Implementation of a Open Source Security Software

Advances in E-Activities, Information Security and Privacy

Implementation of a Open Source Security Software Platform in a Telemedicine Network M. Huerta, T. Viva, R. Clotet, R.Gonzalez, R. Alvizu, A. Peréz, D. Rivas, F. Lara y R. Escalante

Ruben Gonzalez Facultad de Contaduría Administración Departamento de Sistemas Computacionales Universidad Veracruzana (UV) Xalapa, Veracruz, México y [email protected]

Grupo de Redes y Telemedicina Aplicada (GRETA) Universidad Simón Bolívar (USB) Caracas, Venezuela [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]



Creation of Virtual Private Networks and Perimetric Firewalls to filter possible access at network traffic level [3], in order to protect the network connectivity between remote locations and mobile users, keeping the confidentiality safe in any transmission of information between mobile users, health centers, CMDLT and USB.



Secure Web Access by means of the Hypertext Transfer Protocol Secure (HTTPS) [4], to protect the process of authentication of users accessing the Telemedicine network, avoiding a possible capture of the user's password being handled in the network system.



LDAP,

Centralized management of user accounts and access privileges to applications, through a data repository, based on the Lightweight Directory Access Protocol (LDAP) and two-factors robust web authentication, one considering the digital certificates and another considering the username and password, will be used to control user access to the Telemedicine system, considering their profiles and roles within the medical organization.

A telemedicine network is being designed, for the interconnection of CMDLT and USB with fourteen (14) health centers, located in physically difficult to access areas at municipalities Baruta and El Hatillo (Miranda, Venezuela), in order to provide Tele Education, Tele Consulting and Tele Diagnosis to these communities. Undoubtedly, the use of information and communication technology is required to support these tasks and, doing so, medical information and patient information, such as medical history, results of medical examinations, diagnostic treatments, among others [2], which normally are classified as private and extremely confidential, could be, accidentally or intentionally, exposed to unauthorized access.

The main objective of this paper is to describe the operation and implementation of some of the security mechanisms that will be implemented for the Baruta-El Hatillo Telemedicine Network, in order to preserve the confidentiality of the communications throughout the network, normally exposed to computer security threats [6], and so protecting the privacy rights of every patient and protecting the medical confidentiality, as provided in Chapter VI of the Law for the Practice of Medicine of the Bolivarian Republic of Venezuela, in force since 1982, and the Code of Medical Ethics, which establishes the confidentiality of medical history [7].

Some of the security mechanisms that are used to protect the technological platform that supports the telemedicine network, from the risks mentioned above are:

The rest of this article is structured as follows: Section II discusses each of the security mechanisms implemented; Section III describes the settings for each of the free software applications used and finally, a discussion concerning the paper are presented.

Abstract—This paper describes the implementation of security platform based on Digital Certificates using open source software to protect the confidentiality and centralized access control of the Telemedicine Network of Centro Médico Docente La Trinidad (CMDLT) and 14 rural health centers located in the Municipalities Baruta and El Hatillo in Venezuela and Simón Bolívar University (USB). The security mechanisms of information to be considered in this study are Virtual Private Networks (VPN), User Authentication through Digital Certificates and the Centralized Management of accounts and privileges access of the Web telemedicine system, in order to guarantee the confidentiality of patient’s medical information transmitted through the telemedicine network. The OpenVPN, OpenLDAP, Apache Web server and PHP programming language were the software used on the operative system Debian[1]. Keywords: Telemedicine

Opensource,

I.

free

software,

VPN,

INTRODUCTION

ISBN: 978-960-474-258-5

72


commercial CA, such as VeriSign or similar, it is necessary to incorporate a second level of validation such as the RSA code, to be used as a pre-shared secret password, between both ends (Server and VPN clients). This will prevent "Man-in-theMiddle" type attacks, produced by those clients who connect to the network without verifying the server and so doing could connect to another server, intruder, located in the communication path [10].

