Presentation is loading. Please wait.

Presentation is loading. Please wait.

Telemedizin WS 08/09 Data Security 1 Worzyk FH Anhalt Data Security and Cryptography Legal data protection Risk analysis and IT Baseline Protection Data.

Similar presentations


Presentation on theme: "Telemedizin WS 08/09 Data Security 1 Worzyk FH Anhalt Data Security and Cryptography Legal data protection Risk analysis and IT Baseline Protection Data."— Presentation transcript:

1 Telemedizin WS 08/09 Data Security 1 Worzyk FH Anhalt Data Security and Cryptography Legal data protection Risk analysis and IT Baseline Protection Data security Cryptography Smart card

2 Telemedizin WS 08/09 Data Security 2 Worzyk FH Anhalt Data Security and Cryptography Data protection, Privacy (legal) Protection of personal data Protection of persons against not authorized processing of data concerning that person Data Security (technical) Protection against Loss, dammage Not authorised reading, changing

3 Telemedizin WS 08/09 Data Security 3 Worzyk FH Anhalt Data protection Legal data protection interdiction with conditionally allowance German Data Protection Act Federal State Data Protection Act special Data Protection Act : Gesundheitsstrukturgesetz (health structure act) Personalvertretungsgesetz (staff / workers council Data Protection Act )

4 Telemedizin WS 08/09 Data Security 4 Worzyk FH Anhalt

5 Telemedizin WS 08/09 Data Security 5 Worzyk FH Anhalt

6 Telemedizin WS 08/09 Data Security 6 Worzyk FH Anhalt

7 Telemedizin WS 08/09 Data Security 7 Worzyk FH Anhalt Privacy failure - an example The Hampshire hospital system provides a good example of the failure to fully address privacy issues raised by information technology in the National Health Service (NHS). Because the then health minister held the constituency of Winchester (in Hampshire), new information technology systems were implemented more quickly there than elsewhere. These new systems had the feature that all laboratory tests ordered by general practitioners were entered into a hospital information system, which made them available to all staff on the wards and to consultants in the outpatient department. The stated goal was to cut down on duplicate testing; but the effect was that even highly sensitive matters such as HIV and pregnancy test results were no longer restricted to a handful of people (the general practitioner, practice secretary, the pathologist and the lab technician), but were widely available. As with the London Ambulance Service, a timely warning of impending disaster was ignored, and the system duly went live on schedule. A nurse who had had a test done by her general practitioner complained to him after she found the result on the hospital system at Basingstoke where she worked; this caused outrage among local general practitioners and other medical staff, and may have contributed to the health minister's loss of his seat at the 1997 general election. The eventual outcome was that the relevant parts of the system were turned off at some hospitals.

8 Telemedizin WS 08/09 Data Security 8 Worzyk FH Anhalt Data Security safety requirements Reproduction of destroyed data complete, fast, consistent Substitution of destroyed processes Backup of destroyed hardware Backup of programs Protection of the communication Not authorised reading, changing

9 Telemedizin WS 08/09 Data Security 9 Worzyk FH Anhalt IT Baseline Protection Federal Office for Information Security Consulting of Federal- State- and Local authorities

10 Telemedizin WS 08/09 Data Security 10 Worzyk FH Anhalt Uninterruptable Power supply (UPS) Which devices shall be supplied? –Server –Disks –Clients –Network How long ? –Only for shutdown –Continue the appliations

11 Telemedizin WS 08/09 Data Security 11 Worzyk FH Anhalt emergency power supply vereinigung.at/musterhaus/notstrom.htm aggregate.de/FrameProdukte.htm Stationärer Stromerzeuger 800 kVA Für die Notstromversorgung eines Krankenhauses

12 Telemedizin WS 08/09 Data Security 12 Worzyk FH Anhalt Our UPS Server + Monitor 1kW Disks 3*1.5 kW USV ca. 7 kW for 15 Minutes At a power failure the UPS signals an interrupt to the CPU which shuts down UPS must support the operating system!

