from enabling to enforcing privacy
play

From Enabling to Enforcing Privacy Naipeng Dong, Hugo Jonker , Jun - PowerPoint PPT Presentation

Oct 21, 2023 •219 likes •546 views

From Enabling to Enforcing Privacy Naipeng Dong, Hugo Jonker , Jun Pang Why privacy for eHealth? Healthcare data: inherently private. Subversion of data processing: dangerous! FHIES, 29-30 August 2011 Hugo Jonker - p. 2/25 Current

  1. From Enabling to Enforcing Privacy Naipeng Dong, Hugo Jonker , Jun Pang

  2. Why privacy for eHealth? ■ Healthcare data: inherently private. ■ Subversion of data processing: dangerous! FHIES, 29-30 August 2011 Hugo Jonker - p. 2/25

  3. Current approaches to privacy in eHealth FHIES, 29-30 August 2011 Hugo Jonker - p. 3/25

  4. patient privacy (1/3): access control ■ Anderson [And98]: restrict #users that access a record, restrict #records accessed by a user. ■ Louwerse [Lou98]: consent-based access control necessary to implement “need-to-know”. ■ Evered et al. [EB04]: minimal disclosure rules: use middle layer. ■ Reid et al. [RCHS03]: RBAC + explicit consent + explicit denial for privacy. ■ Kalam et al. [KBM + 03]: RBAC, TBAC insufficient for context-aware policies. Organisational BAC (OrBAC). ■ Cuppens et al. [CCG07]: inconsistent access rules: rule prioritisation. FHIES, 29-30 August 2011 Hugo Jonker - p. 4/25

  5. patient privacy (2/3): architectural design ■ Ko et al. [KLS + 10]: privacy issues in wireless sensor networks for eHealth. ■ Maglogiannis et al. [MKD09]: patient location privacy via proxies. ■ Chiu et al. [CHCK07]: privacy-aware cross-institution image sharing: RBAC and watermarks. FHIES, 29-30 August 2011 Hugo Jonker - p. 5/25

  6. patient privacy (3/3): cryptographic approaches ■ vd Haak et al. [HWB + 03]: digital signatures, PK authentication. ■ Ateniese et al. [ACM + 03]: patient pseudonyms, method to transform statements on pseudonym a to pseudonym b . ■ Layouni et al. [LVS + 09]: wallet-based credentials for patient control of sensor info. ■ De Decker et al. [DLV08]: Belgian healthcare system compliant system using ZKP , signed proofs of knowledge, bit-commitments. FHIES, 29-30 August 2011 Hugo Jonker - p. 6/25

  7. Doctor privacy ■ Matyáš [Mat98]: prescription analysis while preserving doctor privacy. ■ Ateniese et al. [ACM + 03]: doctor privacy to protect against administrative meddling. ■ De Decker et al. [DLV08]: doctor privacy to prevent bribery. FHIES, 29-30 August 2011 Hugo Jonker - p. 7/25

  8. Survey summary ■ Access control to ensure patient privacy: [And98, Lou98, RCHS03, KBM + 03, EB04, CCG07]. ■ Architectural design for patient privacy: [CHCK07, MKD09, KLS + 10]. ■ Using crypto for patient privacy: [HWB + 03, ACM + 03, LVS + 09, DLV08] FHIES, 29-30 August 2011 Hugo Jonker - p. 8/25

  9. Survey summary ■ Access control to ensure patient privacy: [And98, Lou98, RCHS03, KBM + 03, EB04, CCG07]. ■ Architectural design for patient privacy: [CHCK07, MKD09, KLS + 10]. ■ Using crypto for patient privacy: [HWB + 03, ACM + 03, LVS + 09, DLV08] ■ Doctor privacy: [Mat98, ACM + 03, DLV08] FHIES, 29-30 August 2011 Hugo Jonker - p. 8/25

  10. Survey summary ■ Access control to ensure patient privacy: [And98, Lou98, RCHS03, KBM + 03, EB04, CCG07]. ■ Architectural design for patient privacy: [CHCK07, MKD09, KLS + 10]. ■ Using crypto for patient privacy: [HWB + 03, ACM + 03, LVS + 09, DLV08] ■ Doctor privacy: [Mat98, ACM + 03, DLV08] ■ Much focus on patient privacy, not on doctor privacy. FHIES, 29-30 August 2011 Hugo Jonker - p. 8/25