II. INFORMATION SECURITY MECHANISMS The security architecture of the Telemedicine Network that interconnects Centro Medico Docente La Trinidad (CMDLT) with Universidad Simón Bolívar (USB) and fourteen (14) Health Centers at Baruta and El Hatillo municipalities is shown in Figure 1, which summarizes each of the security mechanisms implemented.

1. - VPN Client 2. - Browser with Digital Certificates Mobile users

2) To connect mobile users: Mobile users connecting through laptops, with Windows XP operating system, phones or PDAs that run with Windows Mobile operating system, could access the Telemedicine network across the Internet, establishing a secure virtual private network, between the mobile device and the VPN server located at CMDLT, using the OpenVPN application [10]. For the proper operation of this mechanism, a digital certificate associated with the user and custodian will be assigned for identification purposes, to every mobile device. Also, to authenticate the user, his ID and password will be validated against a data repository, based on the LDAP protocol.

USB

VPN /FW INTERNET Health center 1

Centro Medico La Trinidad VPN /FW Health center 2 VPN / FW VPN /FW Web Prototype for Telemedicine System

WAN VPN/FW

Centralized Repository of Accounts and Access Groups

. . .

This mechanism activates when the mobile user tries to access the telemedicine network from an OpenVPN client. The validation process of digital certificates starts, between VPN client and VPN server, based on SSL / TLS, as already explained. Then the system proceeds to validate the credentials presented by the user. At this point in time, the Open VPN server communicates with the LDAP server and validates whether the username and password are correct; if so, the connection which gives an internal network address of the Telemedicine network is established. If the data presented by the user is not the correct one, the connection is rejected, and the system will ask again for the proper data [10].

Health center 14

VPN /FW

Figure 1. Security architecture of the Telemedicine Network

A. Virtual Private Networks (VPN) The remote health centers and mobile users will maintain a secure connection through a virtual private network, using a free software application (OpenVPN), based on digital certificates for the authentication of the equipments involved. This application will generate a virtual channel between the two VPN servers, at both ends, which will allow encrypting the information, avoiding the possibilities of interpretation of de information [8], by any attacker who could intercept the communication traffic. The following paragraphs cover the operation of this mechanism for the two kinds of users:

Additionally, for each VPN server a perimetric Firewall will be configured, since these equipments will be handling the remote connections from mobile users, health centers and USB. This mechanism will perform filtering of traffic, according to the IP addresses of sources and destinations, and ports of the services they will access in the CMDLT network, allowing or denying access to certain network services during periods defined by the security administrator. Additionally, the Firewall will perform the IP Address Translations (NAT) required for the routing between remote locations. An application called IPTABLES will be used to implement this mechanism, and for its administration FWBuilder [8] will be used.

1) To connect remote locations (Lan to Lan): The mechanism starts when the Open VPN application is activated at any of the VPN servers located at every Health Center (named: "VPN client"), which communicates with the Open VPN located at the Centro Medico Docente La Trinidad (CMDLT) and the validation process starts between VPN client and VPN server, based on SSL / TLS, using certificates and RSA codes [9].

B. Secure Web Access: The Open Source Security Software (OSSS), uses a SSL (Secure Socket Layer) protocol, which is a secure system designed to get remotely access to a server in a secure way, through the use of encryption assuring that data sent and received may not be interpreted by any other person who is either the sender or the receiver This guarantees the confidentiality of the communication network between the end user and the Web Server which receives the telemedicine application [8]. The mechanism starts when the user tries to access the application by typing the URL into the browser address using the protocol SSL (e.g. https://...).

Open VPN authenticates the incoming end, checking that the offered certificate has been properly signed by the Certification Authority (CA) specified in the respective configuration file. The security offered by the SSL/TLS of the Open VPN, resides in the difficulty of forging the signature of the root certificate, to create false certificates of VPN clients. This authentication mechanism works perfectly if it has created its own root certificate, in this particular case the certification authority "ACUSB" was created to perform this task. However, if it is required to use the root certificate from a

ISBN: 978-960-474-258-5

73


transparency in the process and facilities the access control logic [8].

