Our increasingly connected world leveraging the Internet of Things (IoT) creates great value, in connected healthcare, smart cities, and more. The increasing use of IoT also creates great risk. We will discuss the challenges and risks we need to address as developers in TIPPSS - Trust, Identity, Privacy, Protection, Safety, and Security - for devices, systems and solutions we deliver and use. Florence leads IEEE workstreams on clinical IoT and data interoperability with blockchain addressing TIPPSS issues. She is an author of IEEE articles on "Enabling Trust and Security - TIPPSS for IoT" and "Wearables and Medical Interoperability - the Evolving Frontier", "TIPPSS for Smart Cities" in the 2017 book "Creating, Analysing and Sustaining Smarter Cities: A Systems Perspective" , and Editor in Chief for an upcoming book on "Women Securing the Future with TIPPSS for IoT."
2. @JOTB19
The TIPPSS Imperative for IoT-
Ensuring Trust, Identity, Privacy,
Protection, Safety and Security
- Florence D. Hudson
- Founder & CEO, FDHint
IEEE-Standards Association, Clinical IoT & TIPPSS
2
3. @JOTB19
“Our increasingly connected world
leveraging the Internet of Things (IoT)
creates great value, and great risk.
We must work to ensure TIPPSS:
Trust, Identity, Privacy, Protection, Safety, Security,
for devices, systems, solutions, people.”
- Florence D. Hudson, Founder & CEO, FDHint
3
5. @JOTB19@JOTB19
Advanced technology and data
integration will portend the future
Source: https://www.goodfirms.co/blog/iot-connection-with-trending-technologies 5
6. @JOTB19@JOTB19
IoT will generate huge volumes of
data from explosive device growth
Sources: What’s The Big Data 2015; Datafloq 2016; GlobalSources 2016 6
7. @JOTB19
Health data sharing &
Medical IoT usage is increasing
Sources: FDHint, Frost & Sullivan, CIO Magazine, Healthcare IT News 7
“We've killed more people because we
didn't share data than because we did.”
- CIO Magazine, Paddy Padmanabhan
“87% of health organizations plan to adopt
IoT technology by 2019.”
- Healthcare IT News, Jessica Davis
NCI Cancer Moonshot Blue Ribbon Panel
• Enhanced data sharing working group
• Build a national cancer data ecosystem
Computational Approaches for Cancer
annual SuperComputing workshop
9. @JOTB19@JOTB19
To improve efficiency, safety, quality of life, energy use, & environment.
Smart Cities will be an interconnected
IoT-enabled “system of systems”
What can we enable if we think across the system of systems?
9Source: Florence D. Hudson
10. @JOTB19
Smart Cities will be built on Internet of
Things technologies needing TIPPSS.
Sources: FDHint; MetroLab 2017; NSF 2016; Frost & Sullivan 2016
TRUST
IDENTITY
PRIVACY PROTECTION
SAFETY
SECURITY
10
11. @JOTB19@JOTB19
TIPPSS: an imperative for
Smart Cities & Connected Healthcare
• Trust: Allow only designated people/services
to have device or data access
• Identity: Validate the identity of people,
services, and “things”
• Privacy: Ensure device, personal, sensitive
data kept private
• Protection: Protect devices and users from
harm – physical, financial, reputational
• Safety: Provide safety for devices,
infrastructure and people
• Security: Maintain security of data, devices,
systems, people
11Sources: Florence D. Hudson, FDHint
12. @JOTB19@JOTB19
Security and privacy risk
and concerns are increasing
http://bit.ly/neutronstarscollide
http://bit.ly/smartlockshack
http://bit.ly/jeephackwired
http://bit.ly/jnjinsulinpump
http://bit.ly/medtronicinsulinpump
http://bit.ly/fdarecallspacemakers
US Department of Homeland Security (DHS)
announces healthcare device hacking risk
• Exploitable with adjacent access, low skill level.
• Attacker can listen to communications,
including transmission of sensitive data.
12Sources: Florence D. Hudson, FDHint
13. @JOTB19@JOTB19
What could possibly go wrong?
We need to protect the humans.
Top concerns:
• Connected healthcare devices
• Connected vehicles
Protection needed regarding:
• Device, hardware, software, service
hacks - physical health and safety risk
• Financial risk, reputational harm
• Data theft, data integrity, loss of privacy
• Defense in depth needed – Hardware,
firmware, software, service
Need to evolve policy and culture.
Sources: FDHint; Florence D. Hudson; KPMG - Security and the IOT Ecosystem, 2015 13
15. @JOTB19
Blockchain – the Big Picture
Blockchain is digital Distributed Ledger Technology (DLT) which enables
data sharing without a central authority.
• A “basically immutable” record of transactions (basically is NOT = immutable)
• Tracks metadata about physical, financial, virtual transactions
• Keeps track of data provenance, additions to the blockchain, who, what, when
15
16. @JOTB19@JOTB19
Blockchain value, issues, challenges
The value of blockchain
• A distributed multi-party ledger with an “append only” structure
• Data provenance – tracks data, knows if it’s been changed, adds to the ledger
• A “basically immutable” record of transactions – maybe - see 51% rule
• Enables use of smart contracts and incentives for data sharing and transactions
• Might add Trust, Identity, Privacy, Protection, Safety and Security…if deployed correctly
Issues and challenges to be addressed regarding blockchain use cases
• Data can be hacked before it gets on the blockchain
• The blockchain can be hacked - need true “immutability” – 51% rule - “collusion”
• Need defense in depth to ensure end-to-end data security and privacy, on and off chain
16Sources: Florence D. Hudson, FDHint
17. @JOTB19
Application Collusion Research -
There is more to be done for TIPPSS
17
Colluded applications – are
collaborating applications that can
bypass permissions through
communicating with each other.
