Streaming DICOM Real-Time Video and Metadata Flows Outside The Operating Room

International audienceWith the current advancement in the medical world, surgeons are faced with the challenge of handling many sources of medical information in more and more complex and technological Operating Rooms (ORs). Obviously, in the next generation ones, there will be an increasing number of video flows during the surgery (e.g. endoscopes, cameras, ultrasounds, etc.), which can be also displayed all over the OR in order to facilitate the task for the surgeon and to avoid any adverse events or problems related to inadequate communication in the OR. Additionally, other information needs to be shared, pre/post/during an operation, such as the history of the digital images related to the patient in the PACS and the metadata coming from medical sensors. Moreover, these medical videos captured from the OR can be either displayed on a large screen in the OR in order to provide the surgeon with more visibility, in this case via DICOM-RTV, or streamed outside the OR via a P2P solution. The latter one can serve various purposes such as for teaching medical student in real-time or for remote-expertise with a remote senior surgeons. Hence, this paper addresses the challenges of streaming DICOM-RTV video and metadata flows live from the operating room, typically during an ongoing surgery, in real-time to the outside world. A Proof of Concept is also presented in order to demonstrate the feasibility of our solution

Conception sécurisée de services IoT pour les villes connectées

The richness and the versatility of WebRTC, a new peer-to-peer, real-time and browser based communication technology, allowed the imagination of new and innovative services. In this thesis, we analyzed the capabilities required to allow a participant in a WebRTC session to access the smart Things belonging to his own environment as well as those of any other participant in the same session. The access to such environment, which we call “SmartSpace (SS)”, can be either passive, for example by monitoring the contextual information provided by the sensors, or active by requesting the execution of commands by the actuators, or a mixture of both. This approach deserves attention because it allows solving in an original way various issues such as allowing experts to remotely exercise and provide their expertise and/or knowing how. From a technical point of view the issue is not trivial because it requires a smooth and mastered articulation between two different technologies: WebRTC and the Internet of Things (IoT) /Web of Things (WoT). Hence, the first part of the problem studied in this thesis, consists in analyzing the possibilities of extending WebRTC capabilities with theWoT. So as to provide a secure and privacy-respectful access to the various smart objects located in the immediate environment of a participant to any otherend-user involved in the same ongoing WebRTC session. This approach is then illustrated in the ehealth domain and tested in a real smart home (a typical example of a smart space). Moreover,positioning our approach in the context of communication services operating in smart cities requires the ability to support a multiplicity of SSs,each with its own network and security policy. Hence,in order to allow a participant to access one of his own SSs or one of another participant (through a delegation of access process), it becomes necessary to dynamically identify, select, deploy, and enforce the SS’s specific routing and security rules, so as to have an effective, fast and secure access. Therefore, the second part of the problem studied in this Ph.D.consists in defining an efficient management of the routing and security issues regarding the possibility of having multiple SSs distributed over the entire network.WebRTC est une technologie récente de communication qui permet d’établir des échanges multimédia conversationnels directement entre navigateurs. Nous nous intéressons dans cette thèse à des locuteurs dans un Smart Space (SS) défini comme un environnement centré-utilisateur instrumenté par unensemble de capteurs et d’actionneurs connectés. Nous analysons les capacités nécessaires pour permettre à un participant d’une session WebRTC d’impliquer dans cette même session, les flux induits par les objets connectés appartenant au SS d’un utilisateur quelconque de la session. Cette approche recèle un gisement de nombreux nouveaux usages. Nous limitons notre analyse à ceux concernant l’exercice distant d’une expertise et d’un savoir-faire. Techniquement, il s’agit d’articuler de façon contrôlée WebRTC et IoT/WoT. Nous procédons à une extension de WebRTC par WoT pour fournir à tout utilisateur d’une session WebRTC, un accès aux objets connectés du SS de tout autre participant à la session, en mettant l’accent sur la sécurisation de cet accès ainsi que sur sa conformité aux exigences de respect de la vie privée (RGPD) de l’utilisateur concerné. Le positionnement de notre approche dans le contexte des services de communication opérant dans les villes connectées, impose la prise en compte de SSs multiples et variés induisant chacun ses propres politiques de routage et de sécurité. Pour répondre à nos objectifs, il devient nécessaire au cours d’une session WebRTC, d’identifier, sélectionner, déployer et appliquer les règles de routage et de sécurité de façon à garantir un accès rapide et sécurisé aux différents SSs concernés et distribués sur tout le réseau. Nous développons une architecture originale répondant à ces besoins et intégrant un contrôleur SDN du fait de l’étroite imbrication entre les problématiques de routage et de sécurité. Un prototype illustrant notre approche a été mis en oeuvre et testé afin d’évaluer la performance et la sécurité du système. Nous illustrons finalement notre approche dans le domaine de la santé en démontrant son apport pour gérer une infrastructure de grande taille telle qu’un hôpital