Then, after the access request by the Web browser, the SSL protocol Handshake proceed, which is where the Web server and the Web client are identified mutually agree on the protocol version which both server will be communicate. The following steps describe the process [9] [14]: 1.

The Web Client presents to the Web server and asks to be identify. Also the Web Client communicates to the Web Server that supports encryption algorithms and sends a random number in case this server cannot certify its validity and nevertheless can be made the secure communication.

2.

The Web server responds to the Web client and sends the digital certificate to identify between them. It sends its public key and tells the algorithm to be used, and another random number. The algorithm used is the most powerful support both between the server and client.

3.

The Web server receives the server’s digital certificate, decrypts it using the public key received and also checks if it was digitally signed by one to the ACS that the client knows as valid. In case of failure to recognize the AC that signed the certificate will display a message indicating “unknown authority” to the user whether or not to continue the process.

Initially, in this mechanism has to be defined the outline of the LDAP tree that will contain the users and groups into the Web application [11]. In this case, a outline has been made as shown in Figure 2:

Figure 2. Tree Diagram LDAP

Where: 

The domain is defined as “Telemedicine.usd.com”.



Organizational units call “users”, which contains the users of the network as the telemedicine system itself, which creates user accounts with their unique identifier (IUD).

At this time, both the client and server know the key randomly. (The client and the server generate and receive the private key, which is decrypted with the private key). To ensure that nothing has changed, both parties send the same message encrypted with random keys. If the key match together, the handshake ends and the transaction begins.



It has an OU called "telemedicine", which contains groups corresponding for each profile or role access defined at the Web application of telemedicine.



Each group created into the OU “telemedicine” users are added corresponding their role and functions. However, a user can have multiple roles..

6.

From this moment all messages are encrypted by the server with random keys known and sent to the client to be decrypted and read and vice versa.

D. Web Authentication Robust two-factors The Web authentication process designed includes the following:

7.

Finally, when the customer leaves the server, ends the secure session using SSL.

1) Identification phase, takes into account factors of "something you know" and "something that you have" where [15]: a) Something you have: it refers to the Digital certificate that is installed in the Web browser of the machine, from where you accessed and the certificate must match and the users you wish to enter.

4.

If the certificate is valid or accepted by the user, the Web client generates a random key using the algorithm set, proceed to encrypt with the server’s public key and send it to the Web Server.

5.

C. Centralized management of user accounts and access privileges to applications The accounts of access to the telemedicine network will be managed through a centralized data repository based on the LDPA protocol, where a security administrator can create, modify and delete accounts for access as well as each of the attributes that are associated with them. [5].

b) Somethig you know: It refers to the user’s login into the application and the respective keyword, which must be type from a keyboard.

Also, in this centralized repository of data for accounts and privileges of logic access, can be create different groups with a single and particular profile for access to the application of telemedicine to be consulted during the authentication process.

2) Verification phase, verifies one of each of the credentials presented in the last phase, as the following:: The Web server checks the validity of the digital certificate presented by the Web browser, considering it was delivered by the AC that was configured for this purpose and if it is not revoked by checking the list of revoked certificates respectively

The segregation of duties between the application manager (who provides the system code) and the security administration (who manages the accounts and user’s access), can be achieve

ISBN: 978-960-474-258-5

74


the other hand, the encryption type of data transmission is specified.

[12]. However, during this process the following cases could be present [13]: 

If the Web client does not have digital certificates for users, the Web server displays the error message for the exchange of certificates and ends the transaction.



If the Web client provides a digital certificate that is issued by the AC as defined in the same Web server or is revoked, it displays the error message and ends the transaction.



If the Web server validates that the web client has submitted a valid digital certificate, the system asks the user to enter the second factor authentication (something you know).

It is important to emphasize that the prototype applied specify the user’s access profile with limited access which the one you want to access and then validated by the application. However, it is a parameter that was added to the Web in order to visualize the mechanism of the centralized access management of roles for each user but not a parameter that is required to enter into the mechanism of two-factors authentication robust design because this value can be taken directly from the centralized data repository. Then, the Web application verifies that the certificate presented by the client matches the user you want to enter.

