© ramon martí, dmag, universitat pompeu fabra 1 wp2 upf contribution to mobihealth security in the...
TRANSCRIPT
![Page 1: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/1.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra 1
WP2WP2UPF Contribution to MobiHealthUPF Contribution to MobiHealthSecurity in the MobiHealth BANSecurity in the MobiHealth BAN
WP2WP2UPF Contribution to MobiHealthUPF Contribution to MobiHealthSecurity in the MobiHealth BANSecurity in the MobiHealth BAN
Enschede2002/09/18-20
![Page 2: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/2.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 2
UPF ParticipationUPF Participation Workpackages and Tasks Workpackages and Tasks
UPF ParticipationUPF Participation Workpackages and Tasks Workpackages and Tasks
• WP2 - MobiHealth services and BAN integration T2.2 - Development and integration of the BAN
platform T2.5 - Security Services for the BAN
• Starting on M3: WP2 - MobiHealth services and BAN integration (M3-
M13) T2.2 - Development and integration of the BAN
platform (M3-M13) T2.5 - Security services for the BAN (M3-M13)
![Page 3: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/3.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 3
WP2 Security TimetableWP2 Security TimetableWP2 Security TimetableWP2 Security Timetable
• T2.5 - Security services in the MobiHealth BAN Refinement of requirements M03-M05 (Aug-Sep) BAN Test Security Platform Set-up M04-M06 (Sep-Oct) BAN Network Security Tests M05-M08 (Oct-Dec) BAN Transport Security Tests M05-M08 (Oct-Dec) BAN Application Security Tests M05-M08 (Oct-
Dec) BAN Security Integration M08-M10 (Jan-Feb) BAN Final Security Integration M10-M13 (Mar-
May)
![Page 4: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/4.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 4
General security requirementsGeneral security requirementsGeneral security requirementsGeneral security requirements
• Data protection: Components
Storage Access
Communications Hop to hop End to end
![Page 5: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/5.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 5
Other security servicesOther security servicesOther security servicesOther security services
• Traffic confidentiality (origin, destination, length, time, ... of messages)
• Confidentiality of identity (anonymity, pseudonymity)
• Confidentiality of location• Availability (counter DoS attacks)• Accountability• Reliability
![Page 6: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/6.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 6
MobiHealth System ArchitectureMobiHealth System ArchitectureMobiHealth System ArchitectureMobiHealth System Architecture
AppServer Workstation
GPRS/ UMTS
Sensor
Front-E
nd
BT
WSB Actuator
MBU
![Page 7: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/7.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 7
MobiHealth System Components MobiHealth System Components MobiHealth System Components MobiHealth System Components
• Sensor• Actuator• Front-End• MBU (Mobile Base Unit)• WSB (Wireless Service Broker)• AppServer• WorkStation
![Page 8: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/8.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 8
MobiHealth System Components MobiHealth System Components SecuritySecurity
MobiHealth System Components MobiHealth System Components SecuritySecurity
• Confidentiality / privacy: Data encryption and authentication
Data confidentiality No data stored in some components
• Authenticity / integrity User authentication (password, smartcard, . . . ) Terminal authentication (SIM, . . . ) Application/server authentication (certificate, . . . )
![Page 9: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/9.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 9
MobiHealth CommunicationsMobiHealth CommunicationsMobiHealth CommunicationsMobiHealth Communications
• Sensor <-> Front-End• Actuator <-> Front-End• Front-End <-> PDA• PDA<->WSB• WSB <-> AppServer• PDA <-> AppServer• AppServer <-> Workstation
![Page 10: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/10.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 10
Communications SecurityCommunications SecurityCommunications SecurityCommunications Security
• Security can be added to most communication layers
• Different security features depending on layer: Data link layer: Bluetooth, GPRS/UMTS, ... Network layer: IPsec, ... Transport layer: SSL/TLS, HTTPS, ... Application layer: Data encryption (OpenSSL
Libraries, MIME)
![Page 11: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/11.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 11
Data Link Layer / Network Layer Data Link Layer / Network Layer SecuritySecurity
Data Link Layer / Network Layer Data Link Layer / Network Layer SecuritySecurity
• Data Link Layer Security Hop-to-hop protection (encryption and authentication). No user or application authentication. Security provided by Bluetooth or GPRS/UMTS, in each
case, can be used.• Network Layer Security
Host-to-host protection (encryption and authentication) Hop-to-hop protection End-to-end protection
No user or application authentication. IPsec can be used.
