mobile blood donation registration service: security and privacy issues

Mobile Blood Donation Registration Service: Security

and Privacy IssuesPresented by

Patrick C. K. HungFaculty of Business and IT

University of Ontario Institute of Technology (UOIT)

Canada

Salute Prof. Ho-Fung Leung (CUHK, Hong Kong) Dr. C. K. Lee (Hong Kong Blood Transfusion Service, Hong Kong) Prof. Jay Tashiro (UOIT, Canada and Wolfsongs Informatics, USA) Prof. Wendy Hui (University of Nottingham Ningbo, Ningbo) Prof. Michael Chau (HKU, Hong Kong) Dr. Lalita Narupiyakul (UOIT, Canada) Mr. Frenco Cheung (CUHK, Hong Kong) Mr. Mars Yim (CUHK, Hong Kong) Mr. Matthias Farwick (University of Innsbruck, Austria) Mr. Kai-kin Chan (Baptist U, Hong Kong) Mr. Thomas Trojer (University of Innsbruck, Austria) Ms. Michelle Watson (UOIT, Canada) Ms. Stephanie Chow (UOIT, Canada) Mr. Ryan Bishop (UOIT, Canada)

Outline Blood Donation Registration XML Technology Security and Privacy Issues Our System Pilot Tests Demonstration Future Work Q&A

Blood Donation Procedure Objective Blood Donation Form Electronic Blood Donation Form

Blood Donation Registration

Blood Donation Procedures Personal data Health history enquiry Haemoglobin test and blood pressure

checking Interviewed by nurse Blood donation

Objective Minimize drop out blood donors

Maximize return blood donors Reduce time and human error Keep contact with blood donors

Promote blood donation events Provide visualize education about blood donation

Maximize blood donation services

Blood Donation Form

Blood Donation Form (cont’d)

Electronic Blood Donation Form

Electronic Blood Donation Form (cont’d)

XML XML Schema Extensible Stylesheet Language Web Service Web Service Description Language Simple Object Access Protocol Service Oriented Architecture Semantic Web – OWL, SWRL

XML Technology

XML: eXtensible Markup Language A general-purpose specification for

creating custom markup languages. Allow users to define their own

elements. Facilitate the sharing of structured data

across different information systems Used to encode documents and to

serialize dataTraditional Database or SpreadsheetAdam, Smith, asmith, 1765, John, Smith, jsmith, 1234, ...

XML<Staff> <Name> <FirstName> Adam </FirstName> <LastName> Smith </LastName> </Name> <Login> asmith </Login> <Ext> 1765 </Ext></Staff>

XML Example

XML Schema A description of a type of XML document Express in terms of constraints on the

structure and content of documents Example of XML schema

Extensible Stylesheet Language(XSL) A family of transformation languages

XSL Transformations, XSL Formatting Objects and XML Path Language

XSL Transformations (XSLT): an XML language for transforming XML documents

Describe how to format or transform files encoded in the XML standard

XSLT Example

Web ServiceW3C Definition of a Web Service

has a unique Uniform Resource Identifier (URI) http://en.wikipedia.org/wiki/Uniform_Resource_Identifier

can be defined, described, and discovered using XML

supports exchange of XML messages via Internet-based protocols

Supported by all major computing companies, e.g., IBM, Microsoft, Sun Java, and etc.

Web Service Description LanguageWeb Services Description Language (WSDL) describes the Web service’s interface:

what operations the Web service supports what protocols to use how the data exchanged should be

packed

The WSDL document is a contract between the service requestor and provider.

Simple Object Access ProtocolSimple Object Access Protocol (SOAP) is an XML-based messaging protocol.

SOAP is independent of the underlying transport protocol:

HTTP SMTP FTP.

