Upload
zdravko-danailov
View
225
Download
1
Tags:
Embed Size (px)
DESCRIPTION
The processes of back-up and recovery of emergency data play an important role within the Telematics system. Their completion has to be executed completely secure with no risk of a data loss and preserving the privacy of the patient. In this paper we will take a look at the existing/proposed scenario for back-up/recovery of emergency data and discuss the problems by its implementation. In order to improve this scenario and solve the problems we will put forward a new scenario.
Citation preview
Privacy Preserving Back-up and
Recovery of Emergency Data
Seminar on System Security for Master
SS2010
Zdravko Danailov
Outline
�Introduction�The Telematics infrastructure
�Electronic Health Card
�Health Professional Card
�Hardware Security Module
�Emergency data
�Existing/ proposed solution for Back-up/Recovery of
Privacy Preserving Back-up and Recovery of Emergency Data 2
Zdravko Danailov
�Existing/ proposed solution for Back-up/Recovery of emergency data�Existing/proposed solution
�Disadvantages�Renewing of the eHC (lost, defect or expired)
�Recovery of emergency data on the eHC
�Krawczyk’s Secret Sharing Scheme
�Our proposal solution
�Conclusion
Basics: The Telematics infrastructure
Privacy Preserving Back-up and Recovery of Emergency Data 3
Zdravko Danailov
�Overview of the entire architecture
�Primary systems architecture
Basics: Electronic Health Card (eHC)
Privacy Preserving Back-up and Recovery of Emergency Data 4
Zdravko Danailov
�eHC�Solution design by the Fraunhofer Institute
�Chip card (HSM)
�Content (emergency data, ePrescription)
Basics: Health Professional Card (HPC)
Privacy Preserving Back-up and Recovery of Emergency Data 5
Zdravko Danailov
�HPC�Solution design by “Elektronischer Arztausweis”-work group
�individually programmed access authorization card for health professionals (e.g. doctors, pharmacists)
�Doctor-to-doctor Method (D2D)�Doctor-to-doctor Method (D2D)
�Creation of medicament documentation via the web-based software star.net®
Basics: Hardware Security Module (HSM)
Privacy Preserving Back-up and Recovery of Emergency Data 6
Zdravko Danailov
�HSM�Use as card (eHC, HPC) or eHC chip card terminal
�Connection via USB-port or serial interface
Basics: Emergency data
Privacy Preserving Back-up and Recovery of Emergency Data 7
Zdravko Danailov
�Emergency data�relevant diagnoses, medication or allergy/ intolerance
Emergency data�declaration for organs’ spending
Outline
�Introduction�The Telematics infrastructure
�Electronic Health Card
�Health Professional Card
�Hardware Security Module
�Emergency data
�Existing/ proposed solution for Back-up/Recovery
Privacy Preserving Back-up and Recovery of Emergency Data 8
Zdravko Danailov
�Existing/ proposed solution for Back-up/Recovery of emergency data�Existing/proposed solution
�Disadvantages�Renewing of the eHC (lost, defect or expired)
�Recovery of emergency data on the eHC
�Krawczyk’s Secret Sharing Scheme
�Our proposal solution
�Conclusion
Existing/ proposed solution: Overview
�Overview� Person involved: patient, doctor, paramedic
�HSM: chip cards – eHC, HPC; chip card terminal;
� Processing emergency data: Back-up, Recovery, Update
Privacy Preserving Back-up and Recovery of Emergency Data 9
Zdravko Danailov
Existing/ proposed solution by gematik
Privacy Preserving Back-up and Recovery of Emergency Data 10
Zdravko Danailov
�Authentication
�Processing of emergency data
�Creating Back-up (on A4 �Creating Back-up (on A4 paper or in local database)
�Recovery of emergency data on eHC
Disadvantages of the solution: Renewing of the eHC(lost, defect or expired)
�Renewing of the eHC (lost, defect or expired)
�Obtaining the emergency data from A4 paper
�Creation of A4 paper with emergency data – optional
�A4 paper – lost, stolen or deleted
�Exposing of private data
�Obtaining the emergency data from primary system’s database
�Temporary Back-up may be: 1.deleted 2.not accessible
Privacy Preserving Back-up and Recovery of Emergency Data 11
Zdravko Danailov
Disadvantages of the solution: Recovery of emergency data on the eHC
Privacy Preserving Back-up and Recovery of Emergency Data 12
Zdravko Danailov
�Recovery of emergency data on the eHC
�Obtaining the emergency data from A4 paper
�Creation of A4 paper with emergency data – optional
�A4 paper – lost, stolen or deleted
�Exposing of private data
�Obtaining the emergency data from primary system’s database
�Temporary Back-up may be: 1.deleted 2.not accessible
Outline
�Introduction�The Telematics infrastructure
�Electronic Health Card
�Health Professional Card
�Hardware Security Module
�Emergency data
�Existing/ proposed solution for Back-up/Recovery of
Privacy Preserving Back-up and Recovery of Emergency Data 13
Zdravko Danailov
