Securing the e health cloud


Published on

e- health cloud

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Securing the e health cloud

  1. 1. Securing the E-Health Cloud Hans Löhr Ahmad-Reza Sadeghi Marcel Winandy Horst Görtz Institute Horst Görtz Institute Horst Görtz Institute for IT Security for IT Security for IT Security Ruhr-University Bochum Ruhr-University Bochum Ruhr-University Bochum Germany Germany Germany marcel.winandy@trust.rub.deABSTRACT countries in the recent years. There are continuing efforts onModern information technology is increasingly used in health- national and international standardization for interoperabil-care with the goal to improve and enhance medical services ity and data exchange. Many different application scenariosand to reduce costs. In this context, the outsourcing of are envisaged in electronic healthcare (e-health), e.g., elec-computation and storage resources to general IT providers tronic health records [12, 23, 22], accounting and billing [17,(cloud computing) has become very appealing. E-health 24], medical research, and trading intellectual property [15].clouds offer new possibilities, such as easy and ubiquitous In particular e-health systems like electronic health recordsaccess to medical data, and opportunities for new business (EHRs) are believed to decrease costs in healthcare (e.g.,models. However, they also bear new risks and raise chal- avoiding expensive double diagnoses, or repetitive drug ad-lenges with respect to security and privacy aspects. ministration) and to improve personal health management In this paper, we point out several shortcomings of cur- in e-health solutions and standards, particularly they do Examples of national activities are the e-health approachnot address the client platform security, which is a crucial in Austria [23], the German electronic Health Card (eHC)aspect for the overall security of e-health systems. To fill system [12] under development, or the Taiwan Electronicthis gap, we present a security architecture for establishing Medical Record Template (TMT) [22]. In Germany each in-privacy domains in e-health infrastructures. Our solution sured person will get a smartcard that not only contains ad-provides client platform security and appropriately combines ministrative information (name, health insurance company),this with network security concepts. Moreover, we discuss but also can be used to access and store medical data likefurther open problems and research challenges on security, electronic prescriptions, emergency information like bloodprivacy and usability of e-health cloud systems. group, medication history, and electronic health records. The smartcard contains cryptographic keys and functions to identify the patient and to encrypt sensitive data. TheCategories and Subject Descriptors TMT in Taiwan concentrates on a standardized documentD.4.6 [Operating Systems]: Security and Protection— data structure to ease information sharing, but also con-information flow controls, security kernels; J.3 [Life and tains a similar infrastructure based on smartcards allowingMedical Sciences]: Medical Information Systems to share and transfer EHRs. A common approach in all these systems is to store medical data in central data cen- ters, which build the core concept of a centrally managedGeneral Terms healthcare telematics infrastructure.Security On the international basis the ISO (Technical Committee 215) [16] and the Health Level 7 consortium (HL7) [14] de-Keywords fine standards for e-health infrastructures. While they also include specifications for security and privacy aspects, theirE-Health, security architecture, information flow, isolation, main focus is currently the interoperability and definition ofclient platform security common document exchange formats and nomenclature of medical data objects.1. INTRODUCTION Obviously e-health systems store and process very sen- The application of information technology to healthcare sitive data and should have a proper security and privacy(healthcare IT) has become increasingly important in many framework and mechanisms since the disclosure of health data may have severe (social) consequences especially for patients. For example, banks or employers could refuse a loan or a job if the data about the health of a person is available. If health data is leaked outside the system delib- erately or accidentally, the responsible health professionals or IT providers would have to face severe legal penalties for c ACM, 2010. This is the author’s version of the work. It is posted here violating privacy permission of ACM for your personal use. Not for redistribution. Thedefinitive version was published in Proceedings of the 1st ACM Interna- When addressing privacy regulations with technical solu-tional Health Informatics Symposium (IHI 2010). tions, we are faced with a number of difficulties: E-Health 1
  2. 2. systems must accommodate various work flows, not only But nowadays outsourcing of IT infrastructure (e.g., cloudrelated to the patients’ medical data, but also accounting computing) and other services (e.g., billing processing andand billing of treatments, medication, etc. Moreover, for accounting for medical practices) leads to a complex sys-smartcard-based solutions, the system must ensure that there tem where privacy-sensitive data are stored and processed atis some way to access medical data (which might be life- many different places. Hence, it becomes attractive to storecritical in some situations) even if the owner of the smart- and process healthcare data “in the cloud” (at outsourcedcard is unable to authenticate to the system, e.g., because data providers that can be accessed via the Internet). Whilehe or she is unconscious. In other situations, data must such e-health systems promise a more cost-efficient servicebe accessed when the smartcard owner is not present, e.g., and improved service quality, the complexity to manage datain case a relative buys medication for the patient at a phar- security and privacy increases, too.macy. Addressing such issues in an appropriate way presents In order to identify and discuss the different problems ar-a major challenge for research and industry. In particular, eas, we present first a simple model and then extend it towe can observe that current e-health solutions and standards an advanced model of the “e-health cloud”. We identify themainly focus on network security and access control policies, involved parties and main components that are relevant forhowever, they do not address the client platform security ap- the focus of our paper.propriately [26], i.e., the security of the software and hard-ware that is used by health professionals locally. Terminology. Throughout this paper we use the following terms:Contribution and Outline. In this