![Page 12: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/12.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 12
Transport Layer / Application Layer Transport Layer / Application Layer SecuritySecurity
Transport Layer / Application Layer Transport Layer / Application Layer SecuritySecurity
• Transport Layer Security End-to-end protection (encryption and authentication). Application-to-application protection; opt. user
authentication SSL/TLS or HTTPS can be used.
• Application Layer Security Application-to-application and application_user-to-
application_user protection, including user authentication.
Usually through encryption or/and signature of data sent through the communications stack.
SMIME or OpenSSL libraries could be used to encrypt and sign data.
![Page 13: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/13.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 13
MobiHealth SecurityMobiHealth SecurityBAN and Rest of the SystemBAN and Rest of the System
MobiHealth SecurityMobiHealth SecurityBAN and Rest of the SystemBAN and Rest of the System
• BAN Security Sensor <-> Front-End Front-End Front-End <-> PDA PDA PDA <-> WSB PDA <-> AppServer
• Rest of MobiHealth Security WSB AppServer Workstation WSB <-> AppServer AppServer <-> Workstation
![Page 14: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/14.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 14
WP2 Security TimetableWP2 Security TimetableWP2 Security TimetableWP2 Security Timetable
• T2.5 - Security services in the MobiHealth BAN Refinement of requirements M03-M05 (Aug-Sep) BAN Test Security Platform Set-up M04-M06 (Sep-Oct) BAN Network Security Tests M05-M08 (Oct-Dec) BAN Transport Security Tests M05-M08 (Oct-Dec) BAN Application Security Tests M05-M08 (Oct-
Dec) BAN Security Integration M08-M10 (Jan-Feb) BAN Final Security Integration M10-M13 (Mar-
May)
![Page 15: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/15.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 15
Security Possible Setups First Security Possible Setups First Approach Approach
Security Possible Setups First Security Possible Setups First Approach Approach
• iPAQ Linux (GPRS) to Linux Gateway using IPsec tunnel with pre-shared keys.
• iPAQ Linux (GPRS) to Linux Gateway using IPsec tunnel with x.509 certificates.
• iPAQ Linux (GPRS) to Windows 2000/XP Gateway using IPsec tunnel with pre-shared keys.
• iPAQ Linux (GPRS) to Windows 2000/XP Gateway using IPsec tunnel with x.509 certificates.
• iPAQ Windows CE (GPRS) to Linux Gateway using IPsec tunnel with pre-shared keys.
• iPAQ Windows CE (GPRS) to Windows 2000/XP Gateway using IPsec tunnel with pre-shared keys.
![Page 16: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/16.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 16
Setup RequirementsSetup RequirementsSetup RequirementsSetup Requirements• Common part: certificates creation
Set-up a Certificate Authority (CA) Certificates Generation Installation of certificates in Gateway Machines
(Linux) Installation of certificates in Linux machines (PPC
2002 & PC) Installation of certificates in Windows 2000/XP
machines (PC)• FreeS/WAN: IPsec for Linux (Linux PPC & PC)
Installation and configuration in Linux machines
![Page 17: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/17.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 17
Test Security Platform Set-upTest Security Platform Set-upTest Security Platform Set-upTest Security Platform Set-up• Linux PC• Windows 2000 PC• iPAQ
Just arrived Test iPAQ <-> GPRS connection
Serial port Bluetooth
• GPRS Phones Received beginning September from Movilforum
2 Motorola Timeport 260 GPRS 1 Ericsson T32m Bluetooth
![Page 18: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/18.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 18
Software Requirements and Software Requirements and InstallationInstallation
Software Requirements and Software Requirements and InstallationInstallation
• Downloaded and installed FreeS/WAN X.509 Patch for FreeS/WAN (version 0.9.12 or better) Patches to add multiple encryption ciphers, etc.
