Security Policy Implementation Strategies forCommon Carrier Monitoring Service Providers

Short Position Paper for IEEE POLICY 2009

Carl A. GunterUniversity of Illinois

Monitoring Service Provider (MSP) collects data from monitored parties, conveys it to users.

Example: monitoring for security and fire emergencies.

Advantages– Division of labor– Deals with heterogeneity, change– Provides value added services like routing and triage– Economy of scale

Monitoring Service Provider

MSP Components

• Applied to telecommunication carriers: limited responsibility for content

• Basis under US law– Restatement of Torts (Rest. 2d Torts sections 581,612), the Digital Millennium

Copyright Act (17 U.S.C. section 512), and the Communications Decency Act immunity for interactive computer service (47 U.S.C. sec 230).

• This talk: – Argue for three technologies that support the

implementation of Common Carrier MSPs (CCMSPs)– Illustrate with two application areas

Common Carrier Protection

Healthcare• Assisted living: monitor vital

signs of assisted persons• Increasing number of elderly,

rising healthcare costs, desire for independent living

• Enabled by advances in networking, sensors, and healthcare IT systems

• Assisted Living Service Provider (ALSP) is an MSP for assisted living

Energy Systems• Advanced Meter

Infrastructure (AMI): computers with wireless digital links monitor and may control power usage.

• Facilitates demand response and distributed generation, …. for “Smart Grid”

• Meter Data Management Service (MDMS) is an MSP for AMI

Application Areas

AMI Components and Applications

Technology• Service Oriented Architecture

(SOA) (aka “web services”) is distributed computing based on a set of standardized formats for B2B web commerce developed by W3C and Oasis

• Provide support for flexible security, including encryption

• Provides security capabilities beyond SSL/TLS

Application• ALSP design can use SOA with

XMLENC to provide end-to-end encryption model

• Easy to implement with existing platforms

• Assures that the ALSP collects only the routing data it needs, not medical data it does not process

• CCMSP protection

Enabling Technologies 1

Drop-Box Architecture

Monitoring Service

Clinician Service

Gateway

Home Environment

MedicalDevice

Enc[ Health status ]

Enc[ Reminder ]

Store&

Forward

MedicalDevice

MonitoringService Clinician

8May, Shin, Gunter, FMSE 07

Technology• Attribute-Based Encryption

(ABE)• New public key cryptography

based on Identity-Based Encryption (IBE)

• Encrypts using a policy based on attributes

• Prevents collusion between parties with attributes

Application• Provides ALSP a flexible way

to dispatch encrypted messages to parties without knowing more than their attributes

• Message to attending and primary care physicians can be encrypted under doctor attribute

• Minimizes key management while supporting CCMSP

Enabling Technologies 2

Attribute-Based Messaging Encryption

Bobba, Fatemieh, Khan, Khan, Gunter, Khanna, Prabhakaran, TISSEC 09

Technology• Remote Attestation is the

concept of checking remote system state using a trusted monitoring element

• Protection levels vary: software or also hardware tamper resistance

• TPM now common in PCs• Need to extend technology to

embedded processors (e.g. flash MPUs)

Application• Residential loads generate

details useful to residents but not by utility

• Desirable to leave details behind and collect aggregate data needed for billing

• Remote attestation offers some assurance for the aggregation, especially for updatable software meters

Enabling Technologies 3

Cumulative Attestation for Embedded Processors

LeMay, Gunter, ESORICS 07

ArchitectureMSP Monitoring Service ProviderCCMSP Common Carrier MSP

ApplicationALSP Assisted Living Service ProviderMDMS Meter Data Management Service

TechnologySOA Service Oriented ArchitectureABE and ABM Attribute-Based Encryption and MessagingRemote Attestation

Summary