Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure and Trusted Paradigm for Interoperable eHealth Services

Published byMerry Manning Modified over 6 years ago

Similar presentations

Presentation on theme: "Secure and Trusted Paradigm for Interoperable eHealth Services"— Presentation transcript:

1 Secure and Trusted Paradigm for Interoperable eHealth Services
John Avramidis EULAMBIA Advanced Technologies Ltd H2020 PROJECT CLUSTERING WORKSHOP 31th January 2018, Athens, Greece

2 H2020 PROJECT CLUSTERING WORKSHOP
KONFIDO means “Trust” in Esperanto H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 2

3 KONFIDO Consortium 15 partners 7 countries 2 pilots
H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 3

4 KONFIDO Vision Provide a holistic approach to address the challenge of secure cross-border exchange of eHealth data H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 4

5 Interoperable and secure European eHealth services
Our Goal Interoperable and secure European eHealth services Storage Disseminatio n Processing Presentation H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 5

6 Country B should be aware of:
Cross-Border eHealth Data Retrieval Country B Country A Data Request Patient Data Country B should be aware of: Data formats and protocols of every country A The national infrastructure of every country A Regulations of every country A H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 6

7 Previous work on the field – Our guide
The epSOS Project (I & II) Smart Open Services for European Patient Goal: To develop a practical eHealth framework and ICT infrastructure, based on existing national infrastructures, that enables secure access to patient health information, particularly with respect to a basic Patient Summary and ePrescription, between European healthcare systems. H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 7

8 OpenNCP is the technical outcome of the epSOS project
eHDSI and OpenNCP OpenNCP is the technical outcome of the epSOS project OpenNCP is a part of the eHealth Digital Service Infrastructure (eHDSI) and allows for the exchange of eHealth Data in Europe H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 8

9 The epSOS Mediated Approach
National Contact Point (NCP) in charge of: Interacting with the other NCPs Pivoting documents Encode the pivoted document in the national structure Interact with the National Infrastructure (NI) H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 9

10 Security Assessment of epSOS
Security of communications is ensured by employment of cryptography and secure protocols Security of communicating parties is not enforced by technical means It is instead assumed by legally binding agreement No protection is offered against propagation of cyberattacks Instead, attacks which success in compromising a NI can exploit NCP to propagate to other countries These security aspects were out of scope of epSOS H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 10

11 Here comes… H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 11

12 KONFIDO innovation pillars
1st Pillar: Enhancement of the trust and security of interoperable eHealth services 2nd Pillar: Continuous validation and proof of concept demonstrations 3rd Pillar: Focus on stakeholders, improving user acceptance, adhering to standards and legal and ethical directives H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 12

13 KONFIDO Challenges Develop a holistic secure solution for interoperable eHealth services Consider storage, dissemination, processing and presentation Successfully develop system components System Integration Ensure interoperability and scalability Handle legal, privacy and ethical issues H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 13

14 1st Pillar Enhancement of the trust and security of interoperable eHealth services H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 14

15 Six state-of-the-art Technologies
Exploit the new security extensions of COTS CPUs for creating protected execution environments for eHealth applications Develop novel photonic encryption key generation technologies Build an efficient homomorphic encryption mechanism supporting secured health data storage, processing and exchange Develop customized SIEM solutions for real-time monitoring of the security of eHealth applications Implement disruptive logging and auditing mechanisms Design and implement a eIDAS compliant eID infrastructure Security information & event management H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 15

16 Only code running inside enclave sees data in clear
Trusted Execution Environment (Intel SGX) Application splitted in: Trusted and Untrusted parts App runs & creates enclave which is placed in trusted memory Only code running inside enclave sees data in clear Intel Software Guard eXtensions (SGX) is an extension of the x86 ISA designed to support trusted computing SGX – based software is built around the concept of enclave Hardware – supported containers capable to guarantee the code executed therein The TCB is limited to the enclave Separation between trusted and untrusted part of an application Remote (and local) attestation between enclaves H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 16

