1 / 33

Performance Measurement and Workflow Impact of Securing Medical Data Using HIPAA Compliant Encryption in a .NET Environm

Performance Measurement and Workflow Impact of Securing Medical Data Using HIPAA Compliant Encryption in a .NET Environment. Master’s Thesis Andrew M. Snyder. Overview. Goals HIPAA Encryptions Prior Work Performance in .NET Recommendation Workflow Model Conclusions and Future Work.

ringo
Download Presentation

Performance Measurement and Workflow Impact of Securing Medical Data Using HIPAA Compliant Encryption in a .NET Environm

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Performance Measurement and Workflow Impact of Securing Medical Data Using HIPAA Compliant Encryption in a .NET Environment Master’s Thesis Andrew M. Snyder

  2. Overview • Goals • HIPAA • Encryptions • Prior Work • Performance in .NET • Recommendation • Workflow Model • Conclusions and Future Work

  3. Goals of the Thesis • Awareness of HIPAA • Distinguish and Compare Managed and Unmanaged Code • New Software Performance in .NET • Recommend an Encryption Algorithm • Predict Workflow Impact on UVA Department of Radiology

  4. HIPAA • Synopsis • The Law • Purpose • Covered Entities • Creation Process • Violations

  5. HIPAA • Sections • Transaction & Code Set • Identifier • Privacy • Security • Administrative Procedures • Physical Safeguards • Technical Safeguards

  6. HIPAA • Impact • Entity Size • Workflow • Approach • Algorithms • Environments • Department of Radiology Model

  7. Federated, Secure Trust Networks • $200,000 Grant from Microsoft • Create a prototype healthcare system adhering to technical HIPAA standards • Utilize .NET and Web Services • Work with the Department of Radiology • Understand implications of encrypted storage and transmission • Solve problems of Authentication, Authorization, and Trust Sharing

  8. Encryptions and Attacks • Symmetric Key • DES • 3-DES • AES • Public Key • RSA

  9. Managed vs. Unmanaged Code • Differences • Unmanaged Code • Native Code • Optimized for a Given Device/Platform • Managed Code • Executed Inside a Container • Translated at Runtime • Memory Management • Garbage Collection

  10. Managed vs. Unmanaged Code • Benefits • Unmanaged Code • Fast • Managed Code • Secure • Memory Safe • Portable

  11. Prior Work • Hardware (FPGA) • Gaj and Chodowiec • AES up to 51.7 MB/s • 3-DES up to 7.4 MB/s • Kaps and Par • DES up to 50 MB/s • Groszschaedl • RSA-1024 up to .25 MB/s

  12. Unmanaged Software Implementation • Aoki and Lipmaa • AES-128 up to 30.4 MB/s • Corella • DES up to 22.8 MB/s • 3-DES up to 9.4 MB/s

  13. Managed Software Implementations • Sterbenz and Lipp • AES-128 up to 2.4 MB/s • DES up to 1.3 MB/s • 3-DES up to .5 MB/s • Wagner • RSA-1024 up to .004 MB/s

  14. Rationale for New Measurements • No Published Body of .NET Cryptography Performance Measurements • Managed and Unmanaged • Performance Gap Between Managed and Unmanaged Code • Shrinking or Growing? • Code Safety Importance • Performance vs. Security

  15. Performance Measurements • Testbed • Computer • Visual Studio .NET 2003 • 3 GHz Pentium 4 • Windows XP • Files (1 B – 68 MB) • Algorithm Key Sizes

  16. Performance Measurements

  17. Performance Measurements

  18. Performance Measurements • Throughputs – 3 GHz • Symmetric • Public Key

  19. Performance Measurements • Analysis • Algorithm Performances • Overhead for Multiple Files • Second Testbed • 600 MHz Pentium 3 • Windows XP

  20. Performance Measurements

  21. Performance Measurements • Throughputs – 600 MHz • Symmetric • Public Key

  22. Performance Measurements • Analysis • Computational Difficulty • Price of Code Safety • Performance vs. Security • Recommendations • Use 256-bit AES • Why? • Implemented in Managed Code • Data Exponentially More Secure • Quantum Computers

  23. Workflow Model • Department of Radiology Model

  24. Workflow Model • Involved Steps

  25. Workflow Model • Resources

  26. Workflow Model • Bottleneck Table – From Resource Allocation Table

  27. Workflow Model • Bottleneck Calculation • B7 = Image Modality Unit Throughput Patients/Hr

  28. Workflow Model • Throughput Results • Sequential System • 7% Performance Degradation • Highly Concurrent System • 5% Performance Degradation • Required Throughput for < 2% Degradation • 17 MB/s (Possible with Unmanaged Code) • Security vs. Performance

  29. Workflow Model • Bounds • Infinite Resources • N / (Te + Ts) • Bottleneck Limit • 1 / Tb • Upper Bound • N / (Te + Ts + (N – 1) * Tb) • Lower Bound • 1 / (Te + Ts) Te = Time Spent Encrypting Ts = Total System Time – Te Tb = Time Spent on Bottleneck Step

  30. Workflow Model • System with Encryption

  31. Workflow Model • System with/without Encryption

  32. Conclusions • Review of HIPAA Regulations • Analyzed International Standards of Encryption • Performance Measurements • Recommend 256-bit AES • Workflow • 5%-7% Performance Degradation • Security Concerns Outweigh Performance

  33. Future Work • More Performance Measurements • Auditing • Authorization • Cost Analysis • Other Workflow Models • Papers • Alfred Weaver, Sam Dwyer, Andrew Snyder. “Federated, Secure Trust Networks for Distributed Healthcare IT Services”. 1st IEEE Conference on Industrial Informatics (INDIN ’03) Banff, Alberta, Canada. August 21-24, 2003. (Accepted) • Andrew Snyder, Alfred Weaver. “E-Logistics of Securing Distributed Medical Data”. (INDIN’03) (Accepted) • Demo • Microsoft Faculty Summit. Redmond, WA. July 27-29,2003.

More Related