Presentation on theme: "MedVault: Ensuring Security and Privacy for Medical Data Mustaque Ahamad, Douglas Blough, Ling Liu, David Bauer, Apurva Mohan, Daisuke Mashima, Bhuvan."— Presentation transcript:
MedVault: Ensuring Security and Privacy for Medical Data Mustaque Ahamad, Douglas Blough, Ling Liu, David Bauer, Apurva Mohan, Daisuke Mashima, Bhuvan Bamba, Balaji Palanisamy, Ramkumar Krishnan, Italo Dacosta
Overall Goal To develop new techniques for the storage, maintenance, and control of sensitive data that permit open sharing among a wide variety of legitimate users while protecting the data against unauthorized use and disclosure. Key Research Contributions Source-verifiability of medical data. Privacy-conscious data sharing. Attribute-based authorization to access EMR. Monitoring EMR data release and usage.
4 Minimal Disclosure Credentials Identity Provider Credential User/Owner Relying Parties Partial Credential Network Relying Parties David Bauer, Douglas M. Blough, David Cash, “Minimal information disclosure with efficiently verifiable credentials”, 2008.
5 Minimal Disclosure using Merkle Hash Trees Start with a PKI certificate Replace the flat identity in a certificate with the root hash of a Merkle hash tree of claims H(L,R) H(C) Claim Root H(L,R) H(C) Claim H(L,R) H(C) Claim H(L,R) H(C) Claim H(L,R)
Examples of policies on viewing patient’s record 1.A doctor can see the whole record 2.An EMT that has been dispatched to an incident involving a patient can see a subset of the patient’s record 3.Any EMT within 1 mile of the incident can see a subset of the record
Apurva Mohan, David Bauer, Douglas M. Blough, Mustaque Ahamad, Bhuvan Bamba, Ramkumar Krishnan, Ling Liu, Daisuke Mashima, Balaji Palanisamy, “ A Patient-centric, Attribute-based, Source- verifiable Framework for Health Record Sharing ”, Technical Report No. GIT-CERCS-09-11,
Protecting E-healthcare Client Devices against Malware and Physical Theft (Position Paper to appear at USENIX HealthSec ’ 10) Daisuke Mashima, Abhinav Srivastava, Jonathon Giffin, Mutaque Ahamad Georgia Institute of Technology
Typical Architecture EMR Request EMR User Authentication Access control Access control/authentication at EMR repositories is often insufficient. –What if client devices are compromised?
Threats against Client Devices Malware –Compromise of identity credentials Key Loggers, etc. –Disclosure of sensitive medical data Botnets, etc. Physical theft of devices –Misuse of devices to abuse e-healthcare system
Approach Establishing a trusted domain on client devices by using virtualization technologies –Secure execution environment –Secure storage –Other security features that are tamer-resistant Eliminating a single point of attack –Threshold signature scheme –Augmentation by introducing “ Authority ” and “ Online Monitoring System ”
(Brief) Security Analysis Compromise of User VM by Malware –Credentials and module integrity are protected. –Tamper-resistant FW prevents information disclosure. Physical Theft –Compromised device can not initiate a valid request without involving the monitoring agent. –Revocation can be done by updating key shares on the monitoring system and authority
Thank you very much. Reference –MedVault Project Douglas Blough et al. –VM Wall “ Tamper-resistant, Application-aware Blocking of Malicious Network Connections ” Srivastava et al., RAID 2008 –User-centric Identity-usage Monitoring System “ User-centric Handling of Identity Agent Compromise ” Mashima et al., ESORICS 2009