1 / 25

On Securing the Public Health Information Network Messaging System

On Securing the Public Health Information Network Messaging System. Barry Rhodes, Ph.D. Associate Director Public Health System Development NCPHI Centers for Disease Control and Prevention www.cdc.gov. Rajashekar Kailar, Ph.D. Chief Technology Officer Business Networks International Inc.

gin
Download Presentation

On Securing the Public Health Information Network Messaging System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On Securing the Public Health Information Network Messaging System Barry Rhodes, Ph.D. Associate Director Public Health System Development NCPHI Centers for Disease Control and Prevention www.cdc.gov Rajashekar Kailar, Ph.D. Chief Technology Officer Business Networks International Inc. www.bnetal.com

  2. Overview • Public Health Information Network (PHIN) • PHIN Messaging System (PHINMS) • Security considerations • Public Key Infrastructure considerations

  3. PublicHealth Information Network (PHIN) (www.cdc.gov/phin/) • Public health organizations • CDC • State, Local Health Departments • National Laboratories (e.g., LabCorp) • Standards based information gathering and dissemination across organizations (routine surveillance, emergency event response) • Data gathering: NEDSS Data Model, PAMs • Message content: HL7 • Data transport: ebXML over HTTP(S)

  4. Electronic Business XML (www.ebxml.org) XML Standard for B2B electronic document exchanges • SOAP with Attachments • Reliable (once and only once delivery) • Message level security (XMLENC / XMLDSIG) • Standard message envelope, addressing schema / semantics • Workflows (Service, Action)

  5. PHIN - Operational Environment

  6. PHIN Messaging System • Secure and Reliable Transport over Public Networks • Security: Confidentiality, Integrity, Non-Repudiation, Authentication, Access Control • Reliability: Once and only Once delivery, network failure handling • Standards Based • ebXML/HTTPS, X.509, XMLDSIG, XMLENC • Platform Neutral • Java/J2EE • Language Neutral • Queue Interfaces (database tables) • Payload agnostic (text, binary) • Extensible • Message handlers • Certified for ebXML interoperability with several ebXML products by Drummond Group

  7. PHINMS - Functional Components Message PHINMS Sender Application Response Application1 (Message Handler) Message PHINMS Receiver Application2 (Message Handler) Response

  8. Messaging Security Context • Sensitive data • Public, un-trusted networks (Internet) • Autonomous organizations • Heterogeneous environments • Public health users not always security savvy

  9. Business/Electronic Collaboration Agreements State Lab State HD Client Client CDC Server Server Client Server Hospital System National Labs Client Client No central identity/trust authority PKI and non-PKI environments

  10. PHINMS – Messaging/Trust Models Hub-and-Spoke (route-not-read) Peer-to-Peer (direct-send)

  11. DOH Private Key (Decrypt) DOH Public Key (Encrypt) HL7 HL7 DB Q DB Q Confidentiality – Transport and Message Level LDAP State DOH Lab Internet Proxy Server PHINMS Server PHINMS Client DMZ Firewall Firewall

  12. Lab Private Key (Sign) Lab Public Key (Verify) HL7 HL7 DB Q DB Q Integrity: Transport and Message Level State DOH Lab Internet Proxy Server PHINMS Server PHINMS Client DMZ

  13. ACL Access Control: Perimeter Level DMZ Internal Network Internal Network Proxy Server PHINMS Receiver Message Consumer Internet PHINMS Sender Firewall Firewall Firewall

  14. Identities, Credentials, Authorities Accept Multiple Credentials (policy dependent) Submit Multiple Credentials Identity: Party ID Credential: Certificate, Password

  15. Access Control: Message Level

  16. End Point Authentication Two factor: Appropriate for user interactions 2 Factor for B2B – No inter-op standards, Lower assurance ROI

  17. Firewall ConsiderationsScenario 1: Both parties are Internet Accessible

  18. Firewall Considerations (Contd.)Scenario 2: One party behind firewall

  19. Firewall Considerations (Contd.)Scenario 3: Both parties behind firewalls

  20. Interoperability

  21. Use of PKI in PHIN MS • Leverages PKI for security, but does not require it • Authentication • Client certificate over SSL (enforced by web server proxy using CTL model) • Currently not Bridge PKI aware (proxy layer can be extended) • XML Encryption • Certificate lookup from LDAP Directory • Certificate lookup using web service • XML DSIG • Signature meta-data includes X.509 certificate

  22. PHIN Partners – PKI Landscape • PKI Implementers (few) • Organizations with full PKI implementation • PKI Users (most) • SSL servers/certificates (most) • User certificates, strong authentication (few) • Mixed environments - PKI and non-PKI (most) • Purely non-PKI (few) • Organizations that use other mechanisms (e.g., login/password, one time password)

  23. PHINMS – Status • Used by several CDC/PHIN applications as primary data transport mechanism over Internet • Deployed in 50+ sites nationwide, many more being deployed • Processes thousands of production messages daily • Data is transported securely and reliably - gracefully handles network failures using persistence/retries

  24. PHINMS - Lessons Learned • ebXML, Web-Services Security Standards are a moving target • Multiple credentials/mechanisms a reality today • Managing multiple credentials a challenge (e.g., expiring passwords, certificates)

  25. Questions?

More Related