paper, we discuss the general problems of e-health Health professional : person who delivers health care ser-systems and provide a technical solution for the protection vices, e.g., physician, dentist, pharmacists, etc.of privacy-sensitive data, which has not been appropriately Health care provider : organization that provides services ofaddressed yet for end-user systems. In particular, our con- health professionals, e.g., doctor’s practice or hospital.tributions are as follows: Personal Health Record (PHR): database of medical data • We describe an abstract model of e-health clouds (Sec- objects and health-related data managed by a patient. tion 2), which comprehends the common entities of healthcare telematics infrastructures. Based on this Electronic Health Record (EHR): database of medical data model, we outline three main problem areas for secu- objects and health-related data managed by health rity and privacy (Section 3), namely (i) data storage professionals. and processing, (ii) management of e-health infrastruc- tures, and (iii) usability aspects of end-users. Note that sometimes the separation of PHR and EHR is not made clearly in the literature. But due to different legal im- • We present a security architecture for privacy domains plications in certain countries this distinction is important. in e-health systems (Section 4) which leverages on mod- ern security technology of commodity platforms. This Simple Model of the E-Health Cloud. architecture extends the protection of privacy-sensitive We first consider a simple model that underlies commer- data from centrally managed secure networks to the cial systems like Google Health1 , Microsoft HealthVault2 , client platforms of the end-users. For each application and ICW LifeSensor3 . In these systems patients store their area a separate privacy domain is established and it is own health-related data on certain web servers: the so- enforced both centrally and locally on each platform. called Personal Health Record (PHR). In this model, pa- tients track, collect, and manage the information about their Our solution presents results from some ongoing research health at online web sites. They can enter dates and peri-and development e-health projects where our results cover ods of sickness, their appointments with doctors, and anythe problem areas (i) and partially (ii). We also discuss the other data related to their health. Patients can also importremaining research problems (Section 5). data in their PHRs they get from health professionals, such as x-ray photos or laboratory tests from their family doctor2. MODEL OF THE E-HEALTH CLOUD or dentist. Figure 1 illustrates this model and shows the involved parties. This section gives an overview of typical e-health infras- The PHRs are stored on a server of a third party in thetructures as they are available as products or planned to cloud. The PHR server provider is responsible for ensuringbe deployed in national healthcare information technology data protection. Typically, patients can define role-basedprojects. We present an abstract model of the resulting e- access rights for individual health professionals. For exam-health clouds. ple, they can define full access to their family doctor, but In the past, health care providers (such as the family doc- only restricted access to some data to their fitness trainertor) have stored medical records of their patients on paper or health coach. The advantages of such an approach arelocally. This allowed a controlled environment with easy that the PHR is accessible from everywhere because of themanagement of data privacy and security: keeping the pa- centralized management (IT outsourcing). The patient canper records in a locked cabin at the doctor’s practice. Even easily give one doctor access to data and test results thatthe increasing use of personal computers and modern in- were determined by another doctor, when the data is storedformation technology in medical institutions allowed for a 1moderate effort to manage privacy and confidentiality of in- 2dividual medical records. This was due to the decentralized 3and locally managed infrastructure of each institution. 2
  3. 3. sign EHR documents to provide authenticity, (3) encrypt the EHR data before they are stored in the cloud, and (4) authorize the access to EHR data. Data and services of the e-health cloud can only be accessed with special interface connections to the telematics infrastructure boundary. This interface connection is typically a special hardware device that establishes secure network connections via a Virtual Private Network (VPN) to the e-health data centers. Due to the increased privacy requirements, many countries define standards and specifications for national e-health infrastruc- tures that include technical means for security and privacy. However, existing security concepts in e-health concen- trate on controlling access to data (e.g., smartcard-based access control to web-based PHRs and EHRs), protection of data transfer (encryption for confidentiality, digital signa- tures for integrity and authenticity), and network securityFigure 1: Simple E-Health Cloud model. Patients (firewalls, VPNs). The latter focuses on the separation ofmanage their own personal health records. different networks, e.g., administrative networks of health insurances from EHR servers and from other applications. However, little care is taken on what happens after accessin the PHR. This can help to avoid double examination. to data is allowed, i.e., how data is processed and storedMoreover, due to the individual management of PHRs by on end-user client platforms. Viruses or Trojan Horse pro-the patients, it is expected that people are more aware of grams can corrupt data and eavesdrop on patients records,their own health. This could reduce the healthcare costs in violating both legal and individual privacy requirements.the long term as well. However, from a technical perspec-tive this model has a great disadvantage regarding patients’privacy. On the one hand, patients need to manage complexaccess rights and need to understand their implications. Onthe other hand, they need to rely on the robustness and Example: The German electronic Health Card (eHC)correctness of the security mechanisms implemented at the system [12, 10] under development defines that in the com-PHR server provider. In general, it may be possible for the pulsory health insurance system, each patient has an eHCserver provider to gain access to the data stored in PHRs. smartcard. The eHC is mainly used for storing administra- tive data (for billing with the health insurance), but alsoAdvanced E-Health Cloud Infrastructure. includes functionality to encrypt medical records that are In contrast to PHRs, which are managed by the patients, going to be stored