medvault : ensuring security and privacy for medical data
DESCRIPTION
MedVault : Ensuring Security and Privacy for Medical Data. Mustaque Ahamad, Douglas Blough, Ling Liu, David Bauer, Apurva Mohan, Daisuke Mashima, Bhuvan Bamba, Balaji Palanisamy, Ramkumar Krishnan, Italo Dacosta. http://medvault.gtisc.gatech.edu/. Overall Goal - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: MedVault : Ensuring Security and Privacy for Medical Data](https://reader036.vdocuments.site/reader036/viewer/2022062305/568157d6550346895dc55c3b/html5/thumbnails/1.jpg)
MedVault: Ensuring MedVault: Ensuring Security and Privacy Security and Privacy
for Medical Datafor Medical DataMustaque Ahamad, Douglas Mustaque Ahamad, Douglas
Blough, Ling Liu, David Bauer, Blough, Ling Liu, David Bauer, Apurva Mohan, Daisuke Mashima, Apurva Mohan, Daisuke Mashima, Bhuvan Bamba, Balaji Palanisamy, Bhuvan Bamba, Balaji Palanisamy, Ramkumar Krishnan, Italo DacostaRamkumar Krishnan, Italo Dacosta
http://medvault.gtisc.gatech.edu/
![Page 2: MedVault : Ensuring Security and Privacy for Medical Data](https://reader036.vdocuments.site/reader036/viewer/2022062305/568157d6550346895dc55c3b/html5/thumbnails/2.jpg)
Overall Goal
To develop new techniques for the storage, maintenance, and control of sensitive data that permit open sharing among a wide variety of legitimate users while protecting the data against unauthorized use and disclosure.
Key Research Contributions
• Source-verifiability of medical data.• Privacy-conscious data sharing.• Attribute-based authorization to access EMR.• Monitoring EMR data release and usage.
![Page 3: MedVault : Ensuring Security and Privacy for Medical Data](https://reader036.vdocuments.site/reader036/viewer/2022062305/568157d6550346895dc55c3b/html5/thumbnails/3.jpg)
Source Verifiable PHR Repository
Attribute Providers
Request, Attributes Fetch Records
Evaluate Policy
Requester’s Attributes
Patient’s Policy
DecisionFetch Attributes
Request, Attribute ListDecision
Attribute-based policy EngineEMR Sources uploading Data
Hospital
Lab
Personal Devices
Patient’s Agent
Requester’s Agent
Patient’s trust domain
Requester
![Page 4: MedVault : Ensuring Security and Privacy for Medical Data](https://reader036.vdocuments.site/reader036/viewer/2022062305/568157d6550346895dc55c3b/html5/thumbnails/4.jpg)
4
Minimal Disclosure CredentialsMinimal Disclosure Credentials
Identity Provider
Credential
User/Owner
Relying Parties
Partial CredentialPartial Credential
Network
Relying Parties
David Bauer, Douglas M. Blough, David Cash, “Minimal information disclosure with efficiently verifiable credentials”, 2008.
![Page 5: MedVault : Ensuring Security and Privacy for Medical Data](https://reader036.vdocuments.site/reader036/viewer/2022062305/568157d6550346895dc55c3b/html5/thumbnails/5.jpg)
5
Minimal Disclosure using Merkle Hash Minimal Disclosure using Merkle Hash TreesTrees
• Start with a PKI certificate• Replace the flat identity in a certificate with the
root hash of a Merkle hash tree of claims
H(L,R)
H(L,R)
H(C) H(C)
Claim Claim
Root
H(L,R)
H(C) H(C)
Claim Claim
H(L,R)
H(L,R)
H(C) H(C)
Claim Claim
H(L,R)
H(C) H(C)
Claim Claim
H(L,R)
![Page 6: MedVault : Ensuring Security and Privacy for Medical Data](https://reader036.vdocuments.site/reader036/viewer/2022062305/568157d6550346895dc55c3b/html5/thumbnails/6.jpg)
Patient’s Policy
<Resource Id = Chronic Conditions> < Some Combination of Attributes > < Action = Permit >
<Resource Id = Chronic Conditions> < Other Combination of Attributes > < Action = Deny >
<Resource Id = Prescriptions> < Some Combination of Attributes > < Action = Permit >
<Resource Id = Others> < Some Combination of Attributes > < Action = Permit >
PHR Repository
Chronic Conditions
Prescriptions
Others
Patient’s Agent
![Page 7: MedVault : Ensuring Security and Privacy for Medical Data](https://reader036.vdocuments.site/reader036/viewer/2022062305/568157d6550346895dc55c3b/html5/thumbnails/7.jpg)
Examples of policies on viewing patient’s record
1.A doctor can see the whole record
2.An EMT that has been dispatched to an incident involving a patient can see a subset of the patient’s record
3.Any EMT within 1 mile of the incident can see a subset of the record
![Page 8: MedVault : Ensuring Security and Privacy for Medical Data](https://reader036.vdocuments.site/reader036/viewer/2022062305/568157d6550346895dc55c3b/html5/thumbnails/8.jpg)
Apurva Mohan, David Bauer, Douglas M. Blough, Apurva Mohan, David Bauer, Douglas M. Blough, Mustaque Ahamad, Bhuvan Bamba, Ramkumar Mustaque Ahamad, Bhuvan Bamba, Ramkumar
Krishnan, Ling Liu, Daisuke Mashima, Balaji Krishnan, Ling Liu, Daisuke Mashima, Balaji Palanisamy,Palanisamy,
“A Patient-centric, Attribute-based, Source-“A Patient-centric, Attribute-based, Source-verifiable Framework for Health Record verifiable Framework for Health Record
Sharing”, Sharing”,
Technical Report No. GIT-CERCS-09-11,Technical Report No. GIT-CERCS-09-11, 2009.2009.