17 Same PUF-challenge allow the same response!
Photonic Unclonable Function (PUF) Electronic circuit Photonic Token Deterministic operation Same PUF-challenge allow the same response! Challenge Physical object Response Bit string (seed) Optical stimulus Bit string (key) Image (speckle) PUF characteristics : ► Repeatability Immunity to noise: The same object, challenge generates the same response robustness Immunity to replication even by malicious manufacturer ► Practically impossible to replicate unclonability ► Computationally unrealistic to simulate Immunity to machine learning, brute force, or simulation unpredictability H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 17

18 without violating the patients’ privacy
Homomorphic Cryptography Parties: User – private data owner Server – owner of algorithm Goal: Server executes algorithm on HE data User obtains algorithm result on private data Can perform analysis on medical data without violating the patients’ privacy H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 18

19 Support a distributed analysis of high volumes of data
KONFIDO SIEM A Security Information & Event Monitoring (SIEM) component is needed, in order to: Support a distributed analysis of high volumes of data Discover anomalies in the normal operation of the healthcare security system Protect the OpenNCP infrastructure from distributed attacks (ex. DDoS) H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 19

20 Disruptive Logging and Auditing
Provides traceability and liability support Based on the blockchain design pattern Logs all privacy-critical operations A legally binding system based on blockchain auditing that allows to prove that specific eHealth data: Have been requested by a legitimate entity Have been provided (or not) H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 20

21 eIDAS Authentication OpenNCP deals with: Physicians Pharmacists Patients eIDAS authentication refers to how these different users authenticate with OpenNCP with eIDAS compliant identities H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 21

22 OpenNCP Reference Architecture
Country 3 Country 1 Country 1 EHR EHR NCP 3 Level 3 Level 3 Level 2 Level 2 Hospital Health Center Hospital Health Center NCP 1 NCP 2 OpenNCP National Infrastructure National Infrastructure Mobile Devices General Practitioner Mobile Devices General Practitioner Triage Home Care Triage Home Care Level 1 Level 1 H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 22

23 Conceptual view of KONFIDO architecture
H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 23

24 Information flow (topmost level)
H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 24

25 Before KONFIDO Deployment
Country 3 NCP 3 Country 1 Country 2 National Infrastructure NCP 1 NCP 2 National Infrastructure OpenNCP H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 25

26 KONFIDO Services Deployment
TEE KONFIDO SERVICES/APIs KONFIDO Services Deployment Country 3 KONFIDO Country 1 Country 2 TEE NCP 3 KONFIDO KONFIDO KONFIDO KONFIDO TEE TEE TEE TEE National Infrastructure NCP 1 NCP 1 National Infrastructure KONFIDO SERVICES/APIs TEE TEE KONFIDO SERVICES/APIs PUF eiDAS Auditing Services HE H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 26

27 Continuous validation and proof of concept demonstrations
2nd Pillar Continuous validation and proof of concept demonstrations H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 27

28 Objectives Perform preliminary module and system assessments and validation campaigns well before the pilot demonstrations Perform two (2) iterations on the specification and development of the proposed solutions Organize two (2) diverse and iterative demonstration campaigns in three (3) different member states H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 28

29 Validation Pilots Pilot sites in: Italy Denmark Spain
H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 29

30 Scenario 1: Cross-border health data exchange across EU
Validation Pilots Scenario 1: Cross-border health data exchange across EU Scenario 2: Secure cross-region and cross- border mobility for emergency management and patient empowerment H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 30

31 3rd Pillar Focus on stakeholders, improving user acceptance, adhering to standards and legal and ethical directives H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 31

32 Achieve wide acceptance of KONFIDO’s solutions
Objectives Adhere to existing National and European legal directives and ethical norms Achieve wide acceptance of KONFIDO’s solutions Achieve wide user engagement steering KONFIDO’s solutions Define appropriate business models and a go-to- market strategy H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 32

