Pseudonymization and its Application to Cloud-based eHealth Systems

Responding to the security and privacy issues of information systems, we propose a novel pseudonym solution. This pseudonym solution has provable security to protect the identities of users by employing user-generated pseudonyms. It also provides an encryption scheme to protect the security of the users’ data stored in the public network. Moreover, the pseudonym solution also provides the authentication of pseudonyms without disclosing the users’ identity information. Thus the dependences on powerful trusted third parties and on the trustworthiness of system administrators may be appreciably alleviated. Electronic healthcare systems (eHealth systems), as one kind of everyday information system, with the ability to store and share patients’ health data efficiently, have to manage in-formation of an extremely personal nature. As a consequence of known cases of abuse and attacks, the security of the health data and the privacy of patients are a great concern for many people and thus becoming obstacles to the acceptance and spread of eHealth systems. In this thesis, we survey current eHealth systems in both research and practice, analyzing potential threats to the security and privacy. Cloud-based eHealth systems, in particular, enable applications with many new features in data storing and sharing. We analyze the new issues on security and privacy when cloud technology is introduced into eHealth systems. We demonstrate that our proposed pseudonym solution can be successfully applied to cloud-based eHealth systems. Firstly, we utilize the pseudonym scheme and encryption scheme for storing and retrieving the electronic health records (EHR) in the cloud. The identities of patients and the confidentiality of EHR contents are provably guaranteed by advanced cryptographic algorithms. Secondly, we utilize the pseudonym solution to protect the privacy of patients from the health insurance companies. Only necessary information about patients is disclosed to the health insurance companies, without interrupting the cur-rent normal business processes of health insurance. At last, based on the pseudonym solution, we propose a new procedure for the secondary use of the health data. The new procedure protects the privacy of patients properly and enables patients’ full control and clear consent over their health data to be secondarily used. A prototypical application of a cloud-based eHealth system implementing our proposed solution is presented in order to exhibit the practicability of the solution and to provide intuitive experiences. Some performance estimations of the proposed solution based on the implementation are also provided.Um gewisse Sicherheits- und Datenschutzdefizite heutiger Informationssysteme zu beheben, stellen wir eine neuartige Pseudonymisierungslösung vor, die benutzergenerierte Pseudonyme verwendet und die Identitäten der Pseudonyminhaber nachweisbar wirksam schützt. Sie beinhaltet neben der Pseudonymisierung auch ein Verschlüsselungsverfahren für den Schutz der Vertraulichkeit der Benutzerdaten, wenn diese öffentlich gespeichert werden. Weiterhin bietet sie ein Verfahren zur Authentisierung von Pseudonymen, das ohne die Offenbarung von Benutzeridentitäten auskommt. Dadurch können Abhängigkeiten von vertrauenswürdigen dritten Stellen (trusted third parties) oder von vertrauenswürdigen Systemadministratoren deutlich verringert werden. Elektronische Gesundheitssysteme (eHealth-Systeme) sind darauf ausgelegt, Patientendaten effizient zu speichern und bereitzustellen. Solche Daten haben ein extrem hohes Schutzbedürfnis, und bekannte Fälle von Angriffen auf die Vertraulichkeit der Daten durch Privilegienmissbrauch und externe Attacken haben dazu geführt, dass die Sorge um den Schutz von Gesundheitsdaten und Patientenidentitäten zu einem großen Hindernis für die Verbreitung und Akzeptanz von eHealth-Systemen geworden ist. In dieser Dissertation betrachten wir gegenwärtige eHealth-Systeme in Forschung und Praxis hinsichtlich möglicher Bedrohungen für Sicherheit und Vertraulichkeit der gespeicherten Daten. Besondere Beachtung finden cloudbasierte eHealth-Systeme, die Anwendungen mit neuartigen Konzepten zur Datenspeicherung und -bereitstellung ermöglichen. Wir analysieren Sicherheits- und Vertraulichkeitsproblematiken, die sich beim Einsatz von Cloud-Technologie in eHealth-Systemen ergeben. Wir zeigen, dass unsere Pseudonymisierungslösung erfolgreich auf cloudbasierte eHealth-Systeme angewendet werden kann. Dabei werden zunächst das Pseudonymisierungs- und das Verschlüsselungsverfahren bei der Speicherung und beim Abruf von elektronischen Gesundheitsdatensätzen (electronic health records, EHR) in der Cloud eingesetzt. Die Vertraulichkeit von Patientenidentitäten und EHR-Inhalten werden dabei durch den Einsatz moderner kryptografischer Algorithmen nachweisbar garantiert. Weiterhin setzen wir die Pseudonymisierungslösung zum Schutz der Privatsphäre der Patienten gegenüber Krankenversicherungsunternehmen ein. Letzteren werden lediglich genau diejenigen Patienteninformationen offenbart, die für den störungsfreien Ablauf ihrer Geschäftsprozesse nötig sind. Schließen schlagen wir eine neuartige Vorgehensweise für die Zweitverwertung der im eHealth-System gespeicherten Daten vor, die die Pseudonymisierungslösung verwendet. Diese Vorgehensweise bietet den Patienten angemessenen Schutz für ihre Privatsphäre und volle Kontrolle darüber, welche Daten für eine Zweitverwertung (z.B. für Forschungszwecke) freigegeben werden. Es wird ein prototypisches, cloudbasiertes eHealth-System vorgestellt, das die Pseudonymisierungslösung implementiert, um deren Praktikabilität zu demonstrieren und intuitive Erfahrungen zu vermitteln. Weiterhin werden, basierend auf der Implementierung, einige Abschätzungen der Performanz der Pseudonymisierungslösung angegeben

