|
|
< Contents ERCIM News No. 63, October 2005 |
SPECIAL: Security and Trust Management
|
|
|
Secure UPnP and Networked Health Care
by Kari Keinänen and Mika Pennanen
For today's rapidly growing mobile environments, VTT Information Technology's research is providing middleware for the development of networked health-care systems, and other applications for various end-user devices (PDAs, mobile phones etc) and wireless networks (WLAN, Bluetooth etc). The key point is the addition of network facilities to existing applications, rather than the development of new applications.
Resource discovery and communication are fundamental problems in the networking of devices and services. Universal Plug and Play (UPnP) is a widely accepted solution for discovering, controlling and monitoring networked appliances. Network installation becomes simple; furthermore, networks can be built in which one terminal controls all appliances and each appliance can be controlled by many different control points. However, UPnP does not specify sufficient security mechanisms. Secure UPnP was therefore developed to ensure that only authorised nodes can control and monitor devices.
Security Solution
Our Secure UPnP provides authentication of hosts, data confidentiality and integrity, as well as key management. We employ well-known and proven security components, in particular Secure Sockets Layer (SSL) and X.509 certificates.
|
Figure 1: Secure UPnP architecture. |
|
SSL is widely used, for example, to secure bank account access over the public Internet. We use SSL to secure all TCP traffic, which carries most of UPnP messages. To establish an SSL session, each node must have a X.509 certificate for authentication. Certificates are granted by a local Certificate Authority (CA) but only if the Administrator has accepted the new node. UPnP discovery phase uses UDP where it is not possible to use SSL, but we encrypt UDP data. The UDP encryption key is shared by the whole network and distributed using SSL.
Application Areas
Secure UPnP makes it possible to build secure networks that are easy to install and have multiple control terminals. A variety of physical networks can be used and shared with other applications. Application areas include health care in homes, hospitals, gyms and outdoor sports, home networks, building networks, industrial automation, sensor networks, and transport telematic networks.
The Networked Health Care system
VTT pioneered the concept of 'overall personal health-care information system'. Networked Health Care can be used with several health care instruments, eg scales, exercise cycles or fitness steppers to improve people's health. We work with several personal scenarios that aim to effectively control a person's weight and improve his/her overall fitness. We focus on the middleware layer and communication solutions. Users receive advice and information and the option of exercise training lessons with their own personal instructor, eg motivational virtual cycling environments with adjustable resistance. Providing detailed exercise feedback is a good way of encouraging people to manage their own personal health care.
|
Figure 2: Networked Health Care system.. |
|
The Networked Health Care system can be integrated with a number of appliances: for instance, an exercise cycle which lets you choose the speed of resistance, with the motivating virtual cycling environment working as a remote control. Personal health information such as heart rates, speed and calorie consumption/supply are collected directly from the Networked Health Care instruments (eg scales, exercise cycle) or from the user's profile (eg eating habits). Such information helps to monitor and control weight and fitness progression, to encourage physical exercise and to improve the user's health.
The system provides secure communication between instruments (see devices below) and only authenticated devices can join the Secure UPnP network. The network is a self-organizing system, which allows 'on-the-fly' associations between application entities and network resources without complex conuration.
Future work will concentrate on adding new appliances to the system. We also intend to provide remote controlling support between private networks.
Please contact:
Kari Keinänen, VTT, Finland
Tel: +358 9 456 5673
E-mail: kari.keinanenvtt.fi
Mika Pennanen, VTT, Finland
Tel: +358 9 456 5623
E-mail: mika.pennanenvtt.fi
|
|
|
|