33 KONFIDO outcome Smartly integrate the different components/tools into a ‘universal’ security toolbox to provide a complete packaged security solution to eHealth/mHealth Uniform, seamless and interoperable interface, operating under a common security and privacy framework Consideration of legal, operational/policy and ethical aspects H2020 PROJECT CLUSTERING WORKSHOP 31st January 2018 33

34 www.konfido-project.eu @konfidoproject twitter.com/konfidoproject
@konfidoproject

Download ppt "Secure and Trusted Paradigm for Interoperable eHealth Services"

Similar presentations

HOlistic Platform Design for Smart Buildings

HOlistic Platform Design for Smart Buildings
S.O.S. eHealth Project Open eHealth initiative for a European large scale pilot of patient summary and electronic prescription Daniel Forslund, Head of.

S.O.S. eHealth Project Open eHealth initiative for a European large scale pilot of patient summary and electronic prescription Daniel Forslund, Head of.
Conclusions from e-Health

Conclusions from e-Health
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
eHealth Actions at European level

eHealth Actions at European level
Policy recommendations for wider implementation of telemedicine Peeter Ross, MD, PhD e-Health expert, Estonian eHealth Foundation, Estonia.

Policy recommendations for wider implementation of telemedicine Peeter Ross, MD, PhD e-Health expert, Estonian eHealth Foundation, Estonia.
Security Controls – What Works

Security Controls – What Works
2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)

2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)
Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.

Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.
The Digital Agenda for Europe Interoperability and Standards

The Digital Agenda for Europe Interoperability and Standards
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
AER Network Meeting Cross-border Challenges and Opportunities Regions’ updates on latest developments in e-health Regione Lombardia 14/09/20151Trieste,

AER Network Meeting Cross-border Challenges and Opportunities Regions’ updates on latest developments in e-health Regione Lombardia 14/09/20151Trieste,
How can I trust the rest of Europe ? Requirements and a possible organisation with regard to epSOS and eHealth Frank Robben General manager eHealth platform.

How can I trust the rest of Europe ? Requirements and a possible organisation with regard to epSOS and eHealth Frank Robben General manager eHealth platform.
Secure Management of Information across multiple Stakeholders SEMIRAMIS – CIP-ICT PSP-2009-3 250453 SEMIRAMIS General Presentation.

Secure Management of Information across multiple Stakeholders SEMIRAMIS – CIP-ICT PSP SEMIRAMIS General Presentation.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
State Alliance for e-Health Conference Meeting January 26, 2007.

State Alliance for e-Health Conference Meeting January 26, 2007.
Www.tripcom.org TripCom: Development of a patient summary at European level E. Della Valle, D. Cerizza, D. Foxvog, R. Krummenacher, L. J. B. Nixon, E.

TripCom: Development of a patient summary at European level E. Della Valle, D. Cerizza, D. Foxvog, R. Krummenacher, L. J. B. Nixon, E.
EHealth/mHealth Gisele Roesems Deputy Head of Unit Health and Well-Being DG CONNECT EUROPEAN COMMISSION 2 nd International Conference on Health Informatics.

EHealth/mHealth Gisele Roesems Deputy Head of Unit Health and Well-Being DG CONNECT EUROPEAN COMMISSION 2 nd International Conference on Health Informatics.
RIDE ConsortiumRIDE Workshop, December 8, 2006, Brussels 1 The RIDE Roadmap Methodology and the Current Progress Prof. Dr. Asuman Dogac, Turkey Dr. Jos.

RIDE ConsortiumRIDE Workshop, December 8, 2006, Brussels 1 The RIDE Roadmap Methodology and the Current Progress Prof. Dr. Asuman Dogac, Turkey Dr. Jos.
Results of the HPC in Europe Taskforce (HET) e-IRG Workshop Kimmo Koski CSC – The Finnish IT Center for Science April 19 th, 2007.

Results of the HPC in Europe Taskforce (HET) e-IRG Workshop Kimmo Koski CSC – The Finnish IT Center for Science April 19 th, 2007.

Similar presentations

Ads by Google