Embed Size (px)
Citation preview
© Ramon Martí, DMAG, Universitat Pompeu Fabra 1
BAN Security ServicesBAN Security ServicesBAN Security ServicesBAN Security Services
MobiHealth Plenary SessionSantorini
2003/05/26-27
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 2
MobiHealth SecurityMobiHealth SecurityMobiHealth SecurityMobiHealth Security
• MobiHealth security architecture• End-user security
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 3
MobiHealth architectureMobiHealth architectureMobiHealth architectureMobiHealth architecture
GPRS|UMTS
Sensor
Front-E
nd
BT|ZB
Actuator
MBU
GPRS / UMTS
Operator
I nternet I nternet /
LAN
Surrogate Host
BANData Repository
End-User Application
Wireless Service Broker
Back-End System
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 4
MH security architecture proposalMH security architecture proposalMH security architecture proposalMH security architecture proposal
GPRS|UMTS
Sensor
Front-E
nd
BT|ZB
Actuator
MBU
GPRS / UMTS
Operator
I nternet / LAN
W-TCP|TCP|UPD/ I P
I nternet / LAN
TCP/ I P
GPRS|UMTS SSL|--
BT|ZB Cable
BT|ZB --
RMI
--
HTTP|HTTPS
--|HTTPS
--|TCP/ I P
--|SSL|I Psec
Netw.
N Sec.
Data
D Sec.
Prop.
HTTPS RMI |HTTPS
HTTPS --|HTTPS
Propr.
Propr.
-- --
RMI
--
Data
D Sec.
W-TCP|TCP|UPD/ I P
--
--|TCP/ I P
--|SSL|I Psec
TCP/ I P
SSL
Netw.
N Sec.
Surrogate Host
BANData Repository
End-User Application
Wireless Service Broker
Back-End System
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 5
MobiHealth security architectureMobiHealth security architectureMobiHealth security architectureMobiHealth security architecture
GPRS|UMTS
Sensor
Front-E
nd
BT|ZB
Actuator
MBU
GPRS / UMTS
Operator
I nternet / LAN
W-TCP|TCP|UPD/ I P
I nternet / LAN
TCP/ I P
GPRS|UMTS --
BT|ZB Cable
BT|ZB --
--|TCP/ I P
--|--
Netw.
N Sec.
Prop.
HTTP Connect + HTTPS HTTPS
HTTP Proxy Authentication + HTTPS HTTPS
Propr.
Propr.
BT --
RMI
--
Data
D Sec.
W-TCP|TCP|UPD/ I P
--
--|TCP/ I P
--|--
Surrogate Host
BANData Repository
End-User Application
Wireless Service Broker
Back-End System
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 6
MobiHealth SecurityMobiHealth SecurityMobiHealth SecurityMobiHealth Security
• MobiHealth security architecture• End-user security
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 7
Security requirements addressed by Security requirements addressed by the MobiHealth Security the MobiHealth Security
ArchitectureArchitecture
Security requirements addressed by Security requirements addressed by the MobiHealth Security the MobiHealth Security
ArchitectureArchitecture• Confidentiality
BAN devices (sensors/actuators) <-> MBU confidentiality Provided by Bluetooth/(ZigBee) Not foreseen for wired sensors
BAN external confidentiality Confidentiality provided by SSL/TLS (e.g. HTTPS)
Back End System (Server) external confidentiality Confidentiality provided by SSL/TLS (e.g. HTTPS)
External traffic characteristics confidentiality Not foreseen Can be provided partially by the SSL/TLS protocol
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 8
Security requirements addressed by Security requirements addressed by the MobiHealth Security the MobiHealth Security
ArchitectureArchitecture
Security requirements addressed by Security requirements addressed by the MobiHealth Security the MobiHealth Security
ArchitectureArchitecture• Authentication Sensor authentication to BAN
Provided by Bluetooth/(ZigBee) Not foreseen for wired sensors
BAN authentication MBU authentication to SH through user/password MBU authentication to WSB through HTTP user/password
proxy authentication Back End System (Server) authentication to BAN
HTTPS (SSL/TLS) through a server certificate Back End System (Server) authentication to End-User
Application HTTPS (SSL/TLS) through a server certificate
End-User Application authentication to Back End System HTTP User/Password
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 9
Security requirements addressed by Security requirements addressed by the MobiHealth Security the MobiHealth Security
ArchitectureArchitecture
Security requirements addressed by Security requirements addressed by the MobiHealth Security the MobiHealth Security
ArchitectureArchitecture• Data storage Permanent local storage of sensor data
Secure storage in BANData Repository Not foreseen in BAN, GPRS/UMTS Operator, etc. if not
required Temporary local storage of sensor data
Allowed secure temporary storage for buffering, out-of-coverage recovery, etc.
Keep log of sensor data Not foreseen To be provided by the BAN OS / Back-End System if required
Keep log of BAN external transmissions Not foreseen To be provided by the SSL/TLS communications module if
required
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 10
Security requirements addressed by Security requirements addressed by the MobiHealth Security the MobiHealth Security
ArchitectureArchitecture
Security requirements addressed by Security requirements addressed by the MobiHealth Security the MobiHealth Security
ArchitectureArchitecture• Anonymity
Patients anonymity No use of patients identification but BAN identification Patients identification could be sent encrypted Identifiers could be used for patients identification
• Time stamping Time stamping
Not foreseen Timestamps should be included in packets if required
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 11
MobiHealth PKI ServerMobiHealth PKI ServerMobiHealth PKI ServerMobiHealth PKI Server
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 12
MobiHealth PKI ServerMobiHealth PKI ServerMobiHealth PKI ServerMobiHealth PKI Server
• https://hayek.upf.es/pub/MobiHealth
• X.509 certificates creation• Restricted access:
User/Password access Hospital technical personnel/manager in charge of
MBU setup and personalisation
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 13
UPF Next StepsUPF Next StepsUPF Next StepsUPF Next Steps• Finishing & Delivering Deliverable 2.5• Finishing Integration and Testing of MBU with
HTTP Connect + HTTP Proxy authentication + HTTPS connection
• Standardisation activities• Collaboration to Barcelona Trial• W-LAN tests
• BAN security integration• Data Simulation• Safety/Availability study