Researchers: Leon Reznik, Igor Khokhlov, Department of Computer Science
Rochester Institute of Technology, email: lr@cs.rit.edu, ixk8996@rit.edu
Data Qulity
Data Veracity User’s Privacy
Physical Data
Veracity
Logical Data
Veracity
Noise
Influence
Colluded
Applications
17Sources: Florence D. Hudson, FDHint
18. @JOTB19@JOTB19
Blockchain may be part of the solution
for TIPPSS … but could also add risk
18Sources: Florence D. Hudson, FDHint
19. @JOTB19@JOTB19
Health IT leaders are
experimenting with blockchain
Synaptic Health Alliance includes:
• Aetna
• Ascension
• Cognizant
• Humana
• MultiPlan
• Optum
• Quest Diagnostics
• UnitedHealthcare
19Sources: Florence D. Hudson, FDHint, https://www.synaptichealthalliance.com/project
20. @JOTB19@JOTB19
Blockchain in Healthcare Today
Open access peer-review journal
20
• On-line journal
• Original manuscripts, use cases, research
• Published on a continuous basis
• 20,000 downloads in 65 countries
• Available on Alexa!
• https://blockchainhealthcaretoday.com/
Sources: Florence D. Hudson, FDHint
21. @JOTB19
IEEE - Standards Association (IEEE-SA) :
Clinical IoT Data and Device Interoperability with TIPPSS
Goal: Develop a viable framework for a standard or set of standards that would enable device and data
interoperability with clinical-grade IoT with Trust, Identity, Privacy, Protection, Safety and Security, which
may include interoperability with blockchain or Digital Distributed Ledger Technology ( DLT ).
Pre-standards workstream participants included industry, academia, govt representatives from
Ascension, Bayer, Cognizant, ERT, FDHint, IBM, IEEE, Indiana University Health, Intel, Medtronic,
Oracle, Spiritus, Synopsys, University at Buffalo, US FDA, Wireless Research Center of North Carolina
Email flo1980@alumni.princeton.edu to connect to the IEEE-SA Clinical IoT and TIPPSS effort led
by FDHint, Indiana University Health, United Healthcare, Medtronic
IEEE Pre-Standards Activity Completed – Sign Up for Formal Standards Effort in IEEE-SA Project P2733
21Sources: Florence D. Hudson, FDHint
22. @JOTB19
IEEE-SA Pre-Standards Workstream Clinical IoT Data Validation & Interoperability with Blockchain - 2018/2019 – Draft Updated 24.Jan.2019
DRAFT - TIPPSS Architectural Framework for
Clinical IoT Data & Device Interoperability
Data Sources & Targets –
on chain and off chain
Clinical IoT – includes wearables, implantables, external and environmental sensors, actuators,
devices that create data used in clinical decisions, by humans, M2M, H2M, M2H
EMR/
EDW
Health
apps
Clinical
Labs
Claims Pharma
Data Ingest &
Management
Batch
Local
Gateway
Streaming
API
(FHIR)
Distributed
Ledger Technology
Security,Encryption,FederatedIdentityManagement,Key
Management,UserManagement,Authentication,Privacy,Compliance,
Governanceforhardware,firmware,software,applications,services
ConsentData Model
UX/UI Patients Providers Payers Regulators Pharma
API, SDKs
Social determinates
of health (Structured
+ Unstructured)
Genomics
Life
Style
Clinical
Research
Contract
Access
control
Applications
Devices
Advanced
Analytics
Artificial
Intelligence /
Machine Learning
Research
Device
Mgmt
Enroll
Transaction
History
Contract
Mgmt
Rules
engine
Device Connect
& Handshake
Data
Lineage
Data
Validation
Data
Validation
Data
Transformation
Precision
Medicine
Edge
Computing
Consensus
Algorithms
Health
apps
Trusted
Commands
Real time medical
device actuation
XR
Integration FHIR HL7 CDA CCD GELLO SNOMED LOINC
ISO
11073
CPT ICD-10 RDF
Connection
Layer
22
Sources:FlorenceD.Hudson,FDHint
23. @JOTB19
Read “Women Securing the Future with
TIPPSS for IoT” by 17 women authors
23
https://www.springer.com/gp/book/9783030157043#aboutBook
Authors include:
• CERN
• CISCO
• City of San Francisco
• GÉANT
• GlaxoSmithKline
• IBM
• Indiana University
• Judge
• REN-ISAC
• Start-ups
• UC Berkeley
• UC Santa Cruz
• University of Kentucky
• Venture Capitalists
• Virginia Tech
Sources: Florence D. Hudson, FDHint
24. @JOTB19@JOTB19
24
The Book Chapters: Women Securing
the Future with TIPPSS for IoT
1. IoT: Is It a Digital Highway to Security Attacks? - Cisco
2. IoT: Privacy, Security, and Your Civil Rights – Colorado Judge
3. Privacy in the New Age of IoT - GSK
4. A Business Framework for Evaluating Trust in IoT Technology – Alpha Edison - VC
5. Ahead of the Curve: IoT Security, Privacy, and Policy in Higher Ed – REN-ISAC, VTC
6. Trust, Identity, Privacy, and Security for a Smart Campus – Virginia Tech
7. Security for Science: How One Thing Leads to Another - CERN
8. The Dark Side of Things - GÉANT
9. Public Safety and Protection by Design: IoT and Data Science – UC Berkeley, SF
10. Privacy Management in the Internet of Things (IoT) – University of Kentucky
11. Securing IoT Data with Pervasive Encryption - IBM
12. Secure Distributed Storage for the Internet of Things – UC Santa Cruz
13. Profiles of Women Securing the Future with TIPPSS for IoT – FDHint