  11. Sufficient concern for privacy? ■ roles: ■ enforced privacy FHIES, 29-30 August 2011 Hugo Jonker - p. 9/25

  12. Motivation for doctor privacy ■ [ACM + 03]: safeguard against administrative meddling. ■ [DLV08]: prevent bribery by pharmaceutical industry. FHIES, 29-30 August 2011 Hugo Jonker - p. 10/25

  13. Motivation for doctor privacy ■ [ACM + 03]: safeguard against administrative meddling. ■ [DLV08]: prevent bribery by pharmaceutical industry. [Jonker, FHIES’11]: Privacy protection needs no motivation. Privacy invasion needs motivation. FHIES, 29-30 August 2011 Hugo Jonker - p. 10/25

  14. Motivation for doctor privacy ■ [ACM + 03]: safeguard against administrative meddling. ■ [DLV08]: prevent bribery by pharmaceutical industry. [Jonker, FHIES’11]: Privacy protection needs no motivation. Privacy invasion needs motivation. Neither relation with doctors is on equal footing. FHIES, 29-30 August 2011 Hugo Jonker - p. 10/25

  15. Enforced privacy ■ Emerged in voting: vote buying (receipt-freeness) [BT94]. “A voter cannot prove how she voted.” FHIES, 29-30 August 2011 Hugo Jonker - p. 11/25

  16. Enforced privacy ■ Emerged in voting: vote buying (receipt-freeness) [BT94]. “A voter cannot prove how she voted.” ■ Matured in voting: coercion-resistance [JCJ05]. RF+resistance against: - Forced randomised voting. - Forced abstention. - Forced to give up voting credentials. = ⇒ resistance against interactive intruder. = ⇒ no transferable voter-secrets FHIES, 29-30 August 2011 Hugo Jonker - p. 11/25

  17. Enforced privacy ■ Emerged in voting: vote buying (receipt-freeness) [BT94]. “A voter cannot prove how she voted.” ■ Matured in voting: coercion-resistance [JCJ05]. RF+resistance against: - Forced randomised voting. - Forced abstention. - Forced to give up voting credentials. = ⇒ resistance against interactive intruder. = ⇒ no transferable voter-secrets ■ Considered in online auctions: [AS02, CLK03]. FHIES, 29-30 August 2011 Hugo Jonker - p. 11/25

  18. What is enforced privacy? Privacy Enforced privacy • what can the intruder find out? • what can you prove? • observer • prover + verifier • optional: enabling • mandatory: enforcing FHIES, 29-30 August 2011 Hugo Jonker - p. 12/25

  19. EPRIV project “understanding and verifiying enforced privacy” ■ application domain: voting, auctions, healthcare, anonymous routing, . . . . ■ approach: 1. domain-specific case study = ⇒ domain-specific verification framework. 2. specific frameworks = ⇒ domain-independent verification framework. 3. tool support. FHIES, 29-30 August 2011 Hugo Jonker - p. 13/25

  20. Case study: DLV08 ■ formalise protocol in applied π . ■ extract and formalise requirements upon the model. ■ use ProVerif to prove a security. DLV08 requirements: ■ . . . , doctors cannot prove what they prescribed, . . . a limited models where necessary FHIES, 29-30 August 2011 Hugo Jonker - p. 14/25

  21. DLV08 protocols ■ patient-doctor ■ patient-pharmacist ■ pharmacist-MPA ■ MPA-HII ■ IFEB-MPA Doctor not often involved: easy to ensure prescription privacy? FHIES, 29-30 August 2011 Hugo Jonker - p. 15/25

  22. DLV08 protocols ■ patient-doctor ■ patient-pharmacist ■ pharmacist-MPA ■ MPA-HII ■ IFEB-MPA Doctor not often involved: easy to ensure prescription privacy? but a pharmacist also knows things about prescriptions! FHIES, 29-30 August 2011 Hugo Jonker - p. 15/25

  23. Privacy challenges for eHealth Challenge I: Enforced privacy. ■ doctor privacy. . . who else? ■ needs privacy-enforcing protocols and techniques. ■ also needs independent verification framework. FHIES, 29-30 August 2011 Hugo Jonker - p. 16/25

  24. Privacy challenges for eHealth Challenge II: Coalition-enforced privacy. ■ one party may help another wrt unveiling privacy. ■ helper can help either prover or verifier. ■ helping verifier: threshold crypto. helping prover: ??. FHIES, 29-30 August 2011 Hugo Jonker - p. 17/25