on EHR servers, and to authorize accessElectronic Health Records (EHR) are managed by health to EHR data. When a medical doctor wants to upload orprofessionals only. In most countries this involves different download EHR data of a patient, this patient has to pro-legal requirements and a clear distinction between PHRs vide his/her eHC and to enter a PIN in order to initiate en-and EHRs. As a result, infrastructures that involve EHRs cryption (upload) or to authorize access (download). More-are usually more complex than our simple e-health cloud over, medical doctors have their own smartcard, the Healthmodel. Figure 2 shows the advanced model, which not only Professional Card (HPC), which is used to digitally signinvolves more parties (e.g., health insurances), but also in- documents that are stored in a patient’s EHR, and to au-cludes some technical means to enforce data security and thenticate themselves as legitimate medical personnel. Eachprivacy of EHRs. health care provider has to have a special smartcard reader The general requirement in this model is still the func- where the eHC and the HPC are inserted whenever access totional and semantic interoperability of the data stored in the EHR is requested. A special connector locally intercon-EHRs. The EHRs are created, maintained, and managed nects the computing platforms of the health care providerby health care providers, and can be shared (via the central with the smartcard reader and the telematics infrastructure.EHR server in the cloud) with other health professionals. The connector is also used to connect to other networks that But storing and processing EHRs is not the only ser- provide additional applications, but which are not part ofvice that can be outsourced to the cloud. The health care the telematics system itself [11]. The client platforms andproviders can use billing services that manage their billing the local networks of health care providers are out of scopeand accounting with the health insurances of the patients. of the healthcare telematics security requirements. In addi-This is a typical scenario that can be found in practice: tion, when patients want to administer their personal dataMany doctors outsource the billing to third party providers. or manage access rights, they also need to use correspondingThose billing services accumulate the billing of several pa- client platform systems. In both cases it is completely up totients for different health insurances, but also for various the end-users to secure their systems appropriately. Thus,health care providers at the same time. As a consequence, the software on these computer systems can be identified toprivacy becomes an even more important aspect in this model be the most likely attack target [25], as they are standardbecause health insurances or billing services should not be PC systems with commodity operating systems that offerable to access private details of EHRs. standard services, e.g., e-mail and Internet access. To protect the EHR data, smartcards are typically used Other countries in Europe (e.g, Austria [23]) or Asia (e.g.,to (1) authenticate health professionals and patients, (2) Taiwan [22]) plan similar architectures. 3
  4. 4. Figure 2: Advanced E-Health Cloud model. Health professionals manage health records of patients.3. PROBLEMS OF E-HEALTH CLOUDS curity mechanisms nor are they implemented in a robust In this section, we give a systematic overview of the threats way as high-assurance systems. Due to architectural lim-in the privacy-sensitive context of e-health clouds. The pro- itations they do not offer sufficient runtime protection ofcessing of healthcare data of patients has technical, but also applications and operating system software, they lack infor-legal problems that one has to deal with. In this paper, we mation flow control mechanisms and secure user interfaces.focus on the technical aspects. We therefore analyze three All this makes these systems vulnerable to malware attacksdifferent problem areas. that could steal passwords and secret data, or leak privacy- sensitive data to illegitimate destinations on the Internet.3.1 Data Storage and Processing Security and privacy issues exist where the medical data Mobile Storage Devices.of the health records are stored and processed, i.e., at the Moreover, those computer systems are usually used byPHR or EHR server and, of course, at the local computer several persons, e.g., medical assistants, and they may con-infrastructure of health care providers. Access control mech- nect them with mobile storage devices, such as USB memoryanisms and data encryption can ensure confidentiality of the sticks, for transferring data to other platforms. Data thatmedical data, and great efforts are done in this direction in is transferred in this way usually leaves the control of anymany specifications, such as the German eHC [12], and stan- security mechanisms of the e-health infrastructure.dardizations, such as HL7 and ISO/TC 215 [16]. 3.2 Management of E-Health InfrastructureData Centers. On a larger scale, the whole infrastructure of an e-health Storing privacy-sensitive data in central data centers bears cloud has several risks that threaten the privacy of healththe risk of information leakage to unauthorized entities. Sen- data. Both medical and administrative data of patients aresitive data must be sufficiently protected, e.g., by means of processed at several places in the e-health cloud, and thestrong cryptographic encryption. Moreover, it must be pos- usage of smartcards and access control mechanisms alonesible to administer and maintain the data center without does not provide the necessary protection.letting administrators gain access to patient data. Cryptographic Key Management.Client Platforms. Complex infrastructures must be managed and this com- The security of end-user systems is another problem that prises additional security and privacy issues. The usageis rarely dealt with. Most specifications that we are aware of encryption requires management of cryptographic keys,of define this as “out of scope”. End-user systems are the smartcards must be personalized and issued to their users.PCs and network infrastructure at the doctor’s practice or One question that is often insufficiently answered in this con-the computing platforms of information systems in hospitals. text concerns who is in control of the cryptographic keys. AEspecially, medical doctors who run their own small practice naive approach would say the patient of course. But howdo usually not have the competence and time to profession- to handle lost or stolen cards when the encryption keys areally manage their IT systems to be sufficiently protected lost as well? Do the card issuer or the EHR server haveagainst malware threats. On the other hand, they use their backup copies of the keys? But backup strategies must alsocomputer systems not only for accessing health records of take into account the privacy requirements of health data.their patients, but also for other applications, such as billing For example, in many European countries, and especially insystems, or Internet browser. But today’s commodity oper- Germany, it is required by law that the patients themselvesating systems that are used do not offer sophisticated se- have the full data sovereignty over their health data. This 4
