An architecture for secure data management in medical research and aided diagnosis

Programa Oficial de Doutoramento en Tecnoloxías da Información e as Comunicacións. 5032V01[Resumo] O Regulamento Xeral de Proteccion de Datos (GDPR) implantouse o 25 de maio de 2018 e considerase o desenvolvemento mais importante na regulacion da privacidade de datos dos ultimos 20 anos. As multas fortes definense por violar esas regras e non e algo que os centros sanitarios poidan permitirse ignorar. O obxectivo principal desta tese e estudar e proponer unha capa segura/integracion para os curadores de datos sanitarios, onde: a conectividade entre sistemas illados (localizacions), a unificacion de rexistros nunha vision centrada no paciente e a comparticion de datos coa aprobacion do consentimento sexan as pedras angulares de a arquitectura controlar a sua identidade, os perfis de privacidade e as subvencions de acceso. Ten como obxectivo minimizar o medo a responsabilidade legal ao compartir os rexistros medicos mediante o uso da anonimizacion e facendo que os pacientes sexan responsables de protexer os seus propios rexistros medicos, pero preservando a calidade do tratamento do paciente. A nosa hipotese principal e: os conceptos Distributed Ledger e Self-Sovereign Identity son unha simbiose natural para resolver os retos do GDPR no contexto da saude? Requirense solucions para que os medicos e investigadores poidan manter os seus fluxos de traballo de colaboracion sen comprometer as regulacions. A arquitectura proposta logra eses obxectivos nun ambiente descentralizado adoptando perfis de privacidade de datos illados.[Resumen] El Reglamento General de Proteccion de Datos (GDPR) se implemento el 25 de mayo de 2018 y se considera el desarrollo mas importante en la regulacion de privacidad de datos en los ultimos 20 anos. Las fuertes multas estan definidas por violar esas reglas y no es algo que los centros de salud puedan darse el lujo de ignorar. El objetivo principal de esta tesis es estudiar y proponer una capa segura/de integración para curadores de datos de atencion medica, donde: la conectividad entre sistemas aislados (ubicaciones), la unificacion de registros en una vista centrada en el paciente y el intercambio de datos con la aprobacion del consentimiento son los pilares de la arquitectura propuesta. Esta propuesta otorga al titular de los datos un rol central, que le permite controlar su identidad, perfiles de privacidad y permisos de acceso. Su objetivo es minimizar el temor a la responsabilidad legal al compartir registros medicos utilizando el anonimato y haciendo que los pacientes sean responsables de proteger sus propios registros medicos, preservando al mismo tiempo la calidad del tratamiento del paciente. Nuestra hipotesis principal es: .son los conceptos de libro mayor distribuido e identidad autosuficiente una simbiosis natural para resolver los desafios del RGPD en el contexto de la atencion medica? Se requieren soluciones para que los medicos y los investigadores puedan mantener sus flujos de trabajo de colaboracion sin comprometer las regulaciones. La arquitectura propuesta logra esos objetivos en un entorno descentralizado mediante la adopcion de perfiles de privacidad de datos aislados.[Abstract] The General Data Protection Regulation (GDPR) was implemented on 25 May 2018 and is considered the most important development in data privacy regulation in the last 20 years. Heavy fines are defined for violating those rules and is not something that healthcare centers can afford to ignore. The main goal of this thesis is to study and propose a secure/integration layer for healthcare data curators, where: connectivity between isolated systems (locations), unification of records in a patientcentric view and data sharing with consent approval are the cornerstones of the proposed architecture. This proposal empowers the data subject with a central role, which allows to control their identity, privacy profiles and access grants. It aims to minimize the fear of legal liability when sharing medical records by using anonymisation and making patients responsible for securing their own medical records, yet preserving the patient’s quality of treatment. Our main hypothesis is: are the Distributed Ledger and Self-Sovereign Identity concepts a natural symbiosis to solve the GDPR challenges in the context of healthcare? Solutions are required so that clinicians and researchers can maintain their collaboration workflows without compromising regulations. The proposed architecture accomplishes those objectives in a decentralized environment by adopting isolated data privacy profiles

