Security for confidential patient data is a high priority requirement for hospitals. The increasing number of cyber-attacks to steal patient data, raised a concern on how hospitals can improve security when handling confidential data. One option to improve security is the encryption of stored data, which difficult possible attackers to read sensitive data. Another option is the security improvement on communication level. When accessing confidential data, the hospitals can provide the necessary resources for patients and staff to securely connect to the hospital servers, avoiding the sensitive data to be intercepted during a data request.
For secure communication, network slicing can be used to customize the security of services. Network slicing can be understood as a way to create multiple, logical, isolated networks on top of common physical infrastructure in order to separate users, devices, and services. These logical networks are called network slices, and each can be tailored to meet specific requirements. In ProTego project, for example, the creation of a network slice is focused on adding an extra encryption layer for the different hospital services in order to provide secure communication between the patient and the hospital servers.
The encryption is an onerous process that consumes, for example, extra processing power, which can degrade the Quality of Server (QoS). The processing overhead is caused by the encryption and decryption process triggered on every data sent through the secure link. Therefore, from all the traffic generated by the patient device such as social media and hospital services, the hospital should encrypt only the confidential data. Network slice solutions can be deployed in hospital infrastructures to classify the network traffic and apply the security techniques only when necessary.
Software-Defined Networking (SDN) is a concept that detaches the network control layer from the data layer. Hence, SDN centralizes the network control of a group of switches enabling the optimization of the network. SDN switches route the network packets according to the rules deployed by the control layer. These rules are composed of two parts: a matching pattern and an action. Hospitals can take advantage of SDN solutions to slice the network by deploying matching pattern rules for hospital services and apply the security to the target data avoiding adding extra protection on irrelevant data.
In ProTego project, the deployment and integration of such features in the WiFi access point are assessed. The WiFi access points will be deployed in the hospitals where the patients will be connected and sending information to be stored in the cloud. By providing network slicing to different types of hospital services, ProTego will be able to utilize different encryption methods and keys to different services preventing an attacker who already decrypted the traffic of one slice to be able to decrypt the other with the same encryption key. In this way, ProTego aims to isolate the possible damage done by attackers and securing the patient’s confidential data.
This blog post was written by Henrique C. Carvalho de Resende (imec Antwerp) for the ProTego project.
