Applications of Secure Location Sensing in Healthcare Michael - - PowerPoint PPT Presentation

applications of secure location sensing in healthcare
SMART_READER_LITE
LIVE PREVIEW

Applications of Secure Location Sensing in Healthcare Michael - - PowerPoint PPT Presentation

Dec 01, 2022 377 likes •775 views

Applications of Secure Location Sensing in Healthcare Michael Rushanan, David Russell, Aviel D. Rubin Johns Hopkins University Introduction Healthcare Application Benefit patient care, delivery, and safety Protect sensitive patient

slide-1
SLIDE 1

Applications of Secure Location Sensing in Healthcare

Michael Rushanan, David Russell, Aviel D. Rubin Johns Hopkins University

slide-2
SLIDE 2

Introduction

  • Healthcare Application
  • Benefit patient care, delivery, and safety
  • Protect sensitive patient data
  • Tracking and managing assets in real-time
  • Access Control
  • Barcode medication administration system
slide-3
SLIDE 3

Real-time Tracking

  • Tracking and managing assets in real-time
  • Hospitals
  • 1/3 Nurses spend at least 1hr/shift
  • 35,000 Units; 32-48% Being used
  • $4,000 equipment per bed
slide-4
SLIDE 4

Problem

  • Tracking needs to be secure
  • Resilient to passive and active attacks

Asset Tracker Backend Server

Position

Passive Adversary

slide-5
SLIDE 5

Problem

  • Tracking needs to be secure
  • Resilient to passive and active attacks

Asset Tracker Active Adversary Backend Server

Position

slide-6
SLIDE 6

BCMA

  • Scan barcodes on patients and medications
  • Improve patient safety by reducing human error
  • Electronic information integration
  • Interface with electronic medical records
slide-7
SLIDE 7

Problem

  • Scanning considered impractical
  • Koppel et al. identify 31 unique causes that

influence workarounds

  • Malfunctioning scanner
  • Unreadable wristbands
  • Wrong administration of medication
slide-8
SLIDE 8

Access Control

  • Electronic medical records
  • Require access all the time
  • Mobile device
  • BYOD or Hospital asset
  • Single-factor
  • Password or pin

Mike’s Personal Medical Record Height: x Weight: x Sex: Male Diseases: x, y, z History:

  • 1. Something happened.
  • 2. Something else.

Doctor Notes: He’s cool.

slide-9
SLIDE 9

Problem

  • Attacker can bypass this access control
  • All the data stored no the device is compromised

Mike’s Personal Medical Record Active Adversary

slide-10
SLIDE 10

Solution

  • Implement secure real-time tracking system
  • Secure against active and passive attacks
  • Implement other applications:
  • Location-based restrictions
  • BCMA with physical proximity
slide-11
SLIDE 11

Outline

  • We will discuss:
  • Common architecture
  • Secure real-time tracking system
  • Location-based access restrictions
slide-12
SLIDE 12

Common Architecture

  • We need a physical device that is:
  • Simple (computation, space)
  • Wireless
  • Efficient (i.e., run on battery)
  • Low-cost
  • Trusted central server
slide-13
SLIDE 13

BLE Beacons

13

slide-14
SLIDE 14

Apple iBeacon

  • Low-cost device
  • Bluetooth Low Energy (BLE)
  • Unidirectional
  • Computes distance via RSSI
  • Intended for advertising
  • “Spoofing” as a feature

14

slide-15
SLIDE 15

iBeacon

Beacon Beacon Beacon Gamestop Target Kroger Welcome to Target Coupon

Advertisement Not in range. Not in range.

slide-16
SLIDE 16

Other Technologies

  • RFID is expensive
  • Infrastructure (i.e., ingress and egress antennas)
  • Hospital RF policies
  • GPS doesn't work well indoors
slide-17
SLIDE 17

Other Technologies

  • Wi-Fi is bi-directional
  • Introduces complexity
  • Consumes more power
  • Larger attack surface

17

Access Point Access Point Access Point

slide-18
SLIDE 18

iBeacon Problem

  • iBeacon specification is not secure

18

Beacon Beacon Beacon Gamestop Kroger Welcome to Target Coupon

Advertisement Not in range. Not in range.

slide-19
SLIDE 19

Introducing Beacon+

  • Modify iBeacon specification
  • Add an AES CBC-MAC (i.e., authentication)
  • Secret key assigned a priori to deployment
  • Monotonically increasing sequence number
  • To handle clock skew

