Security Policy Implementation Strategies for Common Carrier Monitoring Service Providers Short...
-
date post
18-Dec-2015 -
Category
Documents
-
view
216 -
download
0
Transcript of Security Policy Implementation Strategies for Common Carrier Monitoring Service Providers Short...
Security Policy Implementation Strategies forCommon Carrier Monitoring Service Providers
Short Position Paper for IEEE POLICY 2009
Carl A. GunterUniversity of Illinois
Monitoring Service Provider (MSP) collects data from monitored parties, conveys it to users.
Example: monitoring for security and fire emergencies.
Advantages– Division of labor– Deals with heterogeneity, change– Provides value added services like routing and triage– Economy of scale
Monitoring Service Provider
MSP Components
• Applied to telecommunication carriers: limited responsibility for content
• Basis under US law– Restatement of Torts (Rest. 2d Torts sections 581,612), the Digital Millennium
Copyright Act (17 U.S.C. section 512), and the Communications Decency Act immunity for interactive computer service (47 U.S.C. sec 230).
• This talk: – Argue for three technologies that support the
implementation of Common Carrier MSPs (CCMSPs)– Illustrate with two application areas
Common Carrier Protection
Healthcare• Assisted living: monitor vital
signs of assisted persons• Increasing number of elderly,
rising healthcare costs, desire for independent living
• Enabled by advances in networking, sensors, and healthcare IT systems
• Assisted Living Service Provider (ALSP) is an MSP for assisted living
Energy Systems• Advanced Meter
Infrastructure (AMI): computers with wireless digital links monitor and may control power usage.
• Facilitates demand response and distributed generation, …. for “Smart Grid”
• Meter Data Management Service (MDMS) is an MSP for AMI
Application Areas
AMI Components and Applications
Technology• Service Oriented Architecture
(SOA) (aka “web services”) is distributed computing based on a set of standardized formats for B2B web commerce developed by W3C and Oasis
• Provide support for flexible security, including encryption
• Provides security capabilities beyond SSL/TLS
Application• ALSP design can use SOA with
XMLENC to provide end-to-end encryption model
• Easy to implement with existing platforms
• Assures that the ALSP collects only the routing data it needs, not medical data it does not process
• CCMSP protection
Enabling Technologies 1
Drop-Box Architecture
Monitoring Service
Clinician Service
Gateway
Home Environment
MedicalDevice
Enc[ Health status ]
Enc[ Reminder ]
Store&
Forward
MedicalDevice
MonitoringService Clinician
8May, Shin, Gunter, FMSE 07
Technology• Attribute-Based Encryption
(ABE)• New public key cryptography
based on Identity-Based Encryption (IBE)
• Encrypts using a policy based on attributes
• Prevents collusion between parties with attributes
Application• Provides ALSP a flexible way
to dispatch encrypted messages to parties without knowing more than their attributes
• Message to attending and primary care physicians can be encrypted under doctor attribute
• Minimizes key management while supporting CCMSP
Enabling Technologies 2
Attribute-Based Messaging Encryption
Bobba, Fatemieh, Khan, Khan, Gunter, Khanna, Prabhakaran, TISSEC 09
Technology• Remote Attestation is the
concept of checking remote system state using a trusted monitoring element
• Protection levels vary: software or also hardware tamper resistance
• TPM now common in PCs• Need to extend technology to
embedded processors (e.g. flash MPUs)
Application• Residential loads generate
details useful to residents but not by utility
• Desirable to leave details behind and collect aggregate data needed for billing
• Remote attestation offers some assurance for the aggregation, especially for updatable software meters
Enabling Technologies 3
Cumulative Attestation for Embedded Processors
LeMay, Gunter, ESORICS 07
ArchitectureMSP Monitoring Service ProviderCCMSP Common Carrier MSP
ApplicationALSP Assisted Living Service ProviderMDMS Meter Data Management Service
TechnologySOA Service Oriented ArchitectureABE and ABM Attribute-Based Encryption and MessagingRemote Attestation
Summary