Location Privacy in VANETs: Improved Chaff-Based CMIX and Privacy-Preserving End-to-End Communication

VANETs communication systems are technologies and defined policies that can be formed to enable ITS applications to provide road traffic efficacy, warning about such issues as environmental dangers, journey circumstances, and in the provision of infotainment that considerably enhance transportation safety and quality. The entities in VANETs, generally vehicles, form part of a massive network known as the Internet of Vehicles (IoV). The deployment of large-scale VANETs systems is impossible without ensuring that such systems are themselves are safe and secure, protecting the privacy of their users. There is a risk that cars might be hacked, or their sensors become defective, causing inaccurate information to be sent across the network. Consequently, the activities and credentials of participating vehicles should be held responsible and quickly broadcast throughout a vast VANETs, considering the accountability in the system. The openness of wireless communication means that an observer can eavesdrop on vehicular communication and gain access or otherwise deduce users' sensitive information, and perhaps profile vehicles based on numerous factors such as tracing their travels and the identification of their home/work locations. In order to protect the system from malicious or compromised entities, as well as to preserve user privacy, the goal is to achieve communication security, i.e., keep users' identities hidden from both the outside world and the security infrastructure and service providers. Being held accountable while still maintaining one's privacy is a difficult balancing act. This thesis explores novel solution paths to the above challenges by investigating the impact of low-density messaging to improve the security of vehicle communications and accomplish unlinkability in VANETs. This is achieved by proposing an improved chaff-based CMIX protocol that uses fake messages to increase density to mitigate tracking in this scenario. Recently, Christian \etall \cite{vaas2018nowhere} proposed a Chaff-based CMIX scheme that sends fake messages under the presumption low-density conditions to enhance vehicle privacy and confuse attackers. To accomplish full unlinkability, we first show the following security and privacy vulnerabilities in the Christian \etall scheme: linkability attacks outside the CMIX may occur due to deterministic data-sharing during the authentication phase (e.g., duplicate certificates for each communication). Adversaries may inject fake certificates, which breaks Cuckoo Filters' (CFs) updates authenticity, and the injection may be deniable. CMIX symmetric key leakage outside the coverage may occur. We propose a VPKI-based protocol to mitigate these issues. First, we use a modified version of Wang \etall's \cite{wang2019practical} scheme to provide mutual authentication without revealing the real identity. To this end, a vehicle's messages are signed with a different pseudo-identity “certificate”. Furthermore, the density is increased via the sending of fake messages during low traffic periods to provide unlinkability outside the mix-zone. Second, unlike Christian \etall's scheme, we use the Adaptive Cuckoo Filter (ACF) instead of CF to overcome the effects of false positives on the whole filter. Moreover, to prevent any alteration of the ACFs, only RUSs distribute the updates, and they sign the new fingerprints. Third, mutual authentication prevents any leakage from the mix zones' symmetric keys by generating a fresh one for each communication through a Diffie–Hellman key exchange. As a second main contribution of this thesis, we focus on the V2V communication without the interference of a Trusted Third Party (TTP)s in case this has been corrupted, destroyed, or is out of range. This thesis presents a new and efficient end-to-end anonymous key exchange protocol based on Yang \etall's \cite{yang2015self} self-blindable signatures. In our protocol, vehicles first privately blind their own private certificates for each communication outside the mix-zone and then compute an anonymous shared key based on zero-knowledge proof of knowledge (PoK). The efficiency comes from the fact that once the signatures are verified, the ephemeral values in the PoK are also used to compute a shared key through an authenticated Diffie-Hellman key exchange protocol. Therefore, the protocol does not require any further external information to generate a shared key. Our protocol also does not require interfacing with the Roadside Units or Certificate Authorities, and hence can be securely run outside the mixed-zones. We demonstrate the security of our protocol in ideal/real simulation paradigms. Hence, our protocol achieves secure authentication, forward unlinkability, and accountability. Furthermore, the performance analysis shows that our protocol is more efficient in terms of computational and communications overheads compared to existing schemes.Kuwait Cultural Offic

