAT, the
  mailing list of italian pathologists

19
Security considerations

• A main issue is related to the identity of
  senders messages can be forged as coming from
  recognised individuals or institutions, thus
  inducing trust on readers. Currently no technical
  solutions are available.
• Mailing lists are based on e-mail protocols, and
  thus can rely on these for introducing privacy
  and security. In addition, moderators and
  selected subscriptions can reduce noise on
  information and presence of unauthorized people.
• Spam

20
Quality of Service

• News servers are public services, whose policies
  are left to the server' owner. Message exchanges
  occur among servers with a certain time delay
  that can produce some differences in the content
  of the servers in a certain time. The content
  quality can be ensured only by moderation.
• Mailing lists are based on e-mail, thus
  inheriting from it quality and perfomance. The
  content quality can be ensured mainly by
  moderation on content and on subscribers
  selection.

21
World Wide Web

• Distributed Hypermedia on the Internet
• through a transfer protocol HTTP (Hypertext
  Transfer Protocol)
• can include any file format
• the basic one is HTML (HyperText Markup Language)
• other standards are GIF, JPEG, MPEG

22
HTML(Hypertext Markup Language)

• An HTML document is a plain text file containing
  text interspersed with tags.
• Usually the tags (which are commands) may be
  nested.
• Tags
• lttag_namegttextlt/tag_namegt
• lttag_name attribute1value1 ...
  attributeNvalueNgt
• text lt/tag_namegt
• lttag_namegt

• Sample document
• lthtmlgt
• ltheadgt
• lttitlegtThis is an HTML document lt/titlegt
• lt/headgt
• ltbodygt
• ...
• lt/bodygt
• lt/htmlgt

23
An example
ltHTMLgtgtltHEADgt ltTITLEgtThis is the
titlelt/TITLEgt lt/HEADgt ltBODY BGCOLORWhitegt ltH1gtMai
n Headerlt/H1gt ltH2gt2nd headerlt/H2gt This is a
list ltULgtltLIgt one ltLIgt two ltLIgt threelt/ULgt This
is a table ltTABLE BORDERgt ltTRgtltTDgtltBgtboldlt/Bgt ltTD
gtltIgtitaliclt/Igt ltTDgtltIgtltBgtboth...lt/Bgtlt/IgtltTRgt ltTDgtlt
FONT SIZE5gthigher fontlt/FONTgt ltTDgttry to click
ltA HREFlink.htmlgtherelt/Agt... ltTDgtThis is an
image ltBRgt ltIMG SRCimg.gifgtlt/TABLEgt lt/BODYgtlt/HT
MLgt
24
HTTP

• Basic file transfer aimed at WWW GET, POST,
  HEAD
• Clients able to display images and video
• PUSH method for live video

25
WWW Ease of use

• WWW clientsunified interface for the most used
  protocols on the Internet (HTTP, FTP, E-mail,
  News, ...)
• WWW currently accounts for the most part of
  traffic on the Internet
• Sometimes, too much traffic to guarantee the
  quality of service

26
Security considerations/1Security risks on the
World Wide Web

• Server side security risks, including
• Unauthorized access to private or confidential
  documents
• Availability of information about the server's
  host machine
• Bugs that allow active intruders to execute
  commands on the server's host machine
• "Denial of service" attacks.
• Client-side security risks, including
• virus-like active content of web pages
• Unauthorized access to personal user information.
• Network security risks, including
• Interception by intruders of private or
  confidential information sent by the remote user
  to the server. (e.g. credit card information)
• Interception by intruders of private or
  confidential information sent by the server to
  the remote user.

27
Security considerations/2Solutions

• through SSL (Secure Socket Layer)
• HTTPSSL HTTPS (secure servers)
• Electronic commerce will find the global solution
  (SET, Cybercash, OpenMarket)
• USA restrictions in exporting encryption software
  is delaying the diffusion of security tools

28
Quality of Service

• Currently no guarantees are available on WWW
  performance. This is particularly important
  because WWW applications, which involve
  multimedia communications, are sensitive to
  delays in the user interface, which is based on
  remote data and images.
• Content quality control is left to content
  providers, although some development is coming in
  this direction, such as PICS.
• Medical content often unaffordable, evaluation
  mechanisms are being studied

29
Other features

• FTP, one of the first Internet protocols, allows
  the exchange of files between different computers
  connected to the Internet.
• Telnet is the virtual terminal protocol in the
  Internet set of protocols. It allows users of one
  host to log into a remote host and interact as
  normal terminal users of that host.
• Gopher is a distributed document search and
  retrieval protocol, that allows the hierarchical
  organisation of documents across different
  machines on the net.

30
Conferencing systems

• CU-SeeMe, Netscape CoolTalk, Microsoft NetMeeting
• These systems offer different types of
  conferencing and collaboration CU-SeeMe is a
  public domain software developed by the Cornell
  University with videophone performance (that is
  up to 320x240, 16 grey levels and audio), while
  Cooltalk and NetMeeting are collaboration
  software.