  5. 5. means no other party is allowed to circumvent privacy de- security and privacy properties. In this section, we firstcisions and access rights definitions of the patient regarding introduce privacy domains for healthcare systems. Then weEHR data. But if the card issuer or even the EHR server discuss our realization based on a security kernel and TVDs.providers maintain backup copies of the cryptographic keysfor reasons of issuing backup smartcards in case of theft or 4.1 Privacy Domains for E-Healthloss, they could in principle decrypt and access the EHRdata directly. In the context of e-health, privacy protection of the pa- tients’ data is a primary concern. Technological solutions should be employed to support legal and contractual regu-Management of Certificates. lations. As in any public key infrastructure, certificates must be We propose to construct privacy domains for the patients’managed to ensure authenticity of key holders (smartcards, medical data as a technical measure to support the enforce-connectors, server, etc.). This includes issuing and distribut- ment of privacy and data protection policies: Systems (e.g.,ing certificates as well as updating revocation lists. a client PC) must be able to partition execution environ- ments for applications into separate domains that are iso-Management of Hardware/Software Components. lated from each other. Data is kept within a privacy domain, Besides the cryptographic infrastructure, other compo- and the domain infrastructure ensures that only authorizednents must be managed and maintained as well. This in- entities can join this domain. Moreover, data leakage fromcludes the hardware and software components that are used the domain is prevented by the security architecture and theat EHR servers, billing servers, and computing devices of domain infrastructure. Therefore, the same system can behealth care providers. Security-critical components, such used for different work flows that are strictly isolated. Fig-as smartcard readers or connectors to protected networks, ure 3 illustrates the privacy domains applied to our e-healthshould be certified and tested properly. The installation cloud model.and update of software components requires a secure distri-bution mechanism. On the one hand, it must be possibleto allow changes in software configuration due to legitimateupdates. On the other hand, unauthorized and maliciouschanges (e.g., due to malware attacks), must be detectableto stop further usage or to exclude the infected componentsfrom the e-health infrastructure.3.3 Usability and User Experience Finally, our third problem area is concerned with the endusers, i.e., the health professionals and the patients. If se-curity controls and configurations are too complicated, ordi-nary people would not be able to use them or would try to ig-nore or circumvent them. For example, remembering a PINfor the smartcard may be too hard for older patients. Peopletend to write the PIN on paper or even on the smartcard inthese cases, which renders the security aspect of having thePIN at all useless. From the perspective of health professionals, there areother issues. As mentioned before, doctors are not IT pro-fessionals and they might be overstrained with the config-uration and secure setup of all the software components.Moreover, IT-related tasks that delay their own (medical)processes will disturb them and they will tend to ignore orcircumvent them. For example, inserting smartcards and Figure 3: Privacy Domains in the E-Health Cloud.entering PINs in a smartcard reader whenever they want For each application a privacy domain is establishedto access an EHR might be too time consuming — or even in the cloud and also enforced on the client platformsimpossible in case a patient wants to consult his/her doctor of the health care providers.via telephone. An important aspect for the deployment of any new in-4. SECURE E-HEALTH INFRASTRUCTURE frastructure in practice is the integration of legacy systems. The problem areas above show that e-health clouds im- With our concept of privacy domains, it is possible to re-usepose a variety of security and privacy risks. Ideally, all of existing applications running on a legacy operating systemthem should be solved technically and transparently for the within a privacy domain. Furthermore, data import into theusers. In the following we present a technical solution to ad- domain can be accomplished via gateways and filters to con-dress particularly the end-user platform security issue. Com- nect the privacy domain infrastructure to legacy systems.pared to other efforts, especially national and internationalstandardizations, this topic is not addressed sufficiently. Application Scenario. We propose to base a secure e-health infrastructure on As an example, consider a doctor who wants to use anTrusted Virtual Domains (TVDs) to ensure fundamental accounting software to submit bills to health insurances via a 5
  6. 6. dedicated healthcare network4 , and another system to store 4.2 Our Realization using TVDsand process patients’ medical data. In addition, the doctor The major goals of our project include the separation ofneeds web access and must be able to send and receive e- medical data from other data such as billing and account-mails. ing, as well as the integration of e-health cards into the sys- These different work flows should be separated from each tem. Currently, a working prototype of the basic technologyother: The health insurance should not get access to the de- exists, and we are working on the user interface and a us-tailed medical data, and security problems arising from In- able implementation for end users. We plan to conduct aternet access and vulnerabilities in the web browser should user study with approximately 250 users over a period of 18not influence the accounting process, or have impact on the months, beginning next year.medical data. Only the correct accounting software may In the following, we describe the basic technology of ourconnect to the healthcare network. However, it might be proposal. Our realization is based on Trusted Virtual Do-desirable for the doctor to be able to send medical data mains.from an EHR concerning a particular case to a specializedcolleague or healthcare organization