1 / 15

MedVault : Ensuring Security and Privacy for Medical Data

MedVault : Ensuring Security and Privacy for Medical Data. Mustaque Ahamad, Douglas Blough, Ling Liu, David Bauer, Apurva Mohan, Daisuke Mashima, Bhuvan Bamba, Balaji Palanisamy, Ramkumar Krishnan, Italo Dacosta. http://medvault.gtisc.gatech.edu/. Overall Goal

terra
Download Presentation

MedVault : Ensuring Security and Privacy for Medical Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MedVault: Ensuring Security and Privacy for Medical Data Mustaque Ahamad, Douglas Blough, Ling Liu, David Bauer, Apurva Mohan, Daisuke Mashima, Bhuvan Bamba, Balaji Palanisamy, Ramkumar Krishnan, Italo Dacosta http://medvault.gtisc.gatech.edu/

  2. Overall Goal To develop new techniques for the storage, maintenance, and control of sensitive data that permit open sharing among a wide variety of legitimate users while protecting the data against unauthorized use and disclosure. Key Research Contributions • Source-verifiability of medical data. • Privacy-conscious data sharing. • Attribute-based authorization to access EMR. • Monitoring EMR data release and usage.

  3. EMR Sources uploading Data Attribute-based policy Engine Attribute Providers Patient’s Policy Evaluate Policy Hospital Requester’s Attributes Decision Fetch Attributes Lab Decision Request, Attribute List Request, Attributes Fetch Records Requester’s Agent Patient’s Agent Source Verifiable PHR Repository Personal Devices Patient’s trust domain Requester

  4. Minimal Disclosure Credentials Credential User/Owner Identity Provider Network Partial Credential Partial Credential Relying Parties Relying Parties David Bauer, Douglas M. Blough, David Cash, “Minimal information disclosure with efficiently verifiable credentials”, 2008.

  5. Minimal Disclosure using Merkle Hash Trees • Start with a PKI certificate • Replace the flat identity in a certificate with the root hash of a Merkle hash tree of claims Root H(L,R)‏ H(L,R)‏ H(L,R)‏ H(L,R)‏ H(L,R)‏ H(L,R)‏ H(L,R)‏ H(C)‏ H(C)‏ H(C)‏ H(C)‏ H(C)‏ H(C)‏ H(C)‏ H(C)‏ Claim Claim Claim Claim Claim Claim Claim Claim

  6. Patient’s Agent PHR Repository Chronic Conditions Prescriptions Others Patient’s Policy <Resource Id = Chronic Conditions> < Some Combination of Attributes > < Action = Permit > <Resource Id = Chronic Conditions> < Other Combination of Attributes > < Action = Deny > <Resource Id = Prescriptions> < Some Combination of Attributes > < Action = Permit > <Resource Id = Others> < Some Combination of Attributes > < Action = Permit >

  7. Examples of policies on viewing patient’s record A doctor can see the whole record An EMT that has been dispatched to an incident involving a patient can see a subset of the patient’s record Any EMT within 1 mile of the incident can see a subset of the record

  8. Apurva Mohan, David Bauer, Douglas M. Blough, Mustaque Ahamad, Bhuvan Bamba, Ramkumar Krishnan, Ling Liu, Daisuke Mashima, Balaji Palanisamy,“A Patient-centric, Attribute-based, Source-verifiable Framework for Health Record Sharing”, Technical Report No. GIT-CERCS-09-11,2009. http://www.cercs.gatech.edu/tech-reports/tr2009/abstracts/11.html

  9. Protecting E-healthcare Client Devices against Malware and Physical Theft(Position Paper to appear at USENIX HealthSec ’10) Daisuke Mashima, Abhinav Srivastava, Jonathon Giffin, Mutaque Ahamad Georgia Institute of Technology

  10. Typical Architecture EMR Request EMR User Authentication Access control • Access control/authentication at EMR repositories is often insufficient. • What if client devices are compromised?

  11. Threats against Client Devices • Malware • Compromise of identity credentials • Key Loggers, etc. • Disclosure of sensitive medical data • Botnets, etc. • Physical theft of devices • Misuse of devices to abuse e-healthcare system

  12. Approach • Establishing a trusted domain on client devices by using virtualization technologies • Secure execution environment • Secure storage • Other security features that are tamer-resistant • Eliminating a single point of attack • Threshold signature scheme • Augmentation by introducing “Authority” and “Online Monitoring System”

  13. System Overview

  14. (Brief) Security Analysis • Compromise of User VM by Malware • Credentials and module integrity are protected. • Tamper-resistant FW prevents information disclosure. • Physical Theft • Compromised device can not initiate a valid request without involving the monitoring agent. • Revocation can be done by updating key shares on the monitoring system and authority

  15. Thank you very much. • Reference • MedVault Project • http://medvault.gtisc.gatech.edu • Douglas Blough et al. • VM Wall • “Tamper-resistant, Application-aware Blocking of Malicious Network Connections” • Srivastava et al., RAID 2008 • User-centric Identity-usage Monitoring System • “User-centric Handling of Identity Agent Compromise” • Mashima et al., ESORICS 2009

More Related