http://www.cercs.gatech.edu/tech-reports/tr2009/abstracts/11.html
![Page 9: MedVault : Ensuring Security and Privacy for Medical Data](https://reader036.vdocuments.site/reader036/viewer/2022062305/568157d6550346895dc55c3b/html5/thumbnails/9.jpg)
Protecting E-healthcare Client Protecting E-healthcare Client Devices against Malware and Devices against Malware and
Physical TheftPhysical Theft(Position Paper to appear at USENIX HealthSec ’10)(Position Paper to appear at USENIX HealthSec ’10)
Daisuke Mashima, Abhinav Daisuke Mashima, Abhinav Srivastava,Srivastava,
Jonathon Giffin, Mutaque AhamadJonathon Giffin, Mutaque Ahamad
Georgia Institute of TechnologyGeorgia Institute of Technology
![Page 10: MedVault : Ensuring Security and Privacy for Medical Data](https://reader036.vdocuments.site/reader036/viewer/2022062305/568157d6550346895dc55c3b/html5/thumbnails/10.jpg)
Typical ArchitectureTypical Architecture
EMR Request
EMR
User AuthenticationAccess control
• Access control/authentication at EMR repositories is often insufficient.– What if client devices are compromised?
![Page 11: MedVault : Ensuring Security and Privacy for Medical Data](https://reader036.vdocuments.site/reader036/viewer/2022062305/568157d6550346895dc55c3b/html5/thumbnails/11.jpg)
Threats against Client Threats against Client DevicesDevices
• Malware– Compromise of identity credentials
• Key Loggers, etc.
– Disclosure of sensitive medical data• Botnets, etc.
• Physical theft of devices– Misuse of devices to abuse e-healthcare
system
![Page 12: MedVault : Ensuring Security and Privacy for Medical Data](https://reader036.vdocuments.site/reader036/viewer/2022062305/568157d6550346895dc55c3b/html5/thumbnails/12.jpg)
ApproachApproach• Establishing a trusted domain on client
devices by using virtualization technologies– Secure execution environment– Secure storage– Other security features that are tamer-resistant
• Eliminating a single point of attack– Threshold signature scheme– Augmentation by introducing “Authority” and
“Online Monitoring System”
![Page 13: MedVault : Ensuring Security and Privacy for Medical Data](https://reader036.vdocuments.site/reader036/viewer/2022062305/568157d6550346895dc55c3b/html5/thumbnails/13.jpg)
System OverviewSystem Overview
![Page 14: MedVault : Ensuring Security and Privacy for Medical Data](https://reader036.vdocuments.site/reader036/viewer/2022062305/568157d6550346895dc55c3b/html5/thumbnails/14.jpg)
(Brief) Security Analysis(Brief) Security Analysis• Compromise of User VM by Malware
– Credentials and module integrity are protected.– Tamper-resistant FW prevents information
disclosure.
• Physical Theft– Compromised device can not initiate a valid
request without involving the monitoring agent.– Revocation can be done by updating key shares
on the monitoring system and authority
![Page 15: MedVault : Ensuring Security and Privacy for Medical Data](https://reader036.vdocuments.site/reader036/viewer/2022062305/568157d6550346895dc55c3b/html5/thumbnails/15.jpg)
Thank you very much.Thank you very much.
• Reference– MedVault Project
• http://medvault.gtisc.gatech.edu• Douglas Blough et al.
– VM Wall• “Tamper-resistant, Application-aware Blocking of
Malicious Network Connections”• Srivastava et al., RAID 2008
– User-centric Identity-usage Monitoring System• “User-centric Handling of Identity Agent Compromise”• Mashima et al., ESORICS 2009