Certified multimedia statement with WebRTC and Microservices

International audienceThe articulation between WebRTC and microservices deserves more attention and we argue that it could be highly promising. We illustrate it by the introduction, the analysis and the implementation of an innovative use case dedicated to the development of multimedia statements certified in a fair way. The generic character of this use case allows a rich set of instantiations covering various real life situations involving remote multimedia conversational exchanges. Our approach however required the development of several non trivial microservices. We thus point that the emerging of a dynamic ecosystem able to successfully deepen in this direction the full capabilities of WebRTC, might suffer from the lack of microservices off the shelf. We finally address this problematics of microservices deployment by identifying and discussing two alternatives solutions

Dynamic security management of smart WoT infrastructures using SDN

International audienceThe next generation of infrastructures (hospitals, factories, buildings, etc.) will be deeply impacted by the introduction of a huge number of IoT devices which will contribute to a significant improvement of their operations. This follows the trend of the Web of Things (WoT) which projects to seamlessly connect an incredible diversity of IoT devices and IoT frameworks in a novel way, enabling exciting new services and opportunities due to its flexible nature. However, it also means that more and more data need to be protected from external threats and unauthorized accesses. Additional security, privacy and monitoring mechanisms need to be deployed, together with an efficient management of those IoT devices for the new vision of smart infrastructure. This issue becomes more convoluted and hardly tractable when dealing with several smart objects of the infrastructure dispatched over different network locations that we call Smart Spaces (SS), along with evolving management rules which may be specific to each SS. This paper proposes to solve this issue by introducing an architecture based on an Software Defined Networking (SDN) controller for managing the secure access to the different SSs of a smart infrastructure. We argue that a centralized view can greatly simplify and improve the security management of such infrastructures. We illustrate our approach with a use case from the e-Health domain involving the management of the security of different rooms of an hospital where each room is considered as an SS. A Proof of Concept is also provided, with a concrete implementation of all the components together with an analysis of the performance and the security of the new architecture

A Privacy Safeguard Framework for a WebRTC/WoT-Based Healthcare Architecture

International audienceIn this paper, an e-health architecture offering secure remote medical services using WebRTC (Web Real-Time Communication) enhanced with contextual health information coming from medical connected sensors, is proposed and analyzed. The goal is to allow patients (injured, elderly, disabled, etc.) to benefit from a medical assistance just by calling a remote medical support (doctors, nurses, etc.) using a real-time communication technology such as WebRTC. Moreover, the advancement of the medical devices, on one side, and the emergence of the Web of Things (WoT), on the other side, makes this approach possible. Hence, granting the users the ability of monitoring their own health status and an awareness of their health condition. However, in such architectures, in order for the users to access these services, they need to provide and exchange personal data, and in particular the health related ones. Therefore, user's private information may be exposed to privacy violation and disclosure. Understanding the privacy holes regarding the protection of the personal health related data, identifying the privacy leakage points and studying the privacy requirements are important in order to propose a privacy safeguard for the proposed healthcare architecture, which is the aim of this paper. Additionally, a risk analysis, the sources of these risks and the possible countermeasures are also conducted during this process