Individual Risk Management for Digital Payment Systems

Despite existing security standards and security technologies, such as secure hardware, gaps between users’ demand for security and the security offered by a payment system can still remain. These security gaps imply risks for users. In this paper, we introduce a framework for the management of those risks. As a result, we present an instrument enabling users to evaluate eventual risks related with digital payment systems and to handle these risks with technical and economic instruments.Payment Systems, Digital Money

Regulating Data as Property: A New Construct for Moving Forward

The global community urgently needs precise, clear rules that define ownership of data and express the attendant rights to license, transfer, use, modify, and destroy digital information assets. In response, this article proposes a new approach for regulating data as an entirely new class of property. Recently, European and Asian public officials and industries have called for data ownership principles to be developed, above and beyond current privacy and data protection laws. In addition, official policy guidances and legal proposals have been published that offer to accelerate realization of a property rights structure for digital information. But how can ownership of digital information be achieved? How can those rights be transferred and enforced? Those calls for data ownership emphasize the impact of ownership on the automotive industry and the vast quantities of operational data which smart automobiles and self-driving vehicles will produce. We looked at how, if at all, the issue was being considered in consumer-facing statements addressing the data being collected by their vehicles. To formulate our proposal, we also considered continued advances in scientific research, quantum mechanics, and quantum computing which confirm that information in any digital or electronic medium is, and always has been, physical, tangible matter. Yet, to date, data regulation has sought to adapt legal constructs for “intangible” intellectual property or to express a series of permissions and constraints tied to specific classifications of data (such as personally identifiable information). We examined legal reforms that were recently approved by the United Nations Commission on International Trade Law to enable transactions involving electronic transferable records, as well as prior reforms adopted in the United States Uniform Commercial Code and Federal law to enable similar transactions involving digital records that were, historically, physical assets (such as promissory notes or chattel paper). Finally, we surveyed prior academic scholarship in the U.S. and Europe to determine if the physical attributes of digital data had been previously considered in the vigorous debates on how to regulate personal information or the extent, if at all, that the solutions developed for transferable records had been considered for larger classes of digital assets. Based on the preceding, we propose that regulation of digital information assets, and clear concepts of ownership, can be built on existing legal constructs that have enabled electronic commercial practices. We propose a property rules construct that clearly defines a right to own digital information arises upon creation (whether by keystroke or machine), and suggest when and how that right attaches to specific data though the exercise of technological controls. This construct will enable faster, better adaptations of new rules for the ever-evolving portfolio of data assets being created around the world. This approach will also create more predictable, scalable, and extensible mechanisms for regulating data and is consistent with, and may improve the exercise and enforcement of, rights regarding personal information. We conclude by highlighting existing technologies and their potential to support this