e-Health Security – An Overview
Faisal Karim Shaikh
DEWSNet Group
Dependable Embedded Wired/Wireless Networks
www.fkshaikh.com/dewsnet
DEWSNet
© Neeraj Suri
Dependable
Embedded Wired/Wireless Networks
EU-NSF ICT March 2006
MUET Jamshoro
Course Structure and Contact Info
www.muet.edu.pk/~shaikh/courses/
 Schedule
 Monday 3-5 pm
 Exams




2-3 mid exams (can be surprise :)
Home assignments
Presentations in class (voluntarily)
Final Exam
 Faisal K. Shaikh
 faisal.shaikh@faculty.muet.edu.pk
 Office Hours (TL125): Monday 10:00 – 11:00
by appointment
eHealth Security – An overview
2
Relevant Literature + Lecture Foils
 Internet is open for all and for me too 
 Slides will be available on the lecture’s homepage
 I will try to upload the foils shortly before /after the lecture
 Books
 Kaufman, Perlman and Speciner. Network Security: Private
Communication in a Public World.
 Stevens. TCP/IP Illustrated, vol. 1, the protocols.
 …….
eHealth Security – An overview
3
Course Overview
 Network Security
 Introduction to network security
• Secure network services
• Attacks
 Secure channels/network layers
• Introduction to cryptography
• Authentication
• Cryptographic Protocols
– Strong authentication, key exchange
 Analysis of protocols
 Standards
• SSL/TLS, SSH, IPSEC
• Kerberos, S/Key
 Public Key Infrastructures
• PKI: X.509
• PGP
–
eHealth Security – An overview
4
Course Overview




Packet filtering/Firewalls
Intrusion detection
Distributed Denial of Service attacks
Network forensics/ vulnerability assessment
 Data Security
 Body Area Networks Security
eHealth Security – An overview
5
First concepts
Terminology
DEWSNet
© Neeraj Suri
Dependable
Embedded Wired/Wireless Networks
EU-NSF ICT March 2006
MUET Jamshoro
What is Security?
 Definitions from the Amer. Herit. Dict. :
 Freedom from risk or danger; safety. (NO!)
 Measures adopted … to prevent a crime such as burglary or
assault. (ALMOST!)
 Network security measures:
 Mechanisms to prevent, detect, and recover from network
attacks, or for auditing purposes.
eHealth Security – An overview
7
Terminology
 Assets and liabilities
 Policies
 Security breeches
 Vulnerabilities
 Attacks
 Threats
 Threat Intensity
eHealth Security – An overview
8
A Secured Network
 A network is “secured” if it has deployed adequate
measures for prevention of, detection of, and
recovery from attacks.
 Adequate = commensurate with the value of the
network’s assets and liabilities, and the perceived threat
intensity.
– By Breno
eHealth Security – An overview
9
Security Goals
C onfidentiality
I ntegrity
A vailability
Other important security goals include auditability
eHealth Security – An overview
10
Security operations
 Prevention against
adversarial or accidental
capture and/or modification
of information.
 Audit of data
accesses/modifications, and
of privileged operations.
 Detection of all improper
access to data and system
resources.
eHealth Security – An overview
11
 Recovery from
unauthorized access,
restoring data values,
system integrity, and
identifying
compromised
data/resources.
 Retaliation (legal, PR,
info. warfare)
Authentication
Used to prevent impersonation and detect
unauthorized data modifications.
Some mechanisms to provide data integrity will
not be considered:
 Enforcement of safe data manipulation methods (file
system protection mechanisms, database protection
mechanisms).
eHealth Security – An overview
12
Availability
 Continuous service, quality of service, resource
wastefulness reduction
 Typical attack: DoS, DDoS
 Prevention by removal of bottlenecks
 Detection of attacks
 Recovery of service provision ability
 Audit of service requests
eHealth Security – An overview
13
Concrete Security Measures
 Securing an open network requires adoption of a myriad
of measures:





Policies, audit and evaluation
Personnel training
Physical security/ EM emanation shielding
Authentication and access control
Communication security: Cryptography-based techniques.
eHealth Security – An overview
14
Open Systems Interconnection
A standard-centric networking model
DEWSNet
© Neeraj Suri
Dependable
Embedded Wired/Wireless Networks
EU-NSF ICT March 2006
MUET Jamshoro
Open Systems
 Open Systems:
 general-purpose networks that support standardized
communication protocols and may accommodate heterogeneous
sub-networks transparently.
 Corporate Intranets:
•
Ethernet, Token Ring and Wireless subnets.
 Internet
eHealth Security – An overview
16
Open Systems Interconnection Model
ISO’s layered approach to standardization
FTP, Telnet, SSH
7. Application layer
6. Presentation layer
MIME, XDR, SSH
5. Session layer
NetBios, FTP, Telnet, SSH
4. Transport layer
TCP,UDP,SSL/TLS
3. Network layer
IP, ICMP, IPSEC
2. Data link layer
Ethernet, PPP, ISDN
1. Physical layer
pins, cabling, radio
eHealth Security – An overview
17
1-2. Physical/Data Link Layers
Physical layer: Radio, fiber, cable, pins
Data link layer orchestrates the signaling
capabilities of the physical medium
(unreliable, noisy channel) into reliable
transmission of protocol data units (PDUs).
PDUs contain control information,
addressing data, and user data.
Hardware-based encryption operates at
1+2.
eHealth Security – An overview
18
3. Network Layer
 Exports a logical network interface, allowing for
uniform addressing and routing over heterogeneous subnetworks.
 E.g.: IP can route between Ethernet- and 802.11x - networks
eHealth Security – An overview
19
Internet structure
AS3
AS1
BGP routes
(negotiated)
AS2
AS4
eHealth Security – An overview
20
4. Transport Layer
 Permits connection and connectionless associations.
Connections enable reliable transmission of data
streams.
 End-to-end security first becomes meaningful at this
level.
 Security associations: An association is either a connection or
a connectionless transmission service at levels 4-7.
eHealth Security – An overview
21
Levels 5 and Higher
 Application through session protocol layers.
 Many network applications implement their own session
management. Moreover, they typically depend on system
libraries for presentation layer capabilities. Such
applications, from a data-path viewpoint, may be
considered a single layer: PDUs only typically appear at
the session layer.
eHealth Security – An overview
22
Example: SSH
SSH provides services at all topmost three
OSI layers.
 Application: Terminal/file transfer
 Presentation: Encryption
 Session: Connection, synchronization
Only at the session layer the data
(encrypted buffers of user input) gets
first packaged into a protocol data unit
for transmission.
eHealth Security – An overview
23
TCP/IP networking model
A data-path centric model
DEWSNet
© Neeraj Suri
Dependable
Embedded Wired/Wireless Networks
EU-NSF ICT March 2006
MUET Jamshoro
TCP/IP network model
( TCP/IP Protocol)
TCP/IP Application
Layer
7. OSI Application
6. OSI Presentation
5. OSI Session
TCP/IP Transport Layer 4. OSI Transport
TCP/IP Network Layer 3. OSI Network
TCP/IP Data Link Layer 2. OSI Data Link Layer
TCP/IP Physical Layer 1. OSI Physical Layer
eHealth Security – An overview
25
Protocol Data Wrapping
eHealth Security – An overview
26
Fitting Security
How security measures fit into the network
models
DEWSNet
© Neeraj Suri
Dependable
Embedded Wired/Wireless Networks
EU-NSF ICT March 2006
MUET Jamshoro
Association Model
An association is either a connectionless data
transmission service or a connection at any of
OSI layers 4-7, or TCP/IP application
/transport layers
An N-association is the data-path through
which N+1 entities communicate:
 Generally at session layer or below.
 N+1-layer data packaged into N-PDUs
eHealth Security – An overview
28
Association Model (2)
V. L. Voydock and S. T. Kent
eHealth Security – An overview
29
Security at levels 1 - 3
 Implemented at the host/network interface level (lack
notion of association): Link-to-link security.
 Encryption/authentication requires operations at each
network node.
 Each network node must be trusted.
 Impractical for Open Systems?
eHealth Security – An overview
30
Security protocols ≤ 3
 Many VPN technologies work at level 2
 PPTP, L2F, L2TP
 Rationale: Directed at dial-up VPN networks, (PPP is
level-2). Provide service to a variety of network-level
protocols, such as IP or IPX.
 IPSEC works at level 3, essentially extends
IPv6/IPv4.
eHealth Security – An overview
31
Security above level 3
Most flexible security measures
End-to-end security: The security policies
and mechanisms can be based on
associations between entities (applications,
processes, connections), as opposed to
host-based:
 In multi-user environments, or when hosts are
not physically secure, host-based policies are
not sufficiently fine-grained.
eHealth Security – An overview
32
Summary

Security measures can take three main forms:
1.
2.
3.
End-to-end security at the TCP/IP application layer (5-7 OSI
model layers)
End-to-end security at the (TCP/IP,OSI) transport layer
Link-to-link security at the network, data-link and physical
layers.
eHealth Security – An overview
33
Attacks
A taxonomy
DEWSNet
© Neeraj Suri
Dependable
Embedded Wired/Wireless Networks
EU-NSF ICT March 2006
MUET Jamshoro
Attack Types
And their impact on end-to-end
communication security mechanisms
DEWSNet
© Neeraj Suri
Dependable
Embedded Wired/Wireless Networks
EU-NSF ICT March 2006
MUET Jamshoro
Passive Attacks
Observation of N+1-layer data in an Nlayer PDU: release of data contents, or
eavesdropping
Observation of control/ address
information on the N-PDU itself: traffic
analysis.
Transport/network boundary = End-toend/ link-to-link boundary.
 Traffic analysis is least effective if N+1 = 4.
eHealth Security – An overview
36
Active Attacks





Impersonation
Packet injection (attacker-generated PDU)
Packet deletion/delay
Packet modification/re-ordering
Replay attacks
 If a breech can be achieved by both active and passive
attacks, which is more powerful? (problematic)
eHealth Security – An overview
37