using the normal e-mail Trusted Virtual Domains.client – but without risking the disclosure of such data to Trusted Virtual Domains (TVDs) [13, 3, 4] have beenmalware that might have infected the e-mail software, or developed in recent years as a security framework for dis-to attackers in the Internet. The accounting software or tributed multi-domain environments which leverages virtu-applications processing the medical data might require spe- alization and trusted computing technologies. Although incific (perhaps outdated) operating systems (e.g., Windows the beginning primarily proposed for use in large-scale dataXP), whereas the web browser (and the operating system centers [2], TVDs can also be useful in other scenarios. Inon which it runs) should always be updated to include the this section, we give a brief overview of the TVD conceptlatest security patches. and its features. To achieve these objectives, three privacy domains with In a virtualized environment, virtual machines (VMs) thatdifferent requirements are used. One privacy domain, the share the same physical infrastructure execute operating sys-accounting domain, is restricted to software authorized to tems with different applications and services. Each virtualaccess the accounting network. The doctor uses a virtual machine runs in a logically isolated execution environmentmachine which is part of this TVD and runs the accounting (which we call compartment), controlled by an underlying se-software. A second privacy domain, the e-health domain, is curity kernel that acts as virtual machine monitor (VMM).dedicated to the storage and processing of EHRs. The doc- The user’s work space is now executed by a virtual machinetor runs software in this TVD to access a patient’s medical that is hosted by the security kernel running on the physicaldata. A third domain – which is neither part of the account- platform along with other architectural domain, nor of the e-health domain – contains untrusted A TVD is a coalition of virtual machines that trust eachprograms such as a web browser (e.g., Firefox) and e-mail other, share a common security policy and enforce it inde-client (e.g., MS Outlook). Only this VM is allowed to access pendently of the particular platform they are running on.the Internet without restrictions; the accounting software is Moreover, the TVD infrastructure contains the security ker-restricted to connect to accounting servers, software in the nel and the physical components on which the VMs rely toe-health domain is only allowed to connect to relevant e- enforce the policy. In particular, the main security featureshealth servers. Its software, including the operating system, of TVDs and the TVD infrastructure are:can be updated independently from the other domains. Thegraphical user interface shows the different domains framed • Isolated compartments. The security kernel providesin different colors to help the user distinguish them from containment boundaries to compartments from differ-each other. ent TVDs, allowing the execution of several different When medical data is stored on external storage (e.g., a TVDs on the same physical platform.USB disk) or transferred to the e-mail client via copy-and-paste, the system automatically encrypts the data with a key • Trust relationships. A TVD policy defines which plat-that is accessible only in the corresponding privacy domain. forms (including the security kernel) and which VMsThe encrypted data can be moved to another machine (ei- are allowed to join the TVD. For example, platformsther by physically transporting a USB disk, or by sending it with their security kernel, as well as individual virtualvia the Internet). When it reaches the correct domain again, machines, can be identified via integrity measurementsthe system on the target platform decrypts the data. En- taken during their start-up.cryption and decryption is completely transparent to users – • Transparent policy enforcement. The security kernelthey will only notice that the data can only be read properly enforces the security policy independently of the com-with applications executing in the correct privacy domain. partments. To export data to legacy systems a special gateway is in-troduced. This is necessary, for instance, when medical data • Secure communication. VMs belonging to the samehave to be accessed by some doctor or hospital that is not TVD are connected through a virtual network that(yet) connected to the privacy domain. A dedicated gateway can span over different platforms and that is strictlyallows for better control of the data. If data export is only isolated by the virtual networks of other TVDs.possible via a dedicated gateway, unintentional disclosure of To provide these features, TVDs use state-of-the-art secu-sensitive data can be prevented. rity technology: During system operation, the security ker-4 In Germany, there already exists such a network, called nel has to guarantee the strict isolation of different domains.KV-SafeNet [17], which is already used by many doctors Whenever data leaves a domain, e.g., during transfer overand healthcare institutions. a network or when storing data on a disk, security services 6
  7. 7. encrypt all data with a cryptographic key that is available values. This implies that these keys can only be usedonly in the corresponding TVD. In this manner, TVDs pre- when the correct system has been started.vent accidental information disclosure and help to thwartmalware attacks. Trusted Computing technology is used to • Attestation [27, 9]: The TPM can use special-purposeprotect data from attacks while the system is powered off5 cryptographic keys, called attestation identity keys, toand to verify the integrity of platforms before they are al- sign the current PCR values. This attestation mecha-lowed to join a TVD. nism can be used in cryptographic protocols to report A major feature of the TVD infrastructure is its automatic the contents of the PCRs – and hence the “fingerprint”management. TVD establishment, key management, and of the system that has been started – to a remote party.policy enforcement are completely transparent to users. Theinfrastructure verifies the integrity of client platforms when When a client wants to join a TVD, the TVD master firstthey join a TVD and distributes keys and policies. On the verifies the integrity of the security kernel of the client, basedclient platform, policy enforcement and data encryption are on security features of the trusted hardware component. Forhandled by a security kernel without any user interaction. this, an interactive protocol between the security kernel, theAs long as users do not try to violate the policy, the only trusted hardware, and the TVD master is executed to en-difference compared to a conventional system they notice sure