Securing cross-border exchange of ehealth data in the EU

Transcription

1 Securing cross-border exchange of ehealth data in the EU Ioannis Komnios KONFIDO Project Coordinator EXUS Software Ltd, NCSR "Demokritos", Athens, Greece

2 KONFIDO means Trust in Esperanto 2

3 KONFIDO Consortium 15 partners 7 countries 2 pilots 3

4 Cross-Border ehealth Data Retrieval Country B Data Request Patient Data Country A Country B should be aware of: Data formats and protocols of every country A The national infrastructure of every country A Regulations of every country A 4

5 ehdsi and OpenNCP OpenNCP is the technical outcome of the epsos project OpenNCP is a part of the ehealth Digital Service Infrastructure (ehdsi) and allows for the exchange of ehealth Data in Europe 5

6 The epsos Mediated Approach 20th March

7 Pillars for ehealth Interoperability in EU Existing nationalhealthcare infrastructures/legislation remain unchanged Member States are reluctant to accept impositions on their own legislation Trust among Member State (MS) is based on contracts and agreed policies The National Infrastructure (NI) of a MS never checks for security messages from the NI of another MS Information is exchanged but not shared. Any OpenNCP user MAY NOT modify an original document from abroad. The user retrieves a "read-only" document. 7

8 Security Assessment of epsos Security of communications is ensured by employment of cryptography and secure protocols Security of communicating parties is not enforced by technical means It is instead assumed by legally binding agreement No protection is offered against propagation of cyberattacks Instead, attacks which success in compromising a NI can exploit NCP to propagate to other countries These security aspects were out of scope of epsos 8

9 Here comes 9

10 1 st Pillar Enhancement of the trust and security of interoperable ehealth services 10

11 Six state-of-the-art Technologies Exploit the new security extensions of COTS CPUs for creating protected execution environments for ehealth applications Develop novel photonic encryption key generation technologies Build an efficient homomorphic encryption mechanism supporting secured health data storage, processing and exchange Develop customized SIEM solutions for real-time monitoring of the security of ehealth applications Implement disruptive logging and auditing mechanisms Design and implement a eidascompliant eid infrastructure 11

12 Conceptual view of KONFIDO architecture eidas KONFIDO is a modular set of tools that can be composed to improve resiliency 12

13 Trusted Execution Environment (Intel SGX) Application splitted in: Trusted and Untrusted parts App runs & creates enclave which is placed in trusted memory Only code running inside enclave sees data in clear 13

14 20th March

15 OpenNCP PS Transformation HCP 1-Ask for PS 2-Verify Authenticity of HCP 3-Send Request NI-B 12-Encrypt and return PS 11-Translate PS 10-Decrypt PS NCP-B 4-Verify Authenticity of NCP-A 5-Send Request National PS Infrastructure 9-Encrypt and send PS 8-Transcode PS 7-Decrypt PS 6-Encrypt and Return PS NI-A NCP-A 15

16 Homomorphic Encryption Parties: User private data owner Server owner of algorithm Goal: Server executes algorithm on HE data User obtains algorithm result on private data Can perform analysis on medical data without violating the patients privacy 16

17 Photonic Unclonable Function (PUF) Challenge Bit string (seed) Optical stimulus Electronic circuit Photonic Token Physical object Response Bit string (key) Image (speckle) Deterministic operation Same PUF-challenge allow the same response! PUF characteristics : Repeatability robustness Immunity to noise: The same object, challenge generates the same response Practically impossible to replicate unclonability Computationally unrealistic to simulate unpredictability Immunity to replication even by malicious manufacturer Immunity to machine learning, brute force, or simulation 17

18 KONFIDO SIEM A Security Information & Event Monitoring (SIEM) component is needed, in order to: Support a distributed analysis of high volumes of data Discover anomalies in the normal operation of the healthcare security system Protect the OpenNCP infrastructure from distributed attacks (ex. DDoS) 18

19 Disruptive Logging and Auditing Provides traceability and liability support Based on the blockchain design pattern Logs all privacy-critical operations A legally binding system based on blockchain auditing that allows to prove that specific ehealth data: Have been requested by a legitimate entity Have been provided (or not) 19

20 Blockchain-based logging and consent 20

21 eidas Authentication OpenNCP deals with: Physicians Pharmacists Patients eidas authentication refers to how these different users authenticate with OpenNCP with eidas compliant identities 21

22 OpenNCP Reference Architecture Country 3 Country 1 Level 3 EHR Level 2 NCP 3 Country 1 Level 3 EHR Level 2 Hospital National Infrastructure Health Center NCP 1 OpenNCP NCP 2 Hospital National Infrastructure Health Center Mobile Devices General Practitioner Triage Home Care Mobile Devices General Practitioner Triage Home Care Level 1 Level 1 22

23 After KONFIDO Deployment Country 3 KONFIDO TEE Country 1 NCP 3 Country 2 KONFIDO TEE KONFIDO TEE KONFIDO TEE KONFIDO TEE National Infrastructure NCP 1 NCP 2 National Infrastructure Trusted Execution Environment (TEE) Communication Channel 23

24 After KONFIDO Deployment Country 3 KONFIDO Country 1 KONFIDO National Infrastructure TEE KONFIDO NCP 1 TEE NCP 3 TEE KONFIDO NCP 2 TEE Country 2 TEE KONFIDO-SIEM C-1 Konfido-SIEM C-2 HE-Data Processing Real-Time Data Processing TEE HOOKS TEE PUF KONFIDO SERVICES/APIs eidas Auditing Services HE Homomorphically Encrypted Data Encrypted Data Plain data 24

25 2 nd Pillar Continuous validation and proof of concept demonstrations 25

26 Validation Pilots Pilot sites in: Italy Denmark Spain 26

27 Pilot 1: Cross-border health data exchange across EU Goes to hospital Kenneth Authentication with eid Barcelona Healthcare Professionals Authentication with eid May Access Kenneth s health information May provide new information from new potential clinical interventions Denmark Professionals May Access the information provided by BCN May spot potential clinical problems May follow-up an accident Other Apps May provide extra information 27

28 Pilot 2: Secure cross-region and cross-border mobility for emergency management and patient empowerment Accident Paramedics in ambulance Mobile application Authentication User consent implications Chronic patients Retrieving information Authentication May Access Anna and Cristina s health information data Multiple Fonts Access (Pausil Database, Private Clinic Database) Telemonitoring App Monitors Anna on holidays Sends medical information remotely to Italy Professionals Italy: track Anna s health on holidays Barcelona: Access Anna s records in case of emergency 28

29 3 rd Pillar Focus on stakeholders, improving user acceptance, adhering to standards and legal and ethical directives 29

30 Objectives Adhere to existing National and European legal directives and ethical norms Achieve wide acceptance of KONFIDO s solutions Achieve wide user engagement steering KONFIDO s solutions Define appropriate business models and a go-tomarket strategy 30

31 KONFIDO outcome Smartly integrate the different components/tools into a universal security toolbox to provide a complete packaged security solution to ehealth/mhealth Uniform, seamless and interoperable interface, operating under a common security and privacy framework Consideration of legal, operational/policy and ethical aspects 31

32 Co-funded by the Horizon 2020 Framework Programme of the European Union under Grant Agreement nº Partners EXUS (Coordinator), CERTH, CINI, CEA, TLX, EULAMB, TLB, EURECAT, MEDCOM, ICL, BIT4ID, PAUSIL, SUNDHED, AQUAS, IDIBAPS