  25. Enforced privacy in DLV08 Notation: ■ P dr ( a, a ) : doctor prescribes a , claims to prescribe a . ′ ( a, b ) : doctor prescribes a , claims to prescribe b . ■ P dr Privacy enforced iff: ′ ( b, a ) | P pt | P ph | P mpa | P hii P dr ( a, a ) | P pt | P ph | P mpa | P hii ≈ P dr FHIES, 29-30 August 2011 Hugo Jonker - p. 18/25

  26. Possible directions ■ privacy-strengthening coalitions ■ game-theoretic approaches ■ improving tool support FHIES, 29-30 August 2011 Hugo Jonker - p. 19/25

  27. Conclusions ■ 2 key privacy challenges: - Challenge I: enforced privacy - Challenge II: coalition-enforced privacy ■ formal methods necessary for security ■ initial steps made ■ still some work left. FHIES, 29-30 August 2011 Hugo Jonker - p. 20/25

  28. References [And98] Anderson, R.: A security policy model for clinical information systems. In: Proc. 17th IEEE Symposium on Security and Privacy, IEEE CS (1996) 30–43 [Lou98] Louwerse, K.: The electronic patient record; the management of access – case study: Leiden University hospital. International Journal of Medical Informatics 49 (1998) 39–44 [EB04] Evered, M., Bögeholz, S.: A case study in access control requirements for a health information system. In: Proc. 2nd Australian Information Security Workshop. Volume 32 of Conferences in Research and Practice in Information Technology., Australian Computer Society (2004) 53–61 [RCHS03] Reid, J., Cheong, I., Henricksen, M., Smith, J.: A novel use of rBAC to protect privacy in distributed health care information systems. In: Proc. 8th Australian Conference on Information Security and Privacy. LNCS 2727, Springer (2003) 403–415 FHIES, 29-30 August 2011 Hugo Jonker - p. 21/25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How to get a trustworthy DNS Privacy enabling recursive resolver an analysis of authentication

How to get a trustworthy DNS Privacy enabling recursive resolver an analysis of authentication

How to get a trustworthy DNS Privacy enabling recursive resolver an analysis of authentication mechanisms for DNS Privacy enabling recursive resolvers Benno Overeinder Melinda Shore Willem Toorop Fastly NLnet Labs NLnet Labs (presenter)

321 views • 21 slides
Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does

Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does

Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does privacy end and security begin? What are the responsibilities of an organization to protect their assets while balancing the privacy of those who

980 views • 52 slides
Applications using Erlang Web 2.0 Security & Privacy (W2SP) 2010 May 20, Berkeley,

Applications using Erlang Web 2.0 Security & Privacy (W2SP) 2010 May 20, Berkeley,

Enforcing User Privacy in Web Applications using Erlang Web 2.0 Security & Privacy (W2SP) 2010 May 20, Berkeley, California, USA Ioannis Papagiannis , Matteo Department of Computing Migliavacca, Peter Pietzuch Imperial College London

627 views • 30 slides
Enabling Privacy-Aware Zone Exchanges Among Authoritative and Recursive DNS Servers Nikos

Enabling Privacy-Aware Zone Exchanges Among Authoritative and Recursive DNS Servers Nikos

Enabling Privacy-Aware Zone Exchanges Among Authoritative and Recursive DNS Servers Nikos Kostopoulos, Dimitris Kalogeras and Vasilis Maglaris NET work M anagement & O ptimal De sign ( NETMODE ) Laboratory School of Electrical & Computer

309 views • 17 slides
On Enforcing the Digital Immunity of a Large Humanitarian Organization Stevens Le Blond ,

On Enforcing the Digital Immunity of a Large Humanitarian Organization Stevens Le Blond ,

On Enforcing the Digital Immunity of a Large Humanitarian Organization Stevens Le Blond , Alejandro Cuevas, Juan Ramon Troncoso- Pastoriza, Philipp Jovanovic, Bryan Ford, Jean-Pierre Hubaux 2 Digital immunity Computer security and privacy

872 views • 44 slides
Enforcing Kernel Security Invariants with Data Flow Integrity Chengyu Song , ByoungyoungLee,

Enforcing Kernel Security Invariants with Data Flow Integrity Chengyu Song , ByoungyoungLee,

Enforcing Kernel Security Invariants with Data Flow Integrity Chengyu Song , ByoungyoungLee, Kangjie Lu, William Harris, Taesoo Kim, Wenke Lee Institute for Information Security & Privacy Georgia Tech Kernel Memory Corruption Vulnerability

493 views • 24 slides
LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships Changchang Liu, Prateek

LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships Changchang Liu, Prateek

Outline Introduction LinkMirage Conclusion LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships Changchang Liu, Prateek Mittal Email: cl12@princeton.edu, pmittal@princeton.edu Princeton University February 23, 2016 1 /