III.

SECURITY MECHANISMS IMPLEMENTATION USING FREE SOFTWARE TOOLS In this section the implementation of all security mechanisms mentioned above is described. A. Virtual Private Networks: For the implementation of the Virtual Private Networks and Firewall mechanisms between remote locations, the steps detailed below were followed [10]: Installing the application OpenVPN in each of the VPN servers witch Debian Ecth operating system.

2.

Copying the digital certificates issued by a certification authority and the remote VPN server certificate to the appropriate directory.

3.

Creating the VPN server configuration file server.conf (to be found at the CMDLT), which contains the IP address and the paths of: the certificate issued by the certification authority, the OpenVPN server certificate, the private key for the OpenVPN server and the key to be shared with the VPN client (to prevent Man-In-The-Middle attacks). On

ISBN: 978-960-474-258-5

Setting up, for the VPN server for mobile clients, the authentication method and the corresponding parameters for communicating with the OpenLDAP data repository which contains the network user information.

5.

Creating the VPN/FW server configuration file for each client (one at each health center and one at the USB). This file is named client.conf and contains: the VPN server IP address, the path where the digital certificates can be found, the cryptography type to be used, the shared key and the validation parameter for the VPN Server Certificate. In the case of mobile users, the user certificate is copied to the user device (laptop or PDA) in p12 format. Remark: If the certificate in p12 format is password protected, this password must be introduced after entering user and password when authenticating from a VPN client.

6.

Configuring the package routing in the VPN Server.

7.

Configuring the Firewall to carry out NAT and to filter incoming and outgoing network traffic.

B. Secure Web Access For the Secure Web Access mechanism to be implemented, it is necessary to configure the SSL Module on the web server. This module enables the use of the SSL protocol. Under the Debian operating system, the Apache2 server was configured following the procedure bellow [16]:

In the case the digital certificate presented belongs to the user which wants to enter, the application must check the user and password and the group presented, communicating to the centralized repository of accounts and groups for access through the LDAP protocol. In the event of any incorrect data, the system displays the error message again and again to ask for the credentials, but if user is well authenticated, it may enters the application.

1.

4.

1.

Installing the Apache2 Web Server.

2.

Enabling the SSL protocol.

3.

Configuring the Web Server to use port 443 for the https protocol.

4.

Configuring the default Virtual Host on the web server and specifying the location of the digital certificate.

5.

Copying the digital web server certificate and its corresponding private key to the path specified in the corresponding configuration file.

6.

Restarting the web service, for the configuration changes to take effect.

C. Two-Factor Robust Authentication For implementing this functionality, procedure was carried out [16]:

75

the

following

1.

Configuring the web server to request a digital certificate from the web client and verify if it was issued by a certification authority, looking for its digital certificate in a specified path.

2.

Developing a Web Application Module for validating user credentials, password and group against a centralized OpenLDAP data repository [17].


D. Centralized User Account Management and Application Access Management To implement the Centralized Repository based upon the LDAP protocol, the application OPENLDAD was installed in the server and LDAPAdmin.exe was used for managing it. The procedure bellow was followed [11]:

ACKNOWLEDGEMENTS This research is being supported by the Research and Development Dean (DID) and the Postgraduate Studies Dean of the Simon Bolivar University and by the Telemedicine Project under the Organic Law on Science, Technology and Innovation (LOCTI), financed by REPSOL YPF.

1.

Installing the OpenLdap application, executing the following command from the Debian console: #apt-get install slapd ldap-utils

2.

Configuring domain and administrator password for the LDAP server: #dpkg-reconfigure slapd.

3.

Testing if the slapd service is up and running, by executing the command: #ldapsearch -x -b "dc=example, dc=com"

[2]

4.

If there are problems with the slapd service, it can be run in debug mode in order to obtain status messages. This is done issuing the command: #slapd -d 256

[3]

5.

Installing the LDAP Admin.exe application for managing the OpenLDAP server, and setting the Connection Properties as shown in Figure 4.