31
MBONE

• Multicast backBONE
• experimental virtual network superimposed upon
  the Internet.
• efficient real-time distribution of data to
  multiple destinations using IP multicast.
• Limitations of the current Internet restrict the
  quality of received audio and video

32
New Developments IPng

• IPv6 -or IPng- is a new version of IP, that
  introduces a number of enhancements
• designed to run on high performance networks as
  well as on low bandwidth networks
• addressing and routing issues
• a larger address space (128 bit addresses)
• autoconfiguration capabilities
• simplified IP packets
• native security
• Multicast and anycast features
• "Quality of service" functions

33
Security

• Problems
• authentication
• integrity
• privacy
• non-repudiation
• Cryptography
• secret-key
• public-key
• Certification hierarchies

34
Public key cryptography

• M private key, Y public key, X
  message,Encode(Key,Data), Decode(Key, Data)
• Decode (Y, Encode(M, X)) Decode (M, Encode(Y,
  X)) M
• F(M)Y and F-1(Y)M computationally hard
• To be sure you are receiving the message from ME
• I Encode(M, X) -gt Z
• You Decode(Y, Z)
• To be sure your message is read only by ME
• You Encode(Y, X) -gt Z
• I Decode(M, Z)

35
Certification infrastructure

• Communication between
• users
• user and system
• systems
• when users or systems from different communities
  want to communicate, someone is needed to
  guarantee reciprocal trust
• is that public key really held by the user I want
  to speak with?
• external (trusted) entities can carry out this
  task, exactly as the notary do

36
Certification Authority (CA)

• an entity which guarantee for the association
  between public keys and user/system identity
• the association is declared inside a certificate,
  digitally signed by the CA
• the sender which wants to communicate sends his
  certificate to the recipient
• the recipient can decide if the CA which signed
  the certificate is trusted or not, and thus the
  sender.

37
Who certifies the CA? A hierarchy of CAs

• CAs are useful mainly when communicating between
  unknown communities thus some way of ensuring
  trust in CAs is needed
• the solution is a hierarchy of CAs, where each
  level certifies the lower, down to the
  user/system
• the top level CA is called Policy CA it
  establishes the rules all Cas should respect, to
  be part of the hierarchy

38
CA Policy

• identity validation
• privacy statements
• certificate emission
• certificate revocation
• ...

39
Certificates

• Standard format X.509 (v1-v3)
• Information inside the certificate
• version number
• serial number
• signature info
• issuer
• validity period
• subject
• public key info
• certificate signature

40
Examples

• SENDER
• Web clientencrypt with encrypted form data
• Email userencrypt with encrypted
  messageencrypt with private keypublic key

• RECEIVER
• HTTP serverpublic keydecrypt with private key
• Email userpublic keydecrypt with private
  keysigned messagedecode with

41
European directions

• ICE-TEL (Interworking public-key Certification
  Infrastructure for Europe)1995 - 1997
• ICE-CAR (Interworking public-key Certification
  Infrastructure for Europe for Commerce,
  Applications and Research)1997 -

42
Medicine...

• is based on many kinds of communication
• textual
• visual
• spoken
• expert knowledge is spreaded around the world
• gains power from easy and wide communication
• for diagnostic practice
• for scientific purposes
• for teaching aims

43
Medical Doctors communicate...

• For diagnostic aims
• in the same field, with traditional means (mail,
  phone) all around the world to reach the right
  expert
• in different fields, with written reports (e.g.
  other examinations) (often inside the hospital)
• For scientific aims
• through conferences
• in scientific journals
• For teaching aims
• usings books (often with many pictures)
• using slides
• usingdirect examinations

44
Basic needs

• The physician works with communication easy and
  quick use of instruments
• medical information is multimedia not only text
  or voice
• medical data are often patient private data no
  public access to them

45
Medical uses of e-mail

• among physicians
• consultation
• diagnosis
• continuous education
• between physician and patient
• test results and interpretations
• medication instructions
• anagraphical data exchange

46
Medical uses of newsgroups and mailing lists

• scientific aims
• continuous education
• collaborative diagnosis

47
Medical uses of WWWApplications

• multimedia for undergraduate and postgraduate
  education
• multimedia for continuing education through
• networked implementation of CME credit mat
  erials
• WWW access to medical databases (for ease of use)
• interface for remote access to databases such as
  Medline, Genbank etc.
• Multimedia for patient information and education

48
Medical uses of WWWProblems

• Information published on the WWW can reach a wide
  number of readers
• no way for characterizing the quality of WWW
  information is currently available
• the user can equally access correct as well as
  incorrect information
• Incorrect misinformation and fraud.
• Correct ethical problems due the different
  perception that physicians and patients have
  about a medical topic (e.g. researches on cancer
  treatments).

49
Internet problems

• The Internet interconnects scientific as well as
  commercial and entertainment networks.
  Consequences
• almost all scientific institutions are connected,
  thus also many hospitals, and this is a great
  incentive for its use in telemedicine.
• As more people use the Internet, as slower and
  insecure become communications, and this possibly
  dissuades from its use for telemedicine.
• Currently it is difficult to carry out realtime
  tasks on the Internet

50
Internet in MedicineIs it Telemedicine?

• in the broad sense of telemedicine, yes
• a widely used mean gives many additional problems
• Is the Internet adequate for medical uses?
• a recent estimation accounted medical exchanges
  for about 25 of the Internet traffic... growing.