1 / 15

A Data Centric Security Analysis of ICGrid FORTH ICS, University of Cyprus and

CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies. A Data Centric Security Analysis of ICGrid FORTH ICS, University of Cyprus and General Hospital of Nicosia

artie
Download Presentation

A Data Centric Security Analysis of ICGrid FORTH ICS, University of Cyprus and

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies A Data Centric Security Analysis of ICGrid FORTH ICS, University of Cyprus and General Hospital of Nicosia J. Luna, M. Flouris, M. Marazakis, A.Bilas, M. Dikaiakos, H. Gjermundrod and T. Kyprianou April-2008

  2. Outline • Motivation: eHealth and Health Grids • ICGrid: • Data and Metadata • Privacy means Trust: • Legal Issues • Protecting ICGrid: • Security Analysis • Proposed Privacy Protocol • Conclusions and Future Work • Publications European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  3. Motivation: eHealth and Health Grids • eHealth describes the application of IT and communications technologies across the whole range of functions that affect the health sector • eHealth (like eGoverment and eBanking) promises substantial productivity gains and restructured, citizen-centered health systems. • eHealth requirements for advanced computing and storage facilities, gave birth to Health Grids. European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  4. ICGrid • ICUs require mechanisms for data acquisition, validation, storage, analysis, reporting, etc. • ICGrid has been prototyped over EGEE and the gLite middleware to cope with these needs. • ICGrid’s hybrid architecture combines sensors and Grid-enabled software tools. • A Hospital’s ICU generates aprox. 33 Gb. per-day: • Metadata, including patient’s information and physician’s annotations. • Actual sensor’s Data. European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  5. ICGrid: Metadata and Data European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  6. Privacy means Trust! • Privacy is the right of an individual or group to hide information about themselves, disclosing it to Authorized entities. • If Patients do not trust eHealth systems: • Give inaccurate or incomplete information. • Avoid care altogether. • Therefore: • Patient with undetected and untreated conditions. • Future treatment may be compromised if the doctor misrepresents patient information. • Life-threatening situations! European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  7. Legal Issues • Modern Data Protection Legislations highlight the Patient’s right to privacy. • The heart of the European eHealth world is the Electronic Health Record (EHR). • Based on current Data Protection Legislation, a patient’s (or authorized entity) consent legitimates EHR processing. • How to implement a data security solution for ICGrid, compliant with eHealth Legislations? European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  8. Protecting ICGrid

  9. Security Analysis • Based on a security analysis framework for Data Grids. • Identifies Players, Trust Assumptions, Security Primitives, Attacks and Damages (Leak, Change, Destroy). • Current security mechanisms: • Secure inter-site channels (i.e. GSIFTP). • EGEE Central Services (i.e. CA, VOMS) and implemented AuthN/AuthZ mechanisms are trusted. • Identified Vulnerabilities: • Attackers with revoked credentials (latency of revocation information). • Compromised Storage Elements provide full control over stored data. European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  10. Proposed Privacy Protocol (revised) • Two basic mechanisms: • Cryptography (confidentiality, integrity) for Data and Metadata. Design criteria: performance, encryption keys do not transverse the network. • Fragmentation (high availability, confidentiality) only for the Data. • Secondary mechanisms: • Mandatory Access Control for Metadata. • A Secure Log to back-trace operations. European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  11. Conclusions • eHealth brings a citizen-centered Health System. • ICGrid is a proof of Health Grid suitability for eHealth. • Due to new vulnerabilities being introduced, keeping patient’s privacy has become a priority for Health Grids. • Comprehensive Privacy Solution: • Legal: Data Protection laws and harmonization. • Technological: R+D European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  12. Our previous Security Analysis found that a successful attack to Storage Elements may fully compromise stored metadata and data. • A Privacy Protocol (cryptography, fragmentation) has been proposed for ICGrid. • Early results show that a “central” Data Encryption Service is feasible (performance, security). European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  13. Future Work: • Metadata: AMGA’s encryption and “consent” (digital signatures?). • Data: Crypto-performance tests, Fragmentation (do we really need it?). • Implementation over the gLite Middleware (Hydra, AMGA, SRM). European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  14. Publications • “An analysis of security services in Grid storage systems”. In CoreGRID Workshop on Grid Middleware 2007. (Also published as TR-0090). • “D.IA.16 Update of the Survey Material on Trust and Security”. Collaboration WP7. 2007. • “Providing security to the Desktop Data Grid”. Accepted for the CoreGRID PCGrid Workshop 2008. • “Data privacy considerations in Intensive Care Grids”. Submitted to Health Grid Conference 2008. • “Using the gLite middleware to implement a secure Intensive Care Grid System”. Submitted to the CoreGRID Workshop on Grid Middleware 2008. • “Knowledge and Data Management in Grids: notes on the state of the art”. Collaboration WP2. To be published as CoreGrid White Paper WHP-002. 2008. European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  15. Thank you for your attention! • Questions? • Jesus Luna • jluna@ics.forth.gr • jluna@cs.ucy.ac.cy European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

More Related