that only clients that conform to the TVD policy areare visual indicators of the domain they are working in. In allowed into the TVD (for details see [20, 5]). After that,our implementation, this is a colored bar at the top of the a TVD proxy is started on the client, and the TVD mas-screen, e.g., green when the user is working in the medical ter distributes the TVD policy and necessary cryptographicdomain and blue for accounting. keys to the TVD proxy. The proxy configures the security To secure the connection between different platforms in a kernel (e.g., a virtual network for VMs that join the TVD isTVD, we use an IPSec-secured virtual private network. created), and controls what VMs may join the TVD. In the German eHC system, man-in-the-middle attacksClient Platform Security. between client platforms and the healthcare telematics bound- Figure 4 shows the structure of a TVD with a client plat- ary are possible because of missing identification and au-form and a TVD master (a server for the management of thentication of the corresponding devices, i.e., the connec-the TVD infrastructure) for each domain. On the client tor box and the client platform [26]. In contrast to this, ourplatform, a security kernel is running on top of the hard- proposal allows for mutual device authentication based onware, providing isolated virtual machines for applications security hardware modules attached to the devices, such asand conventional operating systems. Moreover, there is a the Trusted Platform Module (TPM) [27].TVD proxy for each TVD, which manages the TVD on the For the communication between the connector and theclient and configures the security kernel according to the client platform a secure channel is proposed, but not en-TVD policy. A secure graphical user interface (secure GUI) forced in the German eHC system. Encryption of the com-provides input and output, ensuring that users can always munication is optional, and an authentication of the devicesreliably identify with which compartment they are interact- is missing [25, 26]. In contrast, with our proposed architec-ing. The secure GUI also prevents other compartments from ture and the usage of TVD technology, all client platformsreading user input when they are not authorized to do so. and software components running on them are authenticated Furthermore, the client platform contains a trusted hard- by means of attestation functionality using trusted comput-ware component which can be used for the verification of the ing technology [27]. Only successfully authenticated com-integrity of the software on the client (in particular, the secu- ponents and platforms will be able to establish a trustedrity kernel). The most widespread trusted hardware compo- channel to the central e-health infrastructure in order to ac-nent is the Trusted Platform Module (TPM) [27]. Currently, cess data of the corresponding privacy is usually implemented as a separate chip integrated onthe mainboard of a computer. Many computers (including TVD Implementations.almost all business notebooks sold today) are equipped with To implement a TVD, a security kernel with support forTPMs, although this is usually not advertised explicitly. virtualization and Trusted Computing is needed. We have TPMs provide a set of security and cryptographic func- implemented TVDs as research prototypes (see, e.g., [5]),tions, such as public key encryption, digital signatures, se- and a Common Criteria protection profile6 for a securitycure key storage, non-volatile memory, etc. For TVDs, three kernel with support for Trusted Computing functionality hasfunctionalities are especially important: been certified [19]. Operating systems evaluated and certi- fied according to this protection profile would constitute an • Authenticated boot [21]: When the system starts, the appropriate basis for industry-grade TVDs. platform computes cryptographic hash values (which We realized TVDs based on different virtualization tech- can be considered like a “secure fingerprint”) of the nologies, using results and experiences from our research and components that are loaded and executed (e.g., firmware, development projects EMSCB7 and OpenTC8 . boot loader, operating system kernel). These values are securely stored inside special-purpose registers of 6 The Common Criteria are an international standard that the TPM, the platform configuration registers (PCRs). aims at permitting comparability between the results of in- dependent security evaluations [8]. A protection profile is a • Trusted storage [21]: The use of cryptographic keys template for the evaluation of a concrete product: it spec- created by the TPM can be restricted to specific PCR ifies implementation-independent security requirements for a class of products.5 7 An adversary could, e.g., boot a different operating system See 8and try to attack the system. See 7
  8. 8. Unrestricted Internet Access E-Mail Server User TVD-Master for Accounting-TVD E-Health Server Secure GUI Webserver Application Webbrowser, Accounting Accounting for processing E-Mail-Client and billing Server EHRs software (e.g., KV- TVDProxy for Safenet TVDProxy for application) Accounting- E-Health-TVD TVD Security Kernel TVD-Master for E-Health-TVD Trusted Hardware Hardware Figure 4: TVDs with client platform, servers, and TVD masters. We implemented Trusted Computing support based on ing external cloud services that provide the user with poten-the TPM, due to its widespread availability. We use the tially unlimited storage capacity. Only the actual amountauthenticated boot process and attestation functionality of of storage that is currently used has to be payed, and thethe TPM for the TVD master to verify the client platform available storage increases as needed. Similarly, file serversintegrity, and for the protection of cryptographic keys. that are not part of a TVD can be used as external storage We developed (from previous project results) two inter- within a TVD.operable implementations based on the XEN hypervisor [1] Storage devices and services should be considered as “pas-and the L4 microkernel [18], with various Linux and Win- sive” components that do not provide security properties.dows versions as guest operating systems. Currently, we Thus the enforcement of security policies relies entirely onare working on a TVD implementation using OpenSolaris, the computer to which the storage is connected. We maywhere Solaris zones can be used as guest systems9 . Sirrix assume the policy is correctly enforced as long as storagesecurity technologies10 is offering a commercial product line is used within the TVD boundaries. This assumption is incalled Turaya, which supports TVDs [6]. general no longer true if external storage is used outside its In summary, TVDs have been shown to be practical in a domain, e.g., when