917 views • 42 slides
Ease of Doing Business - Enforcing Contracts A localised perspective on the efficacy of

Ease of Doing Business - Enforcing Contracts A localised perspective on the efficacy of

Ease of Doing Business - Enforcing Contracts A localised perspective on the efficacy of enforcing contracts in Malaysia Sabarina Samadi ASEAN INSIDERS 5-6 December 2016 by origin and passion 1 OVERVIEW Introduction to the Malaysian

390 views • 37 slides
Non-Signatories Before and After Arbitration: Compelling Arbitration and Enforcing Awards Panel

Non-Signatories Before and After Arbitration: Compelling Arbitration and Enforcing Awards Panel

Non-Signatories Before and After Arbitration: Compelling Arbitration and Enforcing Awards Panel II Enforcing Awards Speakers: Teddy Baldwin, Steptoe & Johnson LLP Victoria Shannon Sahani , Sandra Day OConnor College of Law at Arizona

404 views • 22 slides
GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Advising, Monitoring, Enforcing European Data Protection Board Art. 68 - 73 (replacing the Art. 29 Working Party) advise Supervisory

626 views • 8 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Hidden Markov Models + Midterm Exam 2 Review Matt Gormley Lecture 19

Hidden Markov Models + Midterm Exam 2 Review Matt Gormley Lecture 19

10 601 Introduction to Machine Learning Machine Learning Department School of Computer Science Carnegie Mellon University Hidden Markov Models + Midterm Exam 2 Review Matt

714 views • 44 slides
Random matrices and Aztec diamonds Kurt Johansson Florence, May, 2015. Domino Tilings of the

Random matrices and Aztec diamonds Kurt Johansson Florence, May, 2015. Domino Tilings of the

Random matrices and Aztec diamonds Kurt Johansson Florence, May, 2015. Domino Tilings of the Aztec Diamond Define an Aztec diamond, A n , as the lattice squares contained in { ( x , y ) : | x | + | y | n + 1 } . Figure: A 4 Domino Tilings of

646 views • 63 slides
next phase of f education and ch childcare considerations, planning and challenges Th The

next phase of f education and ch childcare considerations, planning and challenges Th The

Th The decision fr framework for r th the next phase of f education and ch childcare considerations, planning and challenges Th The evid idence: wha hat we e kno now The R number Critical to any decision to ease lock down is R,

475 views • 13 slides
STP Overview and Long Term Plan Steven Marshall Deputy AO & Director of Strategy&

STP Overview and Long Term Plan Steven Marshall Deputy AO & Director of Strategy&

STP Overview and Long Term Plan Steven Marshall Deputy AO & Director of Strategy& Transformation Wolverhampton CCG Our health and care partnership 1.4 million population across the Black Country and West Birmingham 19

424 views • 18 slides
AGENDA 12:00 5 Introduction Peter Drake, CEO, Water Industry Forum 12:05 10 Introduction

AGENDA 12:00 5 Introduction Peter Drake, CEO, Water Industry Forum 12:05 10 Introduction

How could Digital Twins add value to the water sector? AGENDA 12:00 5 Introduction Peter Drake, CEO, Water Industry Forum 12:05 10 Introduction to Digital Twins & their potential application to the water sector - Neil Walker,

892 views • 40 slides
Brexit The future of EU Law on the curricula Dr Debra Malpass Who we are We protect the public

Brexit The future of EU Law on the curricula Dr Debra Malpass Who we are We protect the public

Brexit The future of EU Law on the curricula Dr Debra Malpass Who we are We protect the public by: Across England and Wales we regulate: Ensuring solicitors meet high standards through education and training 178,340 solicitors

590 views • 21 slides
measurement in the context of the OFFA / HEFCE National Strategy An institutional case study

measurement in the context of the OFFA / HEFCE National Strategy An institutional case study

Evaluation and impact measurement in the context of the OFFA / HEFCE National Strategy An institutional case study Julian Crockford The University of Sheffield BIS National Strategy for Access and Student Success O Whole lifecycle

285 views • 16 slides
SUMMARY & TAKEAWAYS Conferences may not provide the answers but it must help you ask the

SUMMARY & TAKEAWAYS Conferences may not provide the answers but it must help you ask the

SUMMARY & TAKEAWAYS Conferences may not provide the answers but it must help you ask the right questions Conference Statistics Participants Malaysians 275 ASEAN countries 23 Islamic countries 25 Total: 323 Economies are

446 views • 7 slides

More recommend