(optional) Marcus Müller's Windows 2000 VPN Tool OpenSSL package in Linux AdmitOne(r) VPN Client for Pocket PC Linux on iPAQ
![Page 19: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/19.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 19
Test Security Platform Set-upTest Security Platform Set-up Current Status Current Status
Test Security Platform Set-upTest Security Platform Set-up Current Status Current Status
Install. Config.Tests
Linux GW and CA yes yes yes
W2K/XP GW yes yes yes Linux PC vs. Linux GW yes yes no W2K/XP PC vs. Linux GW yes yes yes W2K/XP PC vs. W2K/XP GW yes yes no iPAQ WCE vs. Linux GW no no no iPAQ WCE vs. W2K/XP GW no no no iPAQ Linux vs. Linux GW no no no iPAQ Linux vs. W2K/XP GWno no no
![Page 20: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/20.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 20
Open Security Issues in the BAN Open Security Issues in the BAN (1/4)(1/4)
Open Security Issues in the BAN Open Security Issues in the BAN (1/4)(1/4)
• What are the security requirements for the trial scenarios
• Which components are to be protected Internal network: sensors, front end, MBU External network: GPRS/UMTS, application server
• How to integrate security into the BAN architecture • Hardware, BAN OS • What will be there at the server side?• Where is the “intelligence” of the system to be
developed?• More cooperation required with the other WP2
partners
![Page 21: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/21.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 21
Open Security Issues in the BAN Open Security Issues in the BAN (2/4)(2/4)
Open Security Issues in the BAN Open Security Issues in the BAN (2/4)(2/4)
• Communication Protocols Sensor <-> Front-End Actuator <-> Front-End Front-End <-> PDA PDA<->WSB [WSB <-> AppServer] PDA <-> AppServer [AppServer <-> Workstation]
• Communication Protocols Security
![Page 22: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/22.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 22
Open Security Issues in the BAN Open Security Issues in the BAN (3/4)(3/4)
Open Security Issues in the BAN Open Security Issues in the BAN (3/4)(3/4)
• MobiHealth System Components Functionality Sensor Actuator Front-End MBU (Mobile Base Unit) [WSB (Wireless Service Broker)] [AppServer] [WorkStation]
• MobiHealth System Components Security Storage Access
![Page 23: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/23.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 23
Open Security Issues in the BAN Open Security Issues in the BAN (4/4)(4/4)
Open Security Issues in the BAN Open Security Issues in the BAN (4/4)(4/4)
• MobiHealth System Components Platform: PDA
OS: Windows CE / Linux Application Server
Hardware: PC / Workstation OS: Windows 2000 / Linux
Workstation Hardware: PC / Workstation OS: Windows 2000 / Linux
![Page 24: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/24.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 24
![Page 25: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/25.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 25
BAN ArchitectureBAN ArchitectureBAN ArchitectureBAN Architecture
![Page 26: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/26.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 26
General Security ThreatsGeneral Security ThreatsGeneral Security ThreatsGeneral Security Threats• Transmission or storage electronic data security
threats Interruption: Data transmission interrupted, or stored
data deleted. Interception: Data accessed and read during
transmission or storage. Modification: Data modified during transmission or
storage. Fabrication: Data created by a third party, supplanting
the data originator. Man in the middle: Third party introduced in the middle
of communication, supplanting receiver from sender point of view, and supplanting sender from receiver point of view.
![Page 27: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/27.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 27
General Security ServicesGeneral Security ServicesGeneral Security ServicesGeneral Security Services• General security services to avoid security threats:
Confidentiality: Protect data to be (almost) impossible to interpret for non authorised user in communication or storage.
Integrity: Protect data against non allowed modification, insertion, reordering or destruction during communication or storage.
Authentication: Allows the way to corroborate identity of the entities implied in the data creation or communication.