it is connected to an outsider computer.number of different contexts. Although some implementa- We extended the TVD model with the benefits of usingtions are research prototypes rather than production-ready mobile storage devices, allowing the transparent binding ofsystems, various implementations based on different security devices to a certain TVD so that only platforms of the samekernels exist, supporting all kinds of operating systems. TVD can access the stored data. In the same way, other external storage – such as storage provided by Cloud Com-Protection of External Storage. puting – can be incorporated into TVDs. From the point of The secure incorporation and usage of external storage in view of the TVD architecture, the storage service providesTVDs, e.g., USB disks, pen drives or cloud storage such as a container for data, just like a mobile storage device.Amazon S3, increases the flexibility of users in their work Deploying external storage within the TVD requires someflows, but requires a careful design of the overall security refinement to the model due to the following concerns:architecture. Mobile storage devices are regularly employedto store copies of documents that the user (e.g., a doctor) • Storage container identification. External storage canmay take home or to another office, or data to be processed be moved to one workstation or to another, withouton other systems. In particular, USB disks are frequently any control by the TVD infrastructure. Hence, when-used offline, i.e., plugged to any platform while it is not con- ever external storage is connected to a platform, thenected to the domain network (e.g., a laptop in the train or system should be able to distinguish the device andon an airplane). Cloud storage may provide a very conve- the domain this device belongs to.nient and relatively inexpensive way to store backups: Whilelocal storage devices or file servers provide quick access to • Dynamic storage management. Unlike hard disks thatdata and are available independently of a working Internet are built into a computer, external storage may un-connection, regular backups can be stored conveniently us- predictably appear and disappear within the domain, because users may plug in or unplug devices arbitrar-9 See ily, and network connections to an external server or10 See storage provider may be established or interrupted at 8
  9. 9. any time. This requires the introduction of a stor- the doctor at the patient’s home. Furthermore, a pa- age management infrastructure in order to handle, e.g., tient might not be present in person, but is represented creation and distribution of encryption keys. by a relative or friend, or a patient consults a doctor remotely, e.g., by phone.To extend TVDs with such a solution for external storage,we enhanced the TVD master with the necessary key man- • Inability of the patient to authenticate: The patientagement. Moreover, we added a storage device manager to might be unable (physically or mentally) to rememberthe client’s security kernel that identifies the appropriate and enter a PIN.TVD for storage devices and retrieves keys from the TVD Examples scenarios include elderly patients and hand-master (if they are not already available in a local cache). icapped people who cannot authenticate by enteringThe device manager also creates a virtual storage device for a PIN. In emergencies, e.g., in case the patient is un-the VM of the correct TVD (for details, see [7]). conscious, the patient must be represented by someone else. Moreover, in particular people who only need toSecurity Considerations Concerning External Storage. authenticate infrequently, tend to forget their PINs. Introducing external storage into a system can lead to new • Confidentiality of existence: The mere existence of ansecurity risks. It might be easier for attackers to gain physi- EHR for a given person could already imply that thiscal possession of external devices than to obtain an internal person received medical treatment, and thus must behard disk. However, due to the transparent encryption of all kept confidential to avoid violating privacy laws.external storage by the TVD infrastructure, outside attack- • Client anonymity: Client anonymity is often not con-ers who are not part of the TVD cannot access the data. sidered at all, but in the context of healthcare, a pa- Moreover, viruses or Trojan horse programs could be stored tient’s privacy might be violated by tracking of userson USB sticks that are plugged into a system. On commod- or client systems in some scenarios. For instance, ifity operating systems such as Windows, this is a serious a patient buys medicine in a pharmacy using an elec-threat because programs from USB storage will be auto- tronic prescription, the pharmacist should not be ablematically executed when the device is attached, and even to trace or identify the patient.when the automatic execution of programs from USB stor-age is disabled, users could manually start malware-infected • Non-repudiation of emergency access: In case of emer-programs from USB sticks. gency, health professionals might need to access data With the TVD architecture, we can prevent malware from urgently in situations, where the patient is unable toentering the TVD via USB sticks, because only data from authorize this. In such cases, access should be possi-a storage container belonging to the same TVD as a given ble, but is important for legal reasons that the personcompartment will be connected to that compartment by the accessing the data can be identified and held responsi-security kernel. Encryption and decryption happens trans- ble. Moreover, this person should not be able to denyparently for the compartment of the TVD, and the data the fact that he/she accessed the data.cannot be accessed from outside the TVD. For the securitykernel, external storage such as a USB disk is just a passive These issues are not adequately addressed by most currentstorage device. No programs will be executed from it auto- e-health systems, and hence are important research chal-matically, neither in the security kernel, nor in any TVD. lenges to address. Note that solutions to these problems Malware that is stored on USB sticks from within the are orthogonal to the network and platform security issuesTVD cannot be prevented from being read or executed in addressed by our work on privacy domains for e-health sys-another compartment of the same TVD (which might be tems. We anticipate that future solutions can readily beon an different computer system). The TVD infrastructure integrated into TVD-based privacy domains.itself only isolates and protects the TVD from adversariesfrom the outside, not from malicious software that is already 6. CONCLUSIONpart of the TVD. However, the TVD infrastructure should In this