《securitypolicyimplementationstrategiesforcommoncarrier公共运输的安全策略的实施策略》由会员分享,可在线阅读,更多相关《securitypolicyimplementationstrategiesforcommoncarrier公共运输的安全策略的实施策略(13页珍藏版)》请在金锄头文库上搜索。
1、Security Policy Implementation Strategies for Common Carrier Monitoring Service Providers Short Position Paper for IEEE POLICY 2009,Carl A. Gunter University of Illinois,Monitoring Service Provider (MSP) collects data from monitored parties, conveys it to users. Example: monitoring for security and
2、fire emergencies. Advantages Division of labor Deals with heterogeneity, change Provides value added services like routing and triage Economy of scale,Monitoring Service Provider,MSP Components,Applied to telecommunication carriers: limited responsibility for content Basis under US law Restatement o
3、f Torts (Rest. 2d Torts sections 581,612), the Digital Millennium Copyright Act (17 U.S.C. section 512), and the Communications Decency Act immunity for interactive computer service (47 U.S.C. sec 230). This talk: Argue for three technologies that support the implementation of Common Carrier MSPs (C
4、CMSPs) Illustrate with two application areas,Common Carrier Protection,Healthcare,Assisted living: monitor vital signs of assisted persons Increasing number of elderly, rising healthcare costs, desire for independent living Enabled by advances in networking, sensors, and healthcare IT systems Assist
5、ed Living Service Provider (ALSP) is an MSP for assisted living,Energy Systems,Advanced Meter Infrastructure (AMI): computers with wireless digital links monitor and may control power usage. Facilitates demand response and distributed generation, . for “Smart Grid” Meter Data Management Service (MDM
6、S) is an MSP for AMI,Application Areas,AMI Components and Applications,Technology,Service Oriented Architecture (SOA) (aka “web services”) is distributed computing based on a set of standardized formats for B2B web commerce developed by W3C and Oasis Provide support for flexible security, including
7、encryption Provides security capabilities beyond SSL/TLS,Application,ALSP design can use SOA with XMLENC to provide end-to-end encryption model Easy to implement with existing platforms Assures that the ALSP collects only the routing data it needs, not medical data it does not process CCMSP protecti
8、on,Enabling Technologies 1,Drop-Box Architecture,Enc Health status ,Enc Reminder ,Store & Forward,Medical Device,Monitoring Service,Clinician,8,May, Shin, Gunter, FMSE 07,Message Encryption,Header Information (Including sender, recipient, data ID etc.),Medical data (readings, checksum, etc),Header I
9、nformation (Including sender, recipient, data ID etc.),Medical data (readings, checksum, etc),Header Information (Including sender, recipient, data ID etc.),Medical data (readings, checksum, etc),Stored in ALSP,Transmitted over network,Only authorized people can see,Technology,Attribute-Based Encryp
10、tion (ABE) New public key cryptography based on Identity-Based Encryption (IBE) Encrypts using a policy based on attributes Prevents collusion between parties with attributes,Application,Provides ALSP a flexible way to dispatch encrypted messages to parties without knowing more than their attributes
11、 Message to attending and primary care physicians can be encrypted under doctor attribute Minimizes key management while supporting CCMSP,Enabling Technologies 2,Attribute-Based Messaging Encryption,Bobba, Fatemieh, Khan, Khan, Gunter, Khanna, Prabhakaran, TISSEC 09,Technology,Remote Attestation is
12、the concept of checking remote system state using a trusted monitoring element Protection levels vary: software or also hardware tamper resistance TPM now common in PCs Need to extend technology to embedded processors (e.g. flash MPUs),Application,Residential loads generate details useful to residen
13、ts but not by utility Desirable to leave details behind and collect aggregate data needed for billing Remote attestation offers some assurance for the aggregation, especially for updatable software meters,Enabling Technologies 3,Cumulative Attestation for Embedded Processors,LeMay, Gunter, ESORICS 07,Architecture MSP Monitoring Service Provider CCMSP Common Carrier MSP Application ALSP Assisted Living Service Provider MDMS Meter Data Management Service Technology SOA Service Oriented Architecture ABE and ABM Attribute-Based Encryption and Messaging Remote Attestation,Summary,
