Personal data security in telemedicine M. Grayvoronskyy, A. Novikov NTUU “KPI”, Kiev, Ukraine.

Personal data security in telemedicine

M. Grayvoronskyy, A. Novikov NTUU “KPI”, Kiev, Ukraine

Characteristics of the information

Confidentialityonly authorized persons may become familiar with the

information

Integrityonly authorized persons may in any way modify the information

Accessibilityany authorized object may obtain data within the certain (short)

time interval

Teleworkers

Remote SitesCentral Sites

ATM / FR / ISDN

WANRouter

Network Reference Model

PBX

Hub

IPTGateway

Hub

PSTN

Router

WAN

Violator (internal)

L3 SwitchL2

Switch

PBX

Violator (External)

Internet

WAN Router/IPT Gateway

Confidentiality

The violation of confidentiality (privacy): disclosure of information Typical ways for disclosure of information: – “sniffing”: listening of the data transmitted via a

telecommunication channel– “spoofing”: an authorized object of

telecommunication exchange is substituted by an unauthorized object

TeleworkersSpoofing

Sniffing

WANRouter

Violation of confidentiality

HubHub

WANL3 Switch

L2Switch

Internet

WAN Router/IPT Gateway

Router

Integrity

The violation of integrity: – partial or complete loss of the information– falsification of data

Hub

WAN Router/IPT Gateway

Router

Accessibility

The violation of accessibility: denial of service (DoS) attacks

Hub

WAN Router/IPT Gateway

Router

Methods of information protection

Authentication of objectsData ciphering (encryption)Signing of dataRedundancy and backup in storage of dataRedundant data channels

Virtual Private Networks

Public Internet(Untrusted network)

PrivatePublic

Private

Public

FR or Leased Line(Intranet, trusted private network)

Public WAN VPN(Dynamic routing over

encrypted tunnels)

Public WAN(Clear-text, static routing)

Private WAN(Clear-text or Encrypted

Routing - Static, RIP, OSPF)

Branch Office Tunnel

IP Phones

Video conference

Transport and Tunnel Mode

New IPHeader

Sec ProtocolHeader

Data

IP Header Data

Tunnel Mode

Original IPHeader

Sec ProtocolHeader

Transport Mode

Original IPHeader

Data

Encryption

Encryption

Outer IP Header

Inner IP Header

A good example: Nortel Networks Contivity

Mo

du

lar

Ser

vice

Op

tio

ns

Dec

reas

ed C

ost

Software License KeysSoftware License Keys

Firewall Firewall ServicesServices

VPN VPN ServicesServices

Adv Adv RoutingRouting

Base ServicesBase Services

Contivity can function as – VPN device– Router – Firewall– Or any combination