La sécurité des objects connectés

National audienceLe progrès dans le monde des systèmes embarqués a favorisé l'apparition d'objets dits " intelligents " (de l'anglais smart object) ou encore " connectés ". Ces derniers intègrent, dans un contexte de faible consommation énergétique, un microcontrôleur permettant de piloter un capteur et/ou un actionneur alliés à une capacité de communication. Les objets intelligents offrent à leurs usagers l'exploitation de scénarios intéressants induisant principalement deux classes d'interactions : d'une part, capturer et remonter vers le réseau la valeur courante d'une information spécifique à leur environnement immédiat (objet en tant que capteur) et, d'autre part, recevoir du réseau une commande dont l'exécution peut avoir un effet de bord sur leur environnement direct (objet en tant qu'actuateur). Un smartphone, un téléviseur ou un réfrigérateur connecté, une montre intelligente, des systèmes de détection de présence ou de chutes, ... constituent des exemples concrets d'objets connectés faisant partie de notre quotidien. L'Internet des Objets (IoT) permet de conceptualiser ce nouvel environnement reposant sur les réseaux traditionnels, auxquels sont connectés les objets en tant que composantes particulières du monde réel ayant des contraintes fortes en matière de ressources (mémoire, capacité de traitement, énergie) et disposant de méthodes multiples de communication sans fil. Selon IPSO (IP for Smart Objects), l'adoption massive du protocole IP par les objets devrait à terme conduire à une connectivité directe avec l'Internet, en ouvrant la voie à sa troisième grande évolution (Web 3.0). Ces objets peuvent être découverts, contrôlés et gérés depuis Internet. Cette articulation, qui représente un point fort de l'IoT, le fait aussi hériter de toute la problématique de la sécurité déjà présente dans l'Internet. Cette dernière se repose même avec une acuité renouvelée dans ce nouvel environnement, du fait de ses caractéristiques particulières. Il est important d'analyser la façon avec laquelle les exigences classiques de sécurité (CIA, AAA, ...) ainsi que celles liées au respect de la vie privée peuvent être déclinées dans ce nouvel environnement

SDN-based security management of multiple WoT Smart Spaces

International audienceNext generation infrastructures will be deeply impacted by the introduction of the Internet of Things, with the objective of improving their current operating models and methods. This follows the trend of the Web of Things (WoT), which projects to seamlessly connect various smart devices and IoT frameworks due to its flexible nature, hence, enabling new innovative services and opportunities. However, it also means that more and more data need to be protected from external threats and unauthorized accesses. Therefore, additional security and privacy mechanisms need to be deployed, together with an efficient management of these IoT devices. This issue becomes more convoluted and hardly tractable when dealing with several devices of the infrastructure dispatched over different physical Local Area Networks (LAN)s that we call “Smart Spaces” (SS)s. Thus, this paper proposes to solve this issue by introducing an architecture based on a Software Defined Networking controller for providing a secure access to the different SSs of a smart infrastructure, in a centralized way. We argue that a centralized view can greatly simplify and improve the security management of such infrastructures. Moreover, to support our assumptions, a Proof of Concept, with a concrete implementation of all the components is provided

Security issues of the web of things

International audienceNowadays a number of enabling technologies are coming together. Above all is the progressive reduction of the cost and scale of computing devices equipped with wireless communication, sensing and actuating capabilities. Sensing capabilities include cameras, microphones, GPS receivers and many different scalar sensors. Open-sourced, general-purpose and easily programmable operating systems are spreading as a result of market forces. These factors create a multitude of devices and smart objects interconnected on a global scale and nowadays called the Internet of Things (IoT). This one emerges by the way as a network of physical objects, devices, vehicles, buildings and other items embedded with electronics, software, sensors, actuators and network connectivity, to enable the collect and the exchange of data. The intrinsic heterogeneity of IoT makes its programming, deployment and management difficult and even crippling. The Web with its almost universal feature, appears as a promising candidate to provide to IoT a platform able to abstract and hide its fundamental heterogeneity. The shift from IoT to the Web of Things (WoT) has mainly to simplify the management of IoT while preserving its full range of capabilities and possibilities. Each smart object in WoT can interact with users and with other smart objects using a RESTfull API either embedded in the smart object itself or in a gateway. It can be accessible through a dedicated URL via a standard web protocol such as HTTP, REST, . . . using the browser as a native access point. This convergence to the web can eventually bring some security issues mainly related to the huge number of possible connected smart objects, which reduces the efficiency or may even invalidate the traditional control mechanisms (identity management, authentication, access control . . . ). We argue thus the need of a deeper investigation of the security requirements of WoT together with an analysis of the limitations of the existing security architectures

A secure WebRTC/WoT-based health-care architecture enhanced with access control

International audienceIn this paper, we present an e-health architecture that provides secure remote medical services using WebRTC (Web Real-Time Communication). The goal is to allow patients (injured, elderly, disabled, etc.) to benefit from a medical assistance just by calling a remote medical support (doctors, nurses, hospitals, etc.) using a real-time multimedia communication technology such as WebRTC. The advancement of the medical devices, on one side, and the emergence of the Web of Things (WoT) frameworks, on the other side, make this approach possible. Hence, granting the users both the ability of monitoring their own health status and having an awareness of their health condition. However, most of the current architectures do not take into account the security issues, even thought its a fundamental requirement. In this paper, we introduce a security layer encompassing the fundamental security properties (authentication, data confidentiality, integrity and access control). We give particular attention to the access control, since a guarantee that only authorized users are allowed to access the medical resources, is a critical requirement of e-health systems. We adopt a Role-Based Access Control (RBAC) model in order to provide this capability. A proof of concept is implemented in order to test the feasibility of our solution

La sécurité des objects connectés

National audienceLe progrès dans le monde des systèmes embarqués a favorisé l'apparition d'objets dits " intelligents " (de l'anglais smart object) ou encore " connectés ". Ces derniers intègrent, dans un contexte de faible consommation énergétique, un microcontrôleur permettant de piloter un capteur et/ou un actionneur alliés à une capacité de communication. Les objets intelligents offrent à leurs usagers l'exploitation de scénarios intéressants induisant principalement deux classes d'interactions : d'une part, capturer et remonter vers le réseau la valeur courante d'une information spécifique à leur environnement immédiat (objet en tant que capteur) et, d'autre part, recevoir du réseau une commande dont l'exécution peut avoir un effet de bord sur leur environnement direct (objet en tant qu'actuateur). Un smartphone, un téléviseur ou un réfrigérateur connecté, une montre intelligente, des systèmes de détection de présence ou de chutes, ... constituent des exemples concrets d'objets connectés faisant partie de notre quotidien. L'Internet des Objets (IoT) permet de conceptualiser ce nouvel environnement reposant sur les réseaux traditionnels, auxquels sont connectés les objets en tant que composantes particulières du monde réel ayant des contraintes fortes en matière de ressources (mémoire, capacité de traitement, énergie) et disposant de méthodes multiples de communication sans fil. Selon IPSO (IP for Smart Objects), l'adoption massive du protocole IP par les objets devrait à terme conduire à une connectivité directe avec l'Internet, en ouvrant la voie à sa troisième grande évolution (Web 3.0). Ces objets peuvent être découverts, contrôlés et gérés depuis Internet. Cette articulation, qui représente un point fort de l'IoT, le fait aussi hériter de toute la problématique de la sécurité déjà présente dans l'Internet. Cette dernière se repose même avec une acuité renouvelée dans ce nouvel environnement, du fait de ses caractéristiques particulières. Il est important d'analyser la façon avec laquelle les exigences classiques de sécurité (CIA, AAA, ...) ainsi que celles liées au respect de la vie privée peuvent être déclinées dans ce nouvel environnement