Service Oriented Architecture

BUSI 2501U E-Business Tech. - Winter 2008 20

Web Services ProviderWeb ServiceInterface:

Web Service Description Language (WSDL)

Implementation:Services-oriented Architecture

Web Services Requestor

Input Message

Output Message

Simple Object Access Protocol (SOAP)

Simple Object Access Protocol (SOAP)

RegistriesUniversal Description,

Discovery and Integration (UDDI)

Optional

Web Services Provider

Web ServicesBroker

Semantic Web – OWL, SWRL The Semantic Web is a web that is able

to describe things in a way that computer applications can understand

Ontology Web Lanuage (OWL) is a language for defining and instantiating Web ontology Ontology refers to the science of describing

the kinds of entities in the world and how they are related

Semantic Web Rule Language (SWRL) is a language for defining the relationship between instances on OWL

Health Level 7 (HL7)Formed in the United States in 1987One of several American National Standards

Institute (ANSI) "Level Seven"

Refer to the highest level of the International Organization for Standardization (ISO) communications model for Open Systems Interconnection (OSI)

Application levelWho needs HL7

Hospitals, doctors, nurses and health care practitioners Require the ability to send and receive healthcare data

Ex. patients information, lab reports and test results www.hl7.org

Clinical Document Architecture (CDA)HL7 is in the XML platform

Version 3.0 Provide XML schema as standard

Clinical Document Architecture (CDA) Version 2.0 Standard for the clinical document Schemas for recording clinical events in documents Composed of 2 main parts

Header: Patient information, Document information, Confidential level, Time stamp

Body: Medical background, Physical examination, Image, Video

Literature Review Privacy Access Control Threat Modeling

Security and Privacy Issues

Literature Review

Adapted from Blobel, B. and F. Roger-France. (2001). A systematic approach for analysis and design of secure health information systems. International Journal of Medical Informatics, Volume 62, Number 1, pp. 51-78.

Literature Review (cont.)

Adapted from Blobel, B. and F. Roger-France. (2001). A systematic approach for analysis and design of secure health information systems. International Journal of Medical Informatics, Volume 62, Number 1, pp. 51-78.

Literature Review (cont.)

• “Preserve donor privacy by restricting access to donor data to authorized Red Cross personnel”

• “Protect the integrity of donor data”• “Protect the integrity of usage data”

• “Maintain availability of communication paths”• “Maintain availability of web service server”

Availability

Integrity

Confid

entia

lity

Privacy “Privacy is the ability of an individual or group

to stop information about themselves from becoming known to people other than those they choose to give the information to.”

http://en.wikipedia.org/wiki/Privacy

“All persons have a fundamental right to privacy, and hence to have control over the collection, storage, access, communication, manipulation and disposition of data about themselves.”

International Medical Informatics Association (IMIA)

Access Control

29

American National Standard 359-2004 is the Information Technology industry consensus standard for RBAC

Adapted from: David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn and Ramaswamy Chandramouli, “Proposed NIST Standard for Role-Based Access Control, ACM Transactions on Information and Systems Security (TISSEC),” Volume 4, Number 3, August 2001.

Role Based Access Control (RBAC)

Access Control (cont.)eXtensible Access Control Markup Language

(XACML) Allow administrators to define the access control

requirements for their application resourcesSupport data types, functions, and combining

logic Allow complex (or simple) rules to be defined

XACML privacy profileIncludes an access decision language

used to represent the runtime request for a resourceWhen a policy is located which protects a

resource The functions compare attributes in the request

against attributes contained in the policy rules ultimately yielding a permit or deny decision

Access Control (cont.)

Access Control (cont.) GEO-Privacy

Extend GEO-Privacy with complex constraints like „Two Eyes Principle“, or role-location conflicts

Create a prototypical implementation using XACML and the IPhone‘s location API

RPOS

SES Ri

Rs

UsersU

OPS Obj

Sessio

nUse

rs User Role Instance

Assignment

Session roles

Enabled Session RolesSPATIAL ROLES

Obligations

Conditions

Retentions

Purposes

Threat Modeling

Threat Modeling (cont.)Man-in-the-middle

Threat Modeling (cont.)