REFERENCES [1]

[4]

[5] [6]

[7]

[8] [9] [10] [11] [12]

Figure 3. Setting the LDAP Admin Properties for accessing the server

[13]

DISCUSSION Free software is supported by a global community of thousands of experts, who are working every day in order to help us identify and remove the latest net security threats. Therefore the use of this kind of software can be considered reliable for building security mechanisms in telemedicine networks, as long as they are permanently updated and correctly configured.

[14] [15]

[16] [17] [18]

The implementation and use of free software in the government institutions has also being a priority of the Venezuelan State in the last years [18]. On the other hand, the technological platform supporting telemedicine is subject to security threats which can potentially affect operating systems, net devices, telecommunication, applications, etc. Therefore a risk analysis is necessary to identify threats and vulnerabilities and thus put forward suggestions and actions to be considered in the design and implementation of such platforms [19].

ISBN: 978-960-474-258-5

[19]

76

T. Vivas, A. Zambrano, M. Huerta. Mechanisms of Security Based on Digital Certificates Applied in a Telemedicine Network. 30th Annual International Conference Of The Ieee Engineering In Medicine And Biology Society. 20 al 24 de Agosto del 2008, Vancouver – Canadá. Kun, Luis G. Telehealth and the global health network in the 21st century. From homecare to public health informatics. Health Informatics & Information Technology, CIMIC, Rutgers Uni6ersity, New Jersey, NJ, USA. May 2000 Martinez, A., et al., Analysis of information and communication needs in rural primary health care in developing countries. Information Technology in Biomedicine, IEEE Transactions on, 2005. 9(1): p. 66-72. Brinkmanna, L; Kleinb, A.; Ganslandtb, T. Implementing a data safety and protection concept for a Web-based exchange of variable medical image data. International Congress Series 1281 (2005) 191– 195. Tipton, Harrold. Official (ISC)2 guide to the CISSP. Edited by AUERBACH. 2003 Ferrante, Frank E. Maintaining Security and Privacy of Patient Information. Proceedings of the 28th IEEE. EMBS Annual International Conference New York City, USA, Aug 30-Sept 3, 2006. Ley de Ejecicio de la Medicina de la Republica Bolivariana de Venezuela. Gaceta Oficial N° 3.002 Extraordinario de fecha 23 de agosto de 1982. James Michael Stewart, Mike Chapple. CISSP Certified Information Systems Security Professional Study Guide. 2nd Edition. Ed Tittel. 2003 Stephen A. Thomas. SSL & TLS Essentials: Securing the Web. Editorial Wiley. Canada. 2004 Pagina Oficial del Software OpenVPN. http://openvpn.net/ Pagina Oficial del Software OpenLDAP. http://www.openldap.org/ J.M. Roberts *,1, K.L. Copeland. Clinical Websites are currently dangerous to health, Phoenix Associates, 19 Church Meadow, Ipstones ST 10 2LS, UK. Medical Informatics Slobodan Kovacevic, Mario Kovac, Josip Knezovic. System for Secure Data Exchange in Telemedicine. Faculty of Electrical Engineering and Computing, Zagreb, Croatia. ConTEL 2007. Mendillo, V., El Certificado Digital: El documento de identidad en la red. Universidad Central de Venezuela. 2005. Geylani Kardas, E. Turhan Tunali. Design and implementation of a smart card based healthcare information system. Computer methods and programs in biomedicine 8 1 ( 2 0 0 6 ) 66–78. Pagina Oficial del Servidor Web Apache. http://www.apache.org/ Pagina Oficial del Lenguaje de Programación PHP. http://www.php.net/ Decreto N° 825, mediante el cual se Declara el Acceso y el Uso de Internet como Política Prioritaria para el Desarrollo Cultural, Económico, Social y Político de la República Bolivariana de Venezuela, de fecha 10 de mayo de 2000. Bjørn Axel Gran , Rune Fredriksen, Atoosa P.-J. Thunem. Addressing dependability by applying an approach for model-based risk assessment. Institut for energiteknik, OECD Halden Reactor Project, NO-1751 Halden, Norway. 2006.