Security Policy Implementation Strategies for Common Carrier Monitoring Service Providers Short Position Paper for IEEE POLICY 2009,Carl A. Gunter University of Illinois,Monitoring Service Provider (MSP) collects data from monitored parties, conveys it to users. Example: monitoring for security and fire emergencies. Advantages Division of labor Deals with heterogeneity, change Provides value added services like routing and triage Economy of scale,Monitoring Service Provider,MSP Components,Applied to telecommunication carriers: limited responsibility for content Basis under US law Restatement of Torts (Rest. 2d Torts sections 581,612), the Digital Millennium Copyright Act (17 U.S.C. section 512), and the Communications Decency Act immunity for interactive computer service (47 U.S.C. sec 230). This talk: Argue for three technologies that support the implementation of Common Carrier MSPs (CCMSPs) Illustrate with two application areas,Common Carrier Protection,Healthcare,Assisted living: monitor vital signs of assisted persons Increasing number of elderly, rising healthcare costs, desire for independent living Enabled by advances in networking, sensors, and healthcare IT systems Assisted Living Service Provider (ALSP) is an MSP for assisted living,Energy Systems,Advanced Meter Infrastructure (AMI): computers with wireless digital links monitor and may control power usage. Facilitates demand response and distributed generation, . for “Smart Grid” Meter Data Management Service (MDMS) is an MSP for AMI,Application Areas,AMI Components and Applications,Technology,Service Oriented Architecture (SOA) (aka “web services”) is distributed computing based on a set of standardized formats for B2B web commerce developed by W3C and Oasis Provide support for flexible security, including encryption Provides security capabilities beyond SSL/TLS,Application,ALSP design can use SOA with XMLENC to provide end-to-end encryption model Easy to implement with existing platforms Assures that the ALSP collects only the routing data it needs, not medical data it does not process CCMSP protection,Enabling Technologies 1,Drop-Box Architecture,Enc Health status ,Enc Reminder ,Store & Forward,Medical Device,Monitoring Service,Clinician,8,May, Shin, Gunter, FMSE 07,Message Encryption,Header Information (Including sender, recipient, data ID etc.),Medical data (readings, checksum, etc),Header Information (Including sender, recipient, data ID etc.),Medical data (readings, checksum, etc),Header Information (Including sender, recipient, data ID etc.),Medical data (readings, checksum, etc),Stored in ALSP,Transmitted over network,Only authorized people can see,Technology,Attribute-Based Encryption (ABE) New public key cryptography based on Identity-Based Encryption (IBE) Encrypts using a policy based on attributes Prevents collusion between parties with attributes,Application,Provides ALSP a flexible way to dispatch encrypted messages to parties without knowing more than their attributes Message to attending and primary care physicians can be encrypted under doctor attribute Minimizes key management while supporting CCMSP,Enabling Technologies 2,Attribute-Based Messaging Encryption,Bobba, Fatemieh, Khan, Khan, Gunter, Khanna, Prabhakaran, TISSEC 09,Technology,Remote Attestation is the concept of checking remote system state using a trusted monitoring element Protection levels vary: software or also hardware tamper resistance TPM now common in PCs Need to extend technology to embedded processors (e.g. flash MPUs),Application,Residential loads generate details useful to residents but not by utility Desirable to leave details behind and collect aggregate data needed for billing Remote attestation offers some assurance for the aggregation, especially for updatable software meters,Enabling Technologies 3,Cumulative Attestation for Embedded Processors,LeMay, Gunter, ESORICS 07,Architecture MSP Monitoring Service Provider CCMSP Common Carrier MSP Application ALSP Assisted Living Service Provider MDMS Meter Data Management Service Technology SOA Service Oriented Architecture ABE and ABM Attribute-Based Encryption and Messaging Remote Attestation,Summary,