Demystifying COVID-19 digital contact tracing: A survey on frameworks and mobile apps

The coronavirus pandemic is a new reality and it severely affects the modus vivendi of the international community. In this context, governments are rushing to devise or embrace novel surveillance mechanisms and monitoring systems to fight the outbreak. The development of digital tracing apps, which among others are aimed at automatising and globalising the prompt alerting of individuals at risk in a privacy-preserving manner is a prominent example of this ongoing effort. Very promptly, a number of digital contact tracing architectures has been sprouted, followed by relevant app implementations adopted by governments worldwide. Bluetooth, and specifically its Low Energy (BLE) power-conserving variant has emerged as the most promising short-range wireless network technology to implement the contact tracing service. This work offers the first to our knowledge, full-fledged review of the most concrete contact tracing architectures proposed so far in a global scale. This endeavour does not only embrace the diverse types of architectures and systems, namely centralised, decentralised, or hybrid, but it equally addresses the client side, i.e., the apps that have been already deployed in Europe by each country. There is also a full-spectrum adversary model section, which does not only amalgamate the previous work in the topic, but also brings new insights and angles to contemplate upon.Comment: 34 pages, 3 figure

Privacy of User Identities in Cellular Networks

This thesis looks into two privacy threats of cellular networks. For their operations, these networks have to deal with unique permanent user identities called International Mobile Subscriber Identity (IMSI). One of the privacy threats is posed by a device called IMSI catcher. An IMSI catcher can exploit various vulnerabilities. Some of these vulnerabilities are easier to exploit than others. This thesis looks into fixing the most easily exploitable vulnerability, which is in the procedure of identifying the subscriber. This vulnerability exists in all generations of cellular networks prior to 5G. The thesis discusses solutions to fix the vulnerability in several different contexts. One of the solutions proposes a generic approach, which can be applied to any generation of cellular networks, to fix the vulnerability. The generic approach uses temporary user identities, which are called pseudonyms, instead of using the permanent identity IMSI. The thesis also discusses another solution to fix the vulnerability, specifically in the identification procedure of 5G. The solution uses Identity-Based Encryption (IBE), and it is different from the one that has been standardised in 5G. Our IBE-based solution has some additional advantages that can be useful in future works. The thesis also includes a solution to fix the vulnerability in the identification procedure in earlier generations of cellular networks. The solution fixes the vulnerability when a user of a 5G network connects to those earlier generation networks. The solution is a hybridisation of the pseudonym-based generic solution and the standardised solution in 5G. The second of the two threats that this thesis deals with is related to the standards of a delegated authentication system, known as Authentication and Key Management for Applications (AKMA), which has been released in July 2020. The system enables application providers to authenticate their users by leveraging the authentication mechanism between the user and the user's cellular network. This thesis investigates what requirements AKMA should fulfil. The investigation puts a special focus on identifying privacy requirements. It finds two new privacy requirements, which are not yet considered in the standardisation process. The thesis also presents a privacy-preserving AKMA that can co-exist with a normal-mode AKMA.Väitöskirjassa tutkitaan kahta yksityisyyteen kohdistuvaa uhkaa mobiiliverkoissa. Näissä verkoissa käyttäjät tunnistetaan yksikäsitteisen pysyvän identiteetin perusteella. Hyökkääjä voi uhata käyttäjän yksityisyyttä sellaisen radiolähettimen avulla, joka naamioituu mobiiliverkon tukiasemaksi. Tällainen väärä tukiasema voi pyytää lähellä olevia mobiililaitteita kertomaan pysyvän identiteettinsä, jolloin hyökkääjä voi esimerkiksi selvittää, onko tietyn henkilön puhelin lähistöllä vai ei. Väitöskirjassa selvitetään, millaisilla ratkaisuilla tämän tyyppisiltä haavoittuvuuksilta voidaan välttyä. Viidennen sukupolven mobiiliteknologian standardiin on sisällytetty julkisen avaimen salaukseen perustuva suojaus käyttäjän pysyvälle identiteetille. Tällä ratkaisulla voidaan suojautua väärän tukiaseman uhkaa vastaan, mutta se toimii vain 5G-verkoissa. Yksi väitöskirjassa esitetyistä vaihtoehtoisista ratkaisuista soveltuu käytettäväksi myös vanhempien mobiiliteknologian sukupolvien yhteydessä. Ratkaisu perustuu pysyvän identiteetin korvaamiseen pseudonyymillä. Toinen esitetty ratkaisu käyttää identiteettiin pohjautuvaa salausta, ja sillä olisi tiettyjä etuja 5G-standardiin valittuun, julkisen avaimen salaukseen perustuvaan menetelmään verrattuna. Lisäksi väitöskirjassa esitetään 5G-standardiin valitun menetelmän ja pseudonyymeihin perustuvan menetelmän hybridi, joka mahdollistaisi suojauksen laajentamisen myös aiempiin mobiiliteknologian sukupolviin. Toinen väitöskirjassa tutkittu yksityisyyteen kohdistuva uhka liittyy 5G-standardin mukaiseen delegoidun tunnistautumisen järjestelmään. Tämä järjestelmä mahdollistaa käyttäjän vahvan tunnistautumisen automaattisesti mobiiliverkon avulla. Väitöskirjassa tutkitaan järjestelmälle asetettuja tietoturvavaatimuksia erityisesti yksityisyyden suojan näkökulmasta. Työssä on löydetty kaksi vaatimusta, joita ei ole toistaiseksi otettu huomioon standardeja kehitettäessä. Lisäksi työssä esitetään ratkaisu, jolla delegoidun tunnistautumisen järjestelmää voidaan laajentaa paremmin yksityisyyttä suojaavaksi