Non Repudiation: Protects against unilateral or mutual data repudiation.
Access control: Protects system and resources against not authorised use.
![Page 28: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/28.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 28
General Security Services and General Security Services and ThreadsThreads
General Security Services and General Security Services and ThreadsThreads
• Security services for security threats protection: Interruption: -- Interception: Confidentiality Modification: Integrity, Authentication Fabrication: Authentication Man in the middle: Authentication
• Threats addressed by security services: Confidentiality: Interception Integrity: Modification Authentication: Fabrication, Man in the middle Non Repudiation: -- Access control: --
![Page 29: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/29.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 29
General Security MechanismsGeneral Security MechanismsGeneral Security MechanismsGeneral Security Mechanisms• Symmetrical key encryption: “Low” computing
power• Asymmetrical key encryption: “High” computing
power Encryption with public key of receiver Encryption with private key of sender
• Signature: Asymmetrical key encryption of message hash with private key of sender. “Low” computing power
• Combined: F.e. Asymmetrical key encryption for interchange of symmetrical key + Symmetrical key encryption for data interchange.
![Page 30: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/30.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 30
General Security Services and General Security Services and MechanismsMechanisms
General Security Services and General Security Services and MechanismsMechanisms
• Confidentiality: Encryption. Symmetrical or asymmetrical. Symmetrical usually used.
• Integrity: Signature or Encryption (Symmetrical or asymmetrical). Signature is better.
• Authentication: Signature or Symmetrical Encryption with private sender key. Signature is better.
• Non Repudiation: Signature. Single or mutual.• Access control: --
![Page 31: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/31.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 31
Communication layersCommunication layersCommunication layersCommunication layers
• Layer 7: The application layer• Layer 6: The presentation layer• Layer 5: The session layer• Layer 4: The transport layer• Layer 3: The network layer• Layer 2: The data-link layer• Layer 1: The physical layer
![Page 32: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/32.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 32
Sensor <-> Front-End SecuritySensor <-> Front-End SecuritySensor <-> Front-End SecuritySensor <-> Front-End Security• In principle, no data encryption is foreseen,
except in case Bluetooth is used for wireless.• Communications:
Wired: Maybe security is not really needed. Wireless: Security may be required in the
communication. Bluetooth Zigbee
• Data encryption and/or authentication: Only in wireless communication?
Bluetooth
![Page 33: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/33.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 33
Front-End SecurityFront-End SecurityFront-End SecurityFront-End Security
• Front-End stores data received from sensors. This data stored in the Front-End should be protected.
• Data encryption and authentication: SMIME OpenSSL libraries
![Page 34: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/34.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 34
Front-End <-> PDA SecurityFront-End <-> PDA SecurityFront-End <-> PDA SecurityFront-End <-> PDA Security• It must be decided if security is really needed.• Communications:
Wired Wireless: security is required.
Bluetooth Flash memory
• Data encryption and authentication: Could be required
Bluetooth SMIME OpenSSL libraries
![Page 35: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/35.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 35
PDA SecurityPDA SecurityPDA SecurityPDA Security
• PDA should act as communication component in BAN to get data from Front-end and send it secure through GPRS/UMTS to AppServer.
• Data encryption and authentication: No data should be stored in the PDA.
• User authentication: May be required for accessing PDA
Password SIM-card X.509 key
![Page 36: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/36.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 36
PDA <-> WSB SecurityPDA <-> WSB SecurityPDA <-> WSB SecurityPDA <-> WSB Security Communications:
GPRS/UMTS WAP + WML HTTP / HTTPS + HTML
User authentication: May be required. SIM-card based?
Terminal authentication: May be required. SIM-card X.509 key
Data encryption and authentication: GPRS/UMTS Network layer security (f.e. IPsec) may be required. Transport layer security (SSL/TLS, HTTPS) may be required Application layer security (data encryption) (SMIME,
OpenSSL libraries) may be required.