35

Internet Backend Process

Privacy &Access Control

Authentication

Web Service Server

Wifi

Bluetooth

Cable

Database

PrivateKey

Public Key

Personal Data Files

Security Technology- SSL-Apache Technology + XML Encryption + XML Signature + XML Key Management + WS-Reliable Messaging: SANDESHA - XACML- Secure Transaction (Acknowledgement, Time Stamp)

Record of Donation

Record of Donation

Record of Donation

Web X.0 Technology- Facebook: HK Red Cross Donor Group- MSN- RSS: WHO.org and Redcross.org- Semantic Web + OWL files & SWRL rules

Business Logic

EEE PC

EEE PC

EEE PC

Donation Process,Paypal, etc

Overview of the System Architecture of the System User Interface - JavaServer Face Web Service-based SOA

Our system

Overview of the System

Linux Network UserInterface

Privacy&

Security

Open Source• Tomcat 6• Axis2• WASA• eXist

Connectivity• Private

Wireless Network

• LAN

GUI• JSF

XML Security• Apache

Rampart

Overview of the System (cond’t)

Overview of the System (cond’t)

Overview of the System (cond’t)

Architecture of the System

User Interface - JavaServer Face J2EE Model View Controller Pattern (MVC) for

the Web

Integrated validation of user input

Integrated dynamic page flow support

Ajax add-ons for dynamic behavior (i.e. progress bars, dynamic highlighting, etc)

Server-side Java classes make integration with Web Services easily

Web Service-based SOA Software-Oriented Architecture Used for businesses to communicate

with each other Allow organizations to communicate

data without intimate knowledge of each other's IT systems behind the firewall

The Hong Kong Red Cross Blood Donation Center

Pilot Test

Blood Donation Station Set-up Server – Lenovo Laptop(OS: Linux) Client side (Mobile Devices) – Asus

EeePC Red Cross side – our own notebook

November 28, 2009 – King’s Park

Result and Feedback 1st pilot test (on 9th August):

Fail to send the finished form from client to server

Unsatisfied reaction time for the interface 2nd pilot test (on 6th November):

Connection failure between the mobile devices and the server

Input interrupted A non-styled e-form occurred

3rd pilot test (on 26th November): Everything running smoothly

Result and Feedback (cont.) 4th pilot test (on 15th December):

Testing the Tablet PC with touch screen

General feedback from the users: Satisfactory on learning how to use the

system Prefer to use the paper form (but this may

depend on the age groups of the users and other reasons)

Agree that this system can help in shortening the waiting time for blood donation

Prefer to use the touch screen

Video Demonstrations

Demonstration

Client Side

Client Side (cond’t)

Client Side (cond’t)

Client Side (cond’t)

Client Side (cond’t)

Client Side (cond’t)

Client Side (cond’t)

Client Side (cond’t)

Client Side (cond’t)

Client Side (cond’t)

Client Side (cond’t)

Client Side (cond’t)

Client Side (cond’t)

Red Cross Side

Red Cross Side (cond’t)

Red Cross Side (cond’t)

Red Cross Side (cond’t)

Red Cross Side (cond’t)

Red Cross Side (cond’t)

Future Work Q&A

Future Work

Future Work Testing the Bone Marrow Donor

Registration Form

Future Work (cond’t) Implement Semantic Web technology

(OWL and SWRL )in Protégé.http://protege.stanford.edu/

Future Work (cond’t)

Q14a = Boolean14. Have you received surgery (including endoscopic examination, treatment involving the use of catheters)?

YE

S

Ask Level of Surgery

If elective minor then defer 3 monthsElse If elective major then defer 6 monthsElse If elective major emergency then defer 12 monthsElse contact nurse (nurse can decide a level)

Q8_1 = Boolean8(1). Have you had contact with an infectious disease?

YE

S

Ask to specifydisease

Check ontology and Decide the defer time

Disease Ontology

YE

S

Q8_1 = Boolean8(1). Have you had contact with an infectious disease?

YE

S

Check ontology and Decide the defer time

Q8_1 = Boolean8(1). Have you had contact with an infectious disease?

YE

S

Check ontology and Decide the defer time

Q8_1 = Boolean8(1). Have you had contact with an infectious disease?

YE

S

Check ontology and Decide the defer time

Q8 = Boolean8). Have you had contact with an infectious disease?

Future Work (cond’t) Implement a new interface for PDA and

iPhone Test out the form in PDA and iPhone Adapt Web 2.0 technologies in the

system More Pilot Tests for different fields of

people

Q&A Thanks you!