Practical Schemes For Privacy & Security Enhanced RFID

Proper privacy protection in RFID systems is important. However, many of the schemes known are impractical, either because they use hash functions instead of the more hardware efficient symmetric encryption schemes as a efficient cryptographic primitive, or because they incur a rather costly key search time penalty at the reader. Moreover, they do not allow for dynamic, fine-grained access control to the tag that cater for more complex usage scenarios. In this paper we investigate such scenarios, and propose a model and corresponding privacy friendly protocols for efficient and fine-grained management of access permissions to tags. In particular we propose an efficient mutual authentication protocol between a tag and a reader that achieves a reasonable level of privacy, using only symmetric key cryptography on the tag, while not requiring a costly key-search algorithm at the reader side. Moreover, our protocol is able to recover from stolen readers.Comment: 18 page

Privacy enhancing technologies (PETs) for connected vehicles in smart cities

This is an accepted manuscript of an article published by Wiley in Transactions on Emerging Telecommunications Technologies, available online: https://doi.org/10.1002/ett.4173 The accepted version of the publication may differ from the final published version.Many Experts believe that the Internet of Things (IoT) is a new revolution in technology that has brought many benefits for our organizations, businesses, and industries. However, information security and privacy protection are important challenges particularly for smart vehicles in smart cities that have attracted the attention of experts in this domain. Privacy Enhancing Technologies (PETs) endeavor to mitigate the risk of privacy invasions, but the literature lacks a thorough review of the approaches and techniques that support individuals' privacy in the connection between smart vehicles and smart cities. This gap has stimulated us to conduct this research with the main goal of reviewing recent privacy-enhancing technologies, approaches, taxonomy, challenges, and solutions on the application of PETs for smart vehicles in smart cities. The significant aspect of this study originates from the inclusion of data-oriented and process-oriented privacy protection. This research also identifies limitations of existing PETs, complementary technologies, and potential research directions.Published onlin