Securing patient data in a hostile world

Transcript

1. Securing  patient  data  in  a  
   hostile  world  
   Some  thoughts  on  device  &  
   mobile  trust
   Kenneth White
   March 24, 2015 ・ Health IT Series
   

   View Slide

2. Background
   •  Safety-critical software engineering
   •  Clinical Research
   o  Global central labs: academic, startup biotech, mid &
   large commercial pharma
   •  FDA technical groups - biosensor data
   standards (ambulatory & telemetry ECG)
   •  Machine Learning & expert systems
   •  Network security
   

   View Slide

3. Current  Work
   •  Open Crypto Audit Project
   o  Large-scale security & cryptography audit of OpenSSL
   o  TrueCrypt audit
   •  Dovel Labs
   o  Cloud security R&D practice
   o  Open data, human-centered application design
   •  DHIS2 & BAO Systems
   •  Open source public health surveillance
   •  WHO, Doctors without Borders, US State Dept…
   

   View Slide

4. Mobile  apps  are  cloud
   •  What’s the intended use?
   o Heart rate monitor: gym treadmill or EKG?
   o See new draft guidance on communication &
   storage integration for mobile medical apps
   §  http://www.fda.gov/downloads/Training/CDRHLearn/
   UCM435363.pdf
   o Discretionary enforcement
   o “Active monitoring” vs. “Healthy lifestyle”
   •  Where are data stored (device & remote)?
   •  Information transport, encryption, controls
   

   View Slide

5. It’s  a  dangerous  world
   

   View Slide

6. View Slide

7. And  it’s  not  limited  to  
   traditional  adversaries
   

   View Slide

8. This  is  a  problem
   

   View Slide

9. But  so  is  this
   

   View Slide

10. View Slide

11. People  are  beginning  to  re-­‐‑
    examine  trust  of  the  entire  
    software  supply  chain
    

    View Slide

12. View Slide

13. Fortunately,  strong  security  
    options  are  more  rich  than  ever
    

    View Slide

14. Emerging  Adoption
    o  Smarter network defense (Splunk, Dark Viking, real-
    time threat feeds & response)
    o  Stronger core network protocols
    o  HTTP/2 rolling out in browsers
    o  SSL → TLS 1.3
    o  Strong primitives
    •  Elliptic Curve Cryptography (ECC)
    •  Ephemeral key exchange (PFS)
    •  Deprecating RSA & legacy suites
    

    View Slide

15. Emerging  Adoption
    o  At-rest disk & volume encryption w/ off-cloud key
    management
    o  Hardware Security Module (HSM) key appliances
    o  Open multi-factor auth options (TOTP 2FA/MFA apps)
    o  Sophisticated VPC networking (VPNs, bastion &
    private vLANs, fine-grain roles & group network ACLs)
    o  Ubiquitous auditing & monitoring
    •  CloudTrails
    •  Elasticsearch
    •  AlienVault/OSSIM
    

    View Slide

16. IAM  Role-­‐‑Authorized  One-­‐‑time  Credentials
    

    View Slide

17. What’s  working
    •  Governance automation
    •  Production full-stack orchestration (the “Dev” word)
    o  Ansible, Salt, Puppet, Chef, Docker, Rocket
    •  Validate the process & configuration engine
    •  Cloud
    o  Medidata CTMS
    o  Bristol-Myers Squibb modeling
    o  Cardiac safety (HeartSignals)
    •  Explicit threat models
    o  But see also Anthem, Premara Blue Cross, Sony
    •  Database & disk encryption are fundamentally
    misunderstood technologies
    

    View Slide

18. Parting  Thoughts
    o  Intelligence & defense collaboration & sharing is
    critical
    o  Best practices for cloud are simply first principles
    for systems
    o  Understanding the difference between regulator
    guidance vs. mandates
    o  Encryption isn’t a magic bullet
    o  Understand your threat model
    o  Insulin pumps probably don’t need to be on the
    Internet
    

    View Slide

19. Thank  You!
    

    View Slide

20. Contacts
    Labs kenneth.white @ doveltech . com
    OCAP admin @ opencryptoaudit . org
    Twitter @kennwhite
    LinkedIn linkedin.com/in/biotech
    Talks speakerdeck.com/kwhite
    

    View Slide