a data centric security analysis of icgrid forth ics, university of cyprus and

Managed by

CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID

and Peer-to-Peer Technologies

A Data Centric Security Analysis of ICGrid

FORTH ICS, University of Cyprus and General Hospital of Nicosia

J. Luna, M. Flouris, M. Marazakis, A.Bilas,M. Dikaiakos, H. Gjermundrod and T. Kyprianou

April-2008

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 2

Outline

• Motivation: eHealth and Health Grids• ICGrid:

– Data and Metadata• Privacy means Trust:

– Legal Issues• Protecting ICGrid:

– Security Analysis– Proposed Privacy Protocol

• Conclusions and Future Work• Publications


Motivation: eHealth and Health Grids

• eHealth describes the application of IT and communications technologies across the whole range of functions that affect the health sector

• eHealth (like eGoverment and eBanking) promises substantial productivity gains and restructured, citizen-centered health systems.

• eHealth requirements for advanced computing and storage facilities, gave birth to Health Grids.


ICGrid

• ICUs require mechanisms for data acquisition, validation, storage, analysis, reporting, etc.

• ICGrid has been prototyped over EGEE and the gLite middleware to cope with these needs.

• ICGrid’s hybrid architecture combines sensors and Grid-enabled software tools.

• A Hospital’s ICU generates aprox. 33 Gb. per-day:– Metadata, including patient’s information and

physician’s annotations.– Actual sensor’s Data.


ICGrid: Metadata and Data


Privacy means Trust!

• Privacy is the right of an individual or group to hide information about themselves, disclosing it to Authorized entities.

• If Patients do not trust eHealth systems:– Give inaccurate or incomplete information.– Avoid care altogether.

• Therefore:– Patient with undetected and untreated conditions.– Future treatment may be compromised if the doctor

misrepresents patient information.– Life-threatening situations!


Legal Issues

• Modern Data Protection Legislations highlight the Patient’s right to privacy.

• The heart of the European eHealth world is the Electronic Health Record (EHR).

• Based on current Data Protection Legislation, a patient’s (or authorized entity) consent legitimates EHR processing.

• How to implement a data security solution for ICGrid, compliant with eHealth Legislations?

Managed by

Protecting ICGrid


Security Analysis

• Based on a security analysis framework for Data Grids.• Identifies Players, Trust Assumptions, Security Primitives,

Attacks and Damages (Leak, Change, Destroy).• Current security mechanisms:

– Secure inter-site channels (i.e. GSIFTP).– EGEE Central Services (i.e. CA, VOMS) and

implemented AuthN/AuthZ mechanisms are trusted.• Identified Vulnerabilities:

– Attackers with revoked credentials (latency of revocation information).

– Compromised Storage Elements provide full control over stored data.


Proposed Privacy Protocol (revised)

• Two basic mechanisms: – Cryptography (confidentiality, integrity) for

Data and Metadata. Design criteria: performance, encryption keys do not transverse the network.

– Fragmentation (high availability, confidentiality) only for the Data.

• Secondary mechanisms:– Mandatory Access Control for Metadata.– A Secure Log to back-trace operations.


Conclusions

• eHealth brings a citizen-centered Health System.• ICGrid is a proof of Health Grid suitability for

eHealth.• Due to new vulnerabilities being introduced,

keeping patient’s privacy has become a priority for Health Grids.

• Comprehensive Privacy Solution:– Legal: Data Protection laws and

harmonization.– Technological: R+D


• Our previous Security Analysis found that a successful attack to Storage Elements may fully compromise stored metadata and data.

• A Privacy Protocol (cryptography, fragmentation) has been proposed for ICGrid.

• Early results show that a “central” Data Encryption Service is feasible (performance, security).


• Future Work:– Metadata: AMGA’s encryption and “consent”

(digital signatures?).– Data: Crypto-performance tests,

Fragmentation (do we really need it?).– Implementation over the gLite Middleware

(Hydra, AMGA, SRM).


Publications

• “An analysis of security services in Grid storage systems”. In CoreGRID Workshop on Grid Middleware 2007. (Also published as TR-0090).

• “D.IA.16 Update of the Survey Material on Trust and Security”. Collaboration WP7. 2007.

• “Providing security to the Desktop Data Grid”. Accepted for the CoreGRID PCGrid Workshop 2008.

• “Data privacy considerations in Intensive Care Grids”. Submitted to Health Grid Conference 2008.

• “Using the gLite middleware to implement a secure Intensive Care Grid System”. Submitted to the CoreGRID Workshop on Grid Middleware 2008.

• “Knowledge and Data Management in Grids: notes on the state of the art”. Collaboration WP2. To be published as CoreGrid White Paper WHP-002. 2008.


Thank you for your attention!

Questions?

Jesus Luna

[email protected]@cs.ucy.ac.cy

a data centric security analysis of icgrid forth ics, university of cyprus and

Documents