�Existing/ proposed solution for Back-up/Recovery of emergency data�Existing/proposed solution
�Disadvantages�Renewing of the eHC (lost, defect or expired)
�Recovery of emergency data on the eHC
�Krawczyk’s Secret Sharing Scheme
�Our proposal solution
�Conclusion
Secret Sharing Scheme (SS)
Privacy Preserving Back-up and Recovery of Emergency Data 14
Zdravko Danailov
�Secret Sharing Scheme (n,m)
� Invented by both Adi Shamir and George Blackley independently of each other in 1979
�Method for distribution of a secret S among a group of n-participants
�Reconstruction is possible only when a sufficient number of shares are combined together
Shamir’s Secret Sharing Scheme
Privacy Preserving Back-up and Recovery of Emergency Data 15
Zdravko Danailov
�Shamir’s Secret Sharing Scheme (n,t)�Based on polynomial interpolation
�Distribution
� polynomial of degree t-1, secret S = k0, coefficients kt-1,…,k1 picked at random
� n points on the curve; n participants
�Reconstruction
� at least t out of the n players reveal their points
� sufficient information
� secret S
� information-theoretically secure
� storage efficient
� Size of shares = size of secret |S|
Information Dispersal Scheme (IDS)
�Information Dispersal Scheme (n,m)
�Based on error correcting codes (e.g. Reed-Solomon Code)
Privacy Preserving Back-up and Recovery of Emergency Data 16
Zdravko Danailov
�Method for distribution of information F among a group of n-participants
�Reconstruction is possible when sufficient number of fragments (≥m) are combined together
�Secrecy is not important
�size of fragments =
Krawczyk’s Secret Sharing Scheme
Privacy Preserving Back-up and Recovery of Emergency Data 17
Zdravko Danailov
�Krawczyk’s Secret Sharing Scheme (n,m)
�Combination of SS and IDS
�computationally secure
� less storage and bandwidth in comparison to Shamir’s SS
�size of shares = |si| <|S|
Outline
�Introduction�The Telematics infrastructure
�Electronic Health Card
�Health Professional Card
�Hardware Security Module
�Emergency data
�Existing/ proposed solution for Back-up/Recovery of
Privacy Preserving Back-up and Recovery of Emergency Data 18
Zdravko Danailov
�Existing/ proposed solution for Back-up/Recovery of emergency data�Existing/proposed solution
�Disadvantages�Renewing of the eHC (lost, defect or expired)
�Recovery of emergency data on the eHC
�Krawczyk’s Secret Sharing Scheme
�Our proposal solution
�Conclusion
Our proposal solution: Overview
�Overview� Person involved: patient, doctor, paramedic
�HSM: chip cards – eHC, HPC; chip card terminal;
Privacy Preserving Back-up and Recovery of Emergency Data 19
Zdravko Danailov
�Properties� tolerate no non-availability
�preserve privacy
�no encryption but secret sharing
Our proposal solution: Back-up
�Back-up of emergency data�Authentication (via e.g. ID-patient/ ID-doctor, ID-eHC/ID-HPC,
Fingerprints, different types of digital signatures, PIN, etc.)
�Complete the form for emergency data and/ or form for organs’ donation
�Confirmation of the data, e.g. via fingerprint by the patient and doctor
�Back-up
� using Krawczyk’s SS – executed online via e.g. VPN
Privacy Preserving Back-up and Recovery of Emergency Data 20
Zdravko Danailov
� using Krawczyk’s SS – executed online via e.g. VPN
� using a portable device (e.g. USB-Stick) – executed offline
Our proposal solution: Recovery
�Recovery of emergency data�Authentication (via e.g. ID-patient/ ID-doctor, ID-eHC/ID-HPC,
Fingerprints, different types of digital signatures, PIN) on HSM
�Recovery of emergency data is possible
� using Krawczyk’s SS – executed online via e.g. VPN, from every “true”/ authorized doctor or medical person
� using a portable device (e.g. USB-Stick) – executed offline
Privacy Preserving Back-up and Recovery of Emergency Data 21
Zdravko Danailov
Outline
�Introduction�The Telematics infrastructure
�Electronic Health Card
�Health Professional Card
�Hardware Security Module
�Emergency data
�Existing/ proposed solution for Back-up/Recovery of
Privacy Preserving Back-up and Recovery of Emergency Data 22
Zdravko Danailov
�Existing/ proposed solution for Back-up/Recovery of emergency data�Existing/proposed solution
�Disadvantages�Renewing of the eHC (lost, defect or expired)
�Recovery of emergency data on the eHC
�Krawczyk’s Secret Sharing Scheme
�Our proposal solution
�Conclusion
Conclusion
�Our proposal solution
�minimizes the exposition of privite data
�tolerates no non-availability
�offers better alternatives for back-up and recovery of
Privacy Preserving Back-up and Recovery of Emergency Data 23
Zdravko Danailov
�offers better alternatives for back-up and recovery of emergency data
�uses no encryption but secret sharing
�computationally secure
�information-theoretically unsecure
Thank You!
Privacy Preserving Back-up and Recovery of Emergency Data 24
Zdravko Danailov
Thank You!