19

slide-20
SLIDE 20

Crypto Primer

  • Message Authentication Code
  • Short piece of information
  • Authenticates a message
  • Message came from state sender
  • Has not changed
  • Secret key needed to compute MAC
slide-21
SLIDE 21

Beacon+

21

slide-22
SLIDE 22

Initialization

  • Beacon+ on initialization:
  • ID
  • Sequence Number
  • Secret
  • Location

22

slide-23
SLIDE 23

Design

  • Every second, Beacon+:
  • Increments sequence number
  • Computes new MAC
  • MAC sent to BLE BoosterPack via UART at a

regular interval (i.e., 8x per second)

  • Replace previous advertisement

23

slide-24
SLIDE 24

Advertisements

iBeacon(Adver-sement( BLE(Adver-sement(Payload( 31(bytes(

UUID( (16(bytes)( Major( (2(bytes)( Minor( (2(bytes)( Ad(Structure(1( Size( (1(byte)( BLE(Flags( (2(bytes)( Ad(Structure(2( Size( (1(byte)( TX(Power( (1(byte)( Unused( (1(byte)(

Beacon+(Adver-sement(

ID( (2(bytes)( Sequence(Number( (8(bytes)( MAC( (16(bytes)( Ad(Structure(1( Size( (1(byte)( BLE(Flags( (2(bytes)( Ad(Structure(2( Size( (1(byte)( TX(Power( (1(byte)(

Reserved((4(bytes)( UserQDefined(Data((27(bytes)(( Reserved((4(bytes)( UserQDefined(Data((27(bytes)((

24

slide-25
SLIDE 25

Communication

3 2 1

I am 2

Trusted Server

Tracking

BLE WIFI I am 1 I am 3

slide-26
SLIDE 26

Communication

b1 b2 b3 b1 b2

X X

r1 r2 r3 r 1 r2

slide-27
SLIDE 27

Real-time Tracking

  • Beacon+’s are fixed at physical locations
  • Tracked BLE-speaking devices collect
  • Authenticated advertisements
  • RSSI
  • Beacon+’s data is shared with the trusted server

27

slide-28
SLIDE 28

Real-time Tracking

Beacon+ Unidirectional broadcast Multidirectional wireless communication Beacon+ Backend Server Data Collector Medical Device Beacon+ Beacon+ Beacon+ Beacon+ Smartphone 28

slide-29
SLIDE 29

Access Control

  • Bypass or breaks traditional access control
  • Password
  • Location-based access restrictions
  • Restrict access to data based on location
  • Another factor of authentication

29

slide-30
SLIDE 30

Beacon+

Nearby Patient Records Smith, John Doe, Jane Claus, Nicholas Roberts, Alice ID: 0004 Name: Roberts, Alice Address: 1056 Mountain Dr. Sex: Female DOB: 11/5/1967 History: N/A Therapy: Electroshock Medication: N/A Doctor: Dr. Evil Notes: None

30

slide-31
SLIDE 31

Criticisms of Beacon+

  • Access control
  • Need access to data immediately
  • Location verification issues
  • Inside attacker can modify RSSI to fake location
  • Proxy received signals
  • Trusted server

31

slide-32
SLIDE 32

No Central Trusted Authority

Beacon+ Beacon+ Certificate Authority Map Authority Medical Device Beacon+ Beacon+ Beacon+ Beacon+ Smartphone

signed(ids, locations)

Tracking & Location-based Access Queries 32

slide-33
SLIDE 33

Summary

  • Described common architecture
  • Beacon+
  • Discussed location sensing applications
  • Benefit patient safety
  • Addressed some criticisms

33

slide-34
SLIDE 34

Questions

34

Thank you for attending my talk!

slide-35
SLIDE 35

Backup Slides

slide-36
SLIDE 36

Trilateration

slide-37
SLIDE 37

No Central Trusted Authority

37

S={0,1}256 ID={0,1}128 HN=HN(s) C={ }

Setup

ID HN sig{ } ID HN sig

A hash chain is the successive application

  • f a hash function to a

piece of data. Its used to produce many one-time keys from a single key or password.

slide-38
SLIDE 38

No Central Trusted Authority

38

S ID

[Sender] Beacon+

M

ki = HN-i( ) i tagi=MAC(M, HN-(i+1)( )) S S C

{

slide-39
SLIDE 39

No Central Trusted Authority

39

[Sender] Beacon+ At time ,send M and

i tagi

At time ,send M and

j tagj

[Verifier] Phone Check time Verify Hj( ) =?

C kj HN