13 Telemedizin WS 08/09 Data Security 13 Worzyk FH Anhalt Downtime 24 hours operation on 7 days means:

14 Telemedizin WS 08/09 Data Security 14 Worzyk FH Anhalt Causes of failure

15 Telemedizin WS 08/09 Data Security 15 Worzyk FH Anhalt attacks on the communication Man-in-the-middle the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection when in fact the entire conversation is controlled by the attacker. Spoofing-Attacke a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage Denial-of-Service make a computer resource unavailable to its intended users Replay data transmission is maliciously or fraudulently repeated or delayed Combination of attacks

16 Telemedizin WS 08/09 Data Security 16 Worzyk FH Anhalt Protection against attacks Firewall Encryption Authentication non-repudiation Reception control

17 Telemedizin WS 08/09 Data Security 17 Worzyk FH Anhalt Firewall Computer between the internet and the local network. It analyses the data stream and locks or opens the passage depending on the services, addressee and sender.

18 Telemedizin WS 08/09 Data Security 18 Worzyk FH Anhalt Firewall Local network firewall local Web Server Internet e.g. library All access allowed e.g. department certain access allowed e.g. department No access allowed

19 Telemedizin WS 08/09 Data Security 19 Worzyk FH Anhalt encryption Cryptology Science of coding messages Cryptography Mapping a message on an incomprehensible text Cryptoanalysis Decryption of an incomprehensible text Steganography Hiding a message in a harmless text

20 Telemedizin WS 08/09 Data Security 20 Worzyk FH Anhalt

21 Telemedizin WS 08/09 Data Security 21 Worzyk FH Anhalt Skytale D I N A N D S D E G E R O T H L S O D I E B C H E H L N I D D N A E D S R E G H T O O S L E I D H C B L H E E I F F I E

22 Telemedizin WS 08/09 Data Security 22 Worzyk FH Anhalt Cäsar Chiffre DERSCHATZLIEGTINEINEMEISENKASTEN ABCDEFGHIJKLMNOPQRSTUVWXYZ FGTUEJCVBNKGVKPGKGOGKUGPMCUVGP

23 Telemedizin WS 08/09 Data Security 23 Worzyk FH Anhalt Cäsar Chiffre Decoding by counting the frequency of letters DERSCHATZLIEGTINEINEMEISENKASTEN FGTUEJCVBNKGVKPGKGOGKUGPMCUVGP

24 Telemedizin WS 08/09 Data Security 24 Worzyk FH Anhalt Frequency of letters

25 Telemedizin WS 08/09 Data Security 25 Worzyk FH Anhalt Ciphering symmetric key plain text Encryption plain text Cipher text Decryption Key Exchange of keys

26 Telemedizin WS 08/09 Data Security 26 Worzyk FH Anhalt Ciphering asymmetric key Plain Text Encryption Plain Text Cipher text Decryption Pub BobP Bob Pub Bob Certificate Authorities Public key AliceBob Pub Alice Pub Private key P Alice Private key P Bob %&G(= Plain Text Pub Alice

27 Telemedizin WS 08/09 Data Security 27 Worzyk FH Anhalt RSA-CIPHER Rivest Shamir Aldeman required: two prime numbers p,q => Public key (encrypt) n = p*q e relatively prime with (p-1)*(q-1) Private Key d with d*e = 1 mod(p-1)*(q-1) encrypt: c = m e mod n decrypt: m = c d mod n

28 Telemedizin WS 08/09 Data Security 28 Worzyk FH Anhalt RSA-Example p = 47; q = 59; p*q = n = 2773 (p-1) * (q-1) = 46*58 = 2668 e*d = 1 mod 2668 (e*d) / 2668 Rest 1 n = 2773; e = 17; d = 157 HALLO... => mod 2773 = mod 2773 = mod 2773 = mod 2773 = 1212

29 Telemedizin WS 08/09 Data Security 29 Worzyk FH Anhalt RSA-CIPHER time to decipher DigitsBitsYearComputerDurationcpu ; 300MHz1 Monat9 Jahre ,7 Monate 37,5 Jahre Tage ; 2.2 GHz3 Monate 55 Jahre The RSA Factoring Challenge

30 Telemedizin WS 08/09 Data Security 30 Worzyk FH Anhalt Pretty Good Privacy sending message checksum Digital Signatur Private key of sender Symmetric key Public key of receiver Random number Encrypted Random number Encrypted message

31 Telemedizin WS 08/09 Data Security 31 Worzyk FH Anhalt Pretty Good Privacy receiving message checksum Digitale Signatur Private key of receiver Symmetric key Public key of sender Random number Encrypted Random number Encrypted message checksum = ?