![Page 37: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/37.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 37
PDA <-> AppServer SecurityPDA <-> AppServer SecurityPDA <-> AppServer SecurityPDA <-> AppServer Security Should include some authentication and data encryption. Communications:
TCP / IP (IPsec) WAP + WML HTTP / HTTPS + HTML
User Authentication: It should also include some user authentication. SIM-card X.509 key
Terminal authentication: Some terminal authentication may be required.
SIM-card X.509 key
Data encryption and authentication: Network layer security (f.e. IPsec) may be required. Transport layer security (SSL/TLS, HTTPS) may be required Application layer security (data encryption) (SMIME, OpenSSL
libraries) may be required.
![Page 38: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/38.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 38
WSB SecurityWSB SecurityWSB SecurityWSB Security
• No data should be stored in the WSB.• Data encryption and authentication:
No data should be stored in the PDA.
![Page 39: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/39.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 39
AppServer SecurityAppServer SecurityAppServer SecurityAppServer Security
• Data stored should be encrypted to avoid interception.
• Data encryption and authentication: SMIME OpenSSL libraries
• User authentication: May be required for accessing the AppServer.
Password SIM-card X.509 key
![Page 40: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/40.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 40
Workstation SecurityWorkstation SecurityWorkstation SecurityWorkstation Security
• Data Storage: No data should be stored in the Workstation.
• User authentication: Some user authentication may be required for accessing the Workstation.
Password SIM-card X.509 key
![Page 41: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/41.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 41
WSB <-> AppServer SecurityWSB <-> AppServer SecurityWSB <-> AppServer SecurityWSB <-> AppServer Security
• Communications: TCP / IP (IPsec) WAP + WML HTTP / HTTPS + HTML
• Data encryption and authentication: Network layer security (f.e. IPsec) may be required. Transport layer security (SSL/TLS, HTTPS) may be
required Application layer security (data encryption) (SMIME,
OpenSSL libraries) may be required.
![Page 42: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/42.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 42
AppServer <-> Workstation AppServer <-> Workstation SecuritySecurity
AppServer <-> Workstation AppServer <-> Workstation SecuritySecurity
• Internal communication inside hospital or health centre.
• Communications: TCP / IP (IPsec) WAP + WML HTTP / HTTPS + HTML
• Data encryption and authentication: Network layer security (f.e. IPsec) may be required. Transport layer security (SSL/TLS, HTTPS) may be
required Application layer security (data encryption) (SMIME,
OpenSSL libraries) may be required.
![Page 43: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/43.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 43
Communications securityCommunications securityCommunications securityCommunications security
• Communication layers: Data link layer (Bluetooth, GPRS, . . . ) Network layer (IPsec, . . . ) Application layer (SSL/TLS, . . . )
• Data link layer security for hop to hop protection, • Application layer security for end to end
protection
![Page 44: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/44.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 44
MobiHealth CommunicationMobiHealth CommunicationMobiHealth CommunicationMobiHealth Communication• Sensor <-> Front-End: Wired / Bluetooth / Zigbee• Actuator <-> Front-End: Wired / Bluetooth /
Zigbee• Front-End <-> PDA: Bluetooth• PDA<->WSB: GPRS / UMTS + [WAP + WML |
HTTP / HTTPS + HTML]• WSB <-> AppServer: HTTP / HTTPS + HTML |
WAP + WML• PDA <-> AppServer: HTTP / HTTPS + HTML |
WAP + WML• AppServer <-> Workstation: HTML
![Page 45: © Ramon Martí, DMAG, Universitat Pompeu Fabra 1 WP2 UPF Contribution to MobiHealth Security in the MobiHealth BAN Enschede 2002/09/18-20](https://reader036.vdocument.in/reader036/viewer/2022062518/56649e955503460f94b99c20/html5/thumbnails/45.jpg)
© Ramon Martí, DMAG, Universitat Pompeu Fabra Page 45
Security servicesSecurity servicesSecurity servicesSecurity services
Confidentiality / privacy Data confidentiality
Authenticity / integrity User authentication (password, smartcard, . . . ) Terminal authentication (SIM, . . . ) Application/server authentication (certificate, . . . )