paper, we considered security and privacy issueshelp to ensure that only secure systems can become members in modern distributed e-health systems, as well as existingof the TVD by mechanisms such as the integrity verification proposals and solutions. We addressed an often neglectedof all platforms before joining. problem: the security of client platforms. We showed how privacy domains can be used to extend the protection of e-5. OPEN RESEARCH CHALLENGES health systems from (existing) network security solutions to There are a number of issues with electronic health data a more comprehensive infrastructure, including the client.that need to be taken into account by systems for EHRs, As future work, we will address some remaining openwhich are not completely solved by current proposals: research challenges, outlined in Section 5, in our ongoing projects. In particular, we aim to integrate e-health card systems or alternatives into privacy domains and address • Absence of the patient: The patient is not necessarily usability problems in this area. present when the EHR needs to be accessed. In this case, using an eHC with a PIN does not work. 7. ACKNOWLEDGMENTS For this, various example scenarios exist: Often, the This work was partially funded by the federal state North data is entered into the system only after the patient Rhine-Westphalia under the project RUBTrust/MediTrust. left the doctor. Moreover, the patient is not present at the doctor’s office during preparation of a visit by 9
  10. 10. 8. REFERENCES [14] Health Level Seven International (HL7). [1] P. Barham, B. Dragovic, K. Fraser, S. Hand, T. L. Harris, A. Ho, R. Neugebauer, I. Pratt, and [15] C.-Y. Hsu, Y.-C. Chen, R.-C. Luo, H.-H. Rau, C.-T. A. Warfield. Xen and the art of virtualization. In 19th Fan, B.-S. Hsiao, and H.-W. Chiu. A resource-sharing ACM Symposium on Operating Systems Principles platform for trading biomedical intellectual property. (SOSP’03), pages 164–177. ACM Press, 2003. IT Professional, 12:42–49, 2010. [2] S. Berger, R. C´ceres, D. E. Pendarakis, R. Sailer, a [16] International Organization for Standardization (ISO). E. Valdez, R. Perez, W. Schildhauer, and Technical Committee 215, Health Informatics. D. Srinivasan. TVDc: Managing security in the trusted virtual datacenter. Operating Systems Review, committee?commid=54960. 42(1):40–47, 2008. [17] Kassen¨rztliche Bundesvereinigung. KV-SafeNet a [3] A. Bussani, J. L. Griffin, B. Jansen, K. Julisch, homepage. G. Karjoth, H. Maruyama, M. Nakamura, R. Perez, [18] J. Liedtke. On micro-kernel construction. In Fifteenth M. Schunter, A. Tanner, L. V. Doorn, E. A. V. ACM Symposium on Operating System Principles Herreweghen, M. Waidner, and S. Yoshihama. Trusted (SOSP’95), pages 237–250. ACM Press, 1995. Virtual Domains: Secure foundations for business and [19] H. L¨hr, A.-R. Sadeghi, C. St¨ble, M. Weber, and o u IT services. Technical Report RC23792, IBM M. Winandy. Modeling trusted computing support in Research, 2005. a protection profile for high assurance security kernels. [4] S. Cabuk, C. I. Dalton, K. Eriksson, D. Kuhlmann, In Trusted Computing, 2nd International Conference, H. V. Ramasamy, G. Ramunno, A.-R. Sadeghi, Trust 2009, volume 5471 of Lecture Notes in M. Schunter, and C. St¨ble. Towards automated u Computer Science, pages 45–62. Springer, 2009. security policy enforcement in multi-tenant virtual [20] H. L¨hr, A. R. Sadeghi, C. Vishik, and M. Winandy. o data centers. Journal of Computer Security, Trusted privacy domains – challenges for trusted 18(1):89–121, 2010. computing in privacy-protecting information sharing. [5] L. Catuogno, A. Dmitrienko, K. Eriksson, In Information Security Practice and Experience, 5th D. Kuhlmann, G. Ramunno, A.-R. Sadeghi, S. Schulz, International Conference, (ISPEC’09), volume 5451 of M. Schunter, M. Winandy, and J. Zhan. Trusted Lecture Notes in Computer Science, pages 396–407. Virtual Domains – design, implementation and lessons Springer, 2009. learned. In International Conference on Trusted [21] H. L¨hr, A.-R. Sadeghi, and M. Winandy. Patterns for o Systems 2009 (INTRUST’09). Springer Verlag, 2009. secure boot and secure storage in computer systems. [6] L. Catuogno, H. L¨hr, M. Manulis, A.-R. Sadeghi, o In 4th International Workshop of Secure System C. St¨ble, and M. Winandy. Trusted Virtual u Methodologies Using Patterns (SPattern 2010), In Domains: Color your network. Datenschutz und Proc. of Fifth International Conference on Datensicherheit (DuD), 5, 2010. Availability, Reliability and Security (ARES’10), pages [7] L. Catuogno, H. L¨hr, M. Manulis, A.-R. Sadeghi, and o 569–573. IEEE Computer Society, 2010. M. Winandy. Transparent mobile storage protection in [22] H.-H. Rau, C.-Y. Hsu, Y.-L. Lee, W. Chen, and W.-S. trusted virtual domains. In 23rd Large Installation Jian. Developing electronic health records in Taiwan. System Administration Conference (LISA’09). IT Professional, 12:17–25, 2010. USENIX Association, 2009. [23] T. Schabetsberger, E. Ammenwerth, S. Andreatta, [8] Common Criteria Project Sponsoring Organisations. G. Gratl, R. Haux, G. Lechleitner, K. Schindelwig, Common Criteria for Information Technology Security C. Stark, R. Vogl, I. Wilhelmy, and F. Wozak. From a Evaluation, Version 3.1, July 2009. paper-based transmission of discharge summaries to electronic communication in health care regions. [9] Y. Gasmi, A.-R. Sadeghi, P. Stewin, M. Unger, and International Journal of Medical Informatics, N. Asokan. Beyond secure channels. In 2nd ACM 75:209–215, 2006. Workshop on Scalable Trusted Computing (STC’07), [24] D. Sofsian. An introduction to medical billing. http: pages 30–40. ACM Press, 2007. //,[10] Gematik. Einf¨hrung der Gesundheitskarte - u April 2006. Gesamtarchitektur, Version 1.7.0. http://www. [25] A. Sunyaev, A. Kaletsch, C. Mauro, and H. Krcmar., Security analysis of the german electronic health August 2009. card’s peripheral parts. In ICEIS 2009 - Proceedings[11] Gematik. Einf¨hrung der Gesundheitskarte - u of the 11th International Conference on Enterprise Netzwerkspezifikation, Version 2.0.0. http://www. Information Systems, Volume ISAS, Milan, Italy, May, 6-10, 2009, pages 19–26, 2009. August 2009. [26] A. Sunyaev, J. M. Leimeister, and H. Krcmar. Open[12] Gematik - Gesellschaft f¨r Telematikanwendungen der u security issues in german healthcare telematics. In Gesundheitskarte. HEALTHINF 2010 - Proceedings of the 3rd[13] J. L. Griffin, T. Jaeger, R. Perez, R. Sailer, L. van International Conference on Health Informatics, pages Doorn, and R. C´ceres. Trusted Virtual Domains: a 187–194. INSTICC, 2010. Toward secure distributed services. In Proceedings of [27] Trusted Computing Group. TPM Main Specification, the 1st IEEE Workshop on Hot Topics in System Version 1.2 rev. 103, July 2007. Dependability (HotDep’05), June 2005. 10