Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Policy Implementation Strategies for Common Carrier Monitoring Service Providers Short Position Paper for IEEE POLICY 2009 Carl A. Gunter University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Policy Implementation Strategies for Common Carrier Monitoring Service Providers Short Position Paper for IEEE POLICY 2009 Carl A. Gunter University."— Presentation transcript:

1 Security Policy Implementation Strategies for Common Carrier Monitoring Service Providers Short Position Paper for IEEE POLICY 2009 Carl A. Gunter University of Illinois

2 Monitoring Service Provider (MSP) collects data from monitored parties, conveys it to users. Example: monitoring for security and fire emergencies. Advantages – Division of labor – Deals with heterogeneity, change – Provides value added services like routing and triage – Economy of scale Monitoring Service Provider

3 MSP Components

4 Applied to telecommunication carriers: limited responsibility for content Basis under US law – Restatement of Torts (Rest. 2d Torts sections 581,612), the Digital Millennium Copyright Act (17 U.S.C. section 512), and the Communications Decency Act immunity for interactive computer service (47 U.S.C. sec 230). This talk: – Argue for three technologies that support the implementation of Common Carrier MSPs (CCMSPs) – Illustrate with two application areas Common Carrier Protection

5 Healthcare Assisted living: monitor vital signs of assisted persons Increasing number of elderly, rising healthcare costs, desire for independent living Enabled by advances in networking, sensors, and healthcare IT systems Assisted Living Service Provider (ALSP) is an MSP for assisted living Energy Systems Advanced Meter Infrastructure (AMI): computers with wireless digital links monitor and may control power usage. Facilitates demand response and distributed generation, …. for “Smart Grid” Meter Data Management Service (MDMS) is an MSP for AMI Application Areas

6 AMI Components and Applications

7 Technology Service Oriented Architecture (SOA) (aka “web services”) is distributed computing based on a set of standardized formats for B2B web commerce developed by W3C and Oasis Provide support for flexible security, including encryption Provides security capabilities beyond SSL/TLS Application ALSP design can use SOA with XMLENC to provide end-to- end encryption model Easy to implement with existing platforms Assures that the ALSP collects only the routing data it needs, not medical data it does not process CCMSP protection Enabling Technologies 1

8 Drop-Box Architecture Enc[ Health status ] Enc[ Reminder ] Store & Forward Medical Device Monitoring Service Clinician 8 May, Shin, Gunter, FMSE 07

9 Message Encryption Header Information (Including sender, recipient, data ID etc.) Medical data (readings, checksum, etc) Header Information (Including sender, recipient, data ID etc.) Medical data (readings, checksum, etc) Header Information (Including sender, recipient, data ID etc.) Medical data (readings, checksum, etc) Stored in ALSPTransmitted over networkOnly authorized people can see

10 Technology Attribute-Based Encryption (ABE) New public key cryptography based on Identity-Based Encryption (IBE) Encrypts using a policy based on attributes Prevents collusion between parties with attributes Application Provides ALSP a flexible way to dispatch encrypted messages to parties without knowing more than their attributes Message to attending and primary care physicians can be encrypted under doctor attribute Minimizes key management while supporting CCMSP Enabling Technologies 2

11 Attribute-Based Messaging Encryption Bobba, Fatemieh, Khan, Khan, Gunter, Khanna, Prabhakaran, TISSEC 09

12 Technology Remote Attestation is the concept of checking remote system state using a trusted monitoring element Protection levels vary: software or also hardware tamper resistance TPM now common in PCs Need to extend technology to embedded processors (e.g. flash MPUs) Application Residential loads generate details useful to residents but not by utility Desirable to leave details behind and collect aggregate data needed for billing Remote attestation offers some assurance for the aggregation, especially for updatable software meters Enabling Technologies 3

13 Cumulative Attestation for Embedded Processors LeMay, Gunter, ESORICS 07

14 Architecture MSP Monitoring Service Provider CCMSP Common Carrier MSP Application ALSP Assisted Living Service Provider MDMS Meter Data Management Service Technology SOA Service Oriented Architecture ABE and ABM Attribute-Based Encryption and Messaging Remote Attestation Summary

Download ppt "Security Policy Implementation Strategies for Common Carrier Monitoring Service Providers Short Position Paper for IEEE POLICY 2009 Carl A. Gunter University."

Similar presentations

Pervasive Wireless Solutions © Copyright IBM Corporation 2004 IBM La Gaude Smart Home / Intelligent Building Jean-Michel Corrieu IBM Europe Technical Manager.

Pervasive Wireless Solutions © Copyright IBM Corporation 2004 IBM La Gaude Smart Home / Intelligent Building Jean-Michel Corrieu IBM Europe Technical Manager.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Sharing Content and Experience in Smart Environments Johan Plomp, Juhani Heinila, Veikko Ikonen, Eija Kaasinen, Pasi Valkkynen 1.

Sharing Content and Experience in Smart Environments Johan Plomp, Juhani Heinila, Veikko Ikonen, Eija Kaasinen, Pasi Valkkynen 1.
Information Systems in Business

Information Systems in Business
Vendor Briefing May 26, 2006 AMI Overview & Communications TCM.

Vendor Briefing May 26, 2006 AMI Overview & Communications TCM.
Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets Chapter 4.

Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets Chapter 4.
Slide title minimum 48 pt Slide subtitle minimum 30 pt towards 50 billion connections Zagreb, 9-11 November 2011 Mićo dujak Solution Manager ICT solutions.

Slide title minimum 48 pt Slide subtitle minimum 30 pt towards 50 billion connections Zagreb, 9-11 November 2011 Mićo dujak Solution Manager ICT solutions.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Achieving Better Privacy Protection in WSNs Using Trusted Computing Yanjiang YANG, Robert DENG, Jianying ZHOU, Ying QIU.

Achieving Better Privacy Protection in WSNs Using Trusted Computing Yanjiang YANG, Robert DENG, Jianying ZHOU, Ying QIU.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter.

Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
PARTICIPATORY MEDICINE: LEVERAGING SOCIAL NETWORKS IN TELEHEALTH SOLUTIONS Duckki Lee, PhD Stduent Mobile and Pervasive Computing Lab University of Florida.

PARTICIPATORY MEDICINE: LEVERAGING SOCIAL NETWORKS IN TELEHEALTH SOLUTIONS Duckki Lee, PhD Stduent Mobile and Pervasive Computing Lab University of Florida.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Applied Cryptography for Network Security

Applied Cryptography for Network Security

Similar presentations

Ads by Google