32 Telemedizin WS 08/09 Data Security 32 Worzyk FH Anhalt Digital Signatur procedure Document Checksum Hashfunktion Signatur Private key Document Signatur Storage Document Checksum Signatur Public key Checksum ?=?= Hashfunktion

33 Telemedizin WS 08/09 Data Security 33 Worzyk FH Anhalt Roles of a Signature Closing Identity Authenticity Evidence Inhibition threshold

34 Telemedizin WS 08/09 Data Security 34 Worzyk FH Anhalt Regulation concerning Digital Signatur (Signaturverordnung - SigV) § 16 Anforderungen an die technischen Komponenten (1) Die zur Erzeugung von Signaturschlüsseln erforderlichen technischen Komponenten müssen so beschaffen sein, daß ein Schlüssel mit an Sicherheit grenzender Wahrscheinlichkeit nur einmal vorkommt und aus dem öffentlichen Schlüssel nicht der private Schlüssel errechnet werden kann. Die Geheimhaltung des privaten Schlüssels muß gewährleistet sein und er darf nicht dupliziert werden können. Sicherheitstechnische Veränderungen an den technischen Komponenten müssen für den Nutzer erkennbar werden.

35 Telemedizin WS 08/09 Data Security 35 Worzyk FH Anhalt Regulation concerning Digital Signatur The technical components which are necessary for the production of signature keys must be in a condition that a key will appear only once and that a private key can not be calculated from the public key. The privacy of the private key must be ensured and it should be not possible to dublicate the key. Safety-relevant changes in the technical components must become recognizable for the user.

36 Telemedizin WS 08/09 Data Security 36 Worzyk FH Anhalt Realisation of SigG, SigV und SigRL Linking the public key to its owner Safe storage of the private key Building of the digital signature in a safe environment uniqueness of the key

37 Telemedizin WS 08/09 Data Security 37 Worzyk FH Anhalt certificate A certificate links a public key to a specific person A reliable third party (Certification Authority - CA) signs these data The public key of the CA is known Serial number Name of the owner Public key of the owner... Signatur of CA

38 Telemedizin WS 08/09 Data Security 38 Worzyk FH Anhalt Certification Authority Die Erteilung von Genehmigungen und die Ausstellung von Zertifikaten, die zum Signieren von Zertifikaten eingesetzt werden, sowie die Überwachung der Einhaltung dieses Gesetzes und der Rechtsverordnung nach § 16 obliegen der Behörde nach § 66 des Telekommunikationsgesetzes Bundesnetzagentur

39 Telemedizin WS 08/09 Data Security 39 Worzyk FH Anhalt Kinds of digital signatures Simple Signature Sign under the document scanned signature elektronic business card Uncontrolled use, no authenticity

40 Telemedizin WS 08/09 Data Security 40 Worzyk FH Anhalt Kinds of digital signatures advanced Signature exclusively related to the key owner Permits the identification of the key owner Is generated under the exclusive control of the key owner Is related to the signed data in that kind that subsequent change of the data can be detected examples: PGP, Verisign, Sphinx May be used inhouse

41 Telemedizin WS 08/09 Data Security 41 Worzyk FH Anhalt Kinds of digital signatures Qualified Signature without accreditation of provider advanced Signature with: –A certificate which is valide at the time of signature –Created with a safe program to create signature keys The provider registers at Bundesnetzagentur, but will not be reviewed periodically

42 Telemedizin WS 08/09 Data Security 42 Worzyk FH Anhalt Kinds of digital signatures Qualified Signature without accreditation of provider Qualified Signature The provider will be checked by Bundesnetzagentur Longterm reliability is ensured The signature is equivalent to a signature by hand and the opponent must prove that it is forged

43 Telemedizin WS 08/09 Data Security 43 Worzyk FH Anhalt Smart card for the Digital Signatur tamper-proof and confidential storage security relevant operations are executed on the smart card Simple transport and high availability Highly accepted

44 Telemedizin WS 08/09 Data Security 44 Worzyk FH Anhalt Smart card Mikrocontroller CPU + Co-Prozessor (Crypto-Unit) RAM (~2k), ROM (~32k) und EEPROM (~32k.. 64k) I/O Crypto Unit CPU I/O System RAM ROM EEPROM

45 Telemedizin WS 08/09 Data Security 45 Worzyk FH Anhalt Data Security and Cryptography Legal data protection IT Baseline Protection attacks on the communication Symmetric - asymmetric encryption Digital signature Smart cards


Download ppt "Telemedizin WS 08/09 Data Security 1 Worzyk FH Anhalt Data Security and Cryptography Legal data protection Risk analysis and IT Baseline Protection Data."

Similar presentations


Ads by Google