special topics in security and privacy of medical...
TRANSCRIPT
1
Special Topics in Security andPrivacy of Medical Information
Sujata Garera
This lecture Portable patient record systems Emergency access Break the glass systems
Motivation Physicians and EMTs often encounter
unconscious patients with little medicalinformation Can be a serious issue if person has a medical
condition such as epilepsy or diabetes
2
On the other hand Revealing patient information can lead to
negative consequences Employers fear that they incur the cost or risk
by hiring people with chronic conditions E.g. Stephen Orr case E.g. Cirque de Soleil case
Benefits outweigh the costs Availability of such information is vital
Hypoglycemia for example is a dangerouscondition which affects diabetic patients
Knowledge that the patient has diabetes mayexpedite diagnosis of hypoglycemia
Could prevent adverse drug reactions
Varied systems Proprietary mobile phone products USB flash drives Monitoring system Our system
3
Proprietary Products AllOne Mobile Health
Consumer can access health solutions throughtheir mobile phones
Emergency access history available Security relies only on a user entered PIN
Proprietary products icePHR
In Case of Emergency Portable Health Recordsystem
User can manage and edit their personalinformation
Authentication required only when the user hasto download this information from the server
No security on locally stored records
USB flash drives for PHR Personal HealthKey
Manufactured by CapMed Stored health information Offers password based security and encryption User can carry his health records on a key
chain secured from others
4
USB flash drives for PHR Personal Health Key
Analysed by Wright and Sittig [2007] Enabled the encryption Manually analyzed the file and database
structure of the device
USB flash drives for PHR Microsoft Access database with Microsoft
Jet Engine Password used to lock the database not same as
user password Password used to view database stored directly
in database file at a fixed offset scrambledagainst a fixed string with a logical operator !!
USB flash drives for PHR Device stores the users password as a string
in the database and encrypts the data with acommon password fixed by manufacturer !! Instead of
encryptedData = Epasswd(PHR data)
The manufacturer used encryptedData = Econstantpwd(PHR data)
5
USB flash drives for PHR Security drawbacks
Constant encryption key Known to manufacturers Encryption flawed
Functionality drawbacks Lack of full view of records in emergency No real time processing of user data
Securing medical record onsmart phones
PHR stored on acommodity smartphone
Owner can accessrecord at any time
Emergency access tofull record alsoallowed
PHRs on Smart Phones Technique
Based on secret sharing Allows for revocation of compromised or
retired credentials Demands little of users and requires few
resources of Depends on the use of biometrics
6
Building blocks Secret Sharing
Biometric key generation
Building blocks - Secret Sharing Cryptographic technique for distributing
trust among a number of parties
Secret Sharing (2,4) Will any compromise be tolerated ?
18
A B
C D
8
8
10
10
7
Threshold Secret Sharing Shamir, Blakely [1979] Motivation increase confidentiality and availability (k,n) threshold scheme
Threshold k Group Size n
Confidentiality >= k shares are needed to reconstruct the secret (Atleast k) < k shares provide no information about the secret
Availability The scheme can tolerate n-k compromises
n=2k-1, so majority are correct, k-1 can be compromised
Shamir’s Secret Sharing (k,n) Threshold scheme
Secret s Prime p
p should be larger than s and n Degree k-1 polynomial f(x)
s is the constant term Dealer selects random coefficients in {0 … p-
1} and creates this polynomial f(x) f(x) = s + r1x + r2x2 + … + rk-1xk-1
Shamir’s secret sharing Assume the participants have id’s x1, x2 …
xn f(x) = s + r1x + r2x2 + … + rk-1xk-1
Share is (xi, yi = f(xi))
8
ReconstructLagrange InterpolationSay R is the set depicting The correct set of atleast k shareholders
!
f (x) = y j l j (x)j"R
#
!
l j (x) =x " xix j " xii#R , j#R ,i$ j
%
Example Suppose we wanted to share the secret 1
among 3 people A,B,C such that 2 out of 3can construct Degree of polynomial ?
Example A: x1 = 1, B: x2= 2, C:x3 = 3
Say the prime is 5
Dealer chooses random values in {0, … 4} Say the polynomial is f(x) = 1+x
9
Example f(x) = 1+x Share of A: (x1,y1=f(x1)) = (1,2) Share of B: (2,3) Share of C: (3,4)
Example Suppose A,B pool shares
Reconstruct polynomial f(x)
Evaluate polynomial at 0
Example Reconstruction
Lagrange Interpolation f(x) = y1l1(x) + y2l2(x) = 2l1(x) + 3l2(x) l1(x) = (x-x2)/(x1-x2) = - (x-2) l2(x) = (x -x1)/ (x2-x1) = (x-1) f(x) = -2(x-2)+ 3(x-1) = x+1
!
f (x) = y j l j (x)j"R
#
!
l j (x) =x " xix j " xii#R , j#R ,i$ j
%
10
Building blocks - Biometric keygeneration Biometric signals such as finger scan are
often used for identification andauthentication Universal - everyone can be identified by the
common characteristic Unique - no two persons have the same
characteristic Permanent Collectable- measurable
Biometrics Types of biometrics
Static Finger Face
Behavioral Handwriting Voice
Biometric authentication Enrollment phase
Feature extractionand creation of abiometric templatewhich will be storedin a database
Verification Extract features and
compare againststored template
11
Biometric key generation Generate key stream from biometric traits
Measurements from the iris are known to have highentropy and create cryptographic keys with securityequivalent to 128 bits
A new method for generating an invariant iris private keybased on the fuzzy vault system by Lee et al. [2008]
Recent work shows how feature extraction and Reed-Solomon error correcting codes can produce biometricbased bit sequences which can yield 128 bit keys foruse with AES
Biometric based cryptographic key generation from faces byChen et al. [2007]
Error rates are high though
Biometrics in our approach Only relying on password based security
for the medical records may create issuesduring and emergency
Use of non-behavioural features such asface and finger for securing records willallow an EMT to access them in anemergency
Division of capabilities
12
Scenario 1
Text
Scenario 2
Scenario 3
13
This lecture Encryption characteristics of two USB
based personal health record devices Wright and Sittig
Securing medical records on smart phones Gardner et al.
We will continue with this next time