Cyber Security Issues in Assisted Living

1
Cyber Security Issues in Assisted Living

• Carl A. Gunter
• University of Illinois

2
Issues

• Reliability
• System failures frustrate users and jeopardize
  outcomes.
• Usability
• Complicated tasks will be avoided by users and
  risk errors.
• Interoperability
• Integrating the systems of many vendors is
  challenging but can provides richer services at
  lower cost.
• Security
• Privacy and access rights of stakeholders must be
  respected.
• Regulatory (HIPPA) requirements must be satisfied.

3
Architecture

• Drop-Box architecture
• Medical Devices
• Monitoring Service
• Clinician Service
• Home-Network Protection
• USB token-based approach
• Web service-based approach
• Web service standards SOAP, WS-Security,
  WS-Reliability

• Security
• (End-to-End Confidentiality
• and Integrity)
• Reliability

• Security
• (Availability)
• Usability

• Interoperability

4
Drop-Box Architecture

Monitoring Service
Clinician
Medical Device
Store Forward
Enc Health status
Enc Reminder
Open specifications enable the monitoring service
and multiple clinicians to interoperate with
devices from many vendors.
5
Security

• WS-Security
• OASIS Standard v 1.0 (2004) provides end-to-end
  message level security.
• It is possible to encrypt an element of a message.

SOAP Envelope
SOAP Envelope

• Double Encryption of SOAP Messages
• Step 1 Encrypt medical information using an
  end-to-end key (patient-doctor key)
• Step 2 Encrypt the whole message using a
  transmission key (patient-monitoring server key)

SOAP Body
SOAP Element Routing Information
SOAP Element Medical Information
SOAP Element Medical Information
6
Reliability

• WS-Reliability
• OASIS Standard V1.1 (2004)

7
Home-Network Protection

• Home-network resources should be protected
• Availability access control to home network
  router
• Confidentiality, Integrity
• WPA (WiFi Protected Access 2) - Personal
• WPA-Personal (or WPA-PSK) does not require an
  authentication server (c.f., WPA-Enterprise)
• All major operating systems (Windows, Linux, Mac)
  and Wireless AP products support WPA-Personal

8
Tools for Secret Sharing

• Possible devices to create a location-limited
  channels
• USB storage tokens
• Infrared channels
• Audio channels
• Camera phones and 2D barcodes

9
Functionalities
Home Network Protection Usability
Reliability
End-to-End Secure Communication
Interoperability
10
Architecture

• Drop Box and AMY (Auth. Manager for You)

From Alice To Dr. Brown BloodSugarRate 135
From Alice To Dr. Brown

From Alice To Dr. Brown BloodSugarRate 135
11
Testbed
Implementation H/W - One Linux Server / Two
Windows Clients - Digital Pulse Oximeter
(Bluetooth-enabled) S/W - Java 2 SE 5.0 -
Apache AXIS (SOAP) - Apache WSS4J
(WS-Security) - Apache Sandesha
(WS-Reliability) Network - LAN, WPA
12
Test Bed
Implementation Environment

• - Java 2 SE 5.0
• Apache AXIS (SOAP)
• Apache WSS4J
• (WS-Security)
• Apache Sandesha
• (WS-Reliability)
• - Linux Server, Windows Clients
• - WPA Wireless Network Environment of Siebel
  Center

Windows (Notebook)
Desktop (Linux)
Windows (Notebook)
13
Conclusions

• Security considerations will be a significant
  barrier to many applications of assisted living.
• The drop box architecture provides a flexible
  approach to a significant range of applications.
• Many extensions of our basic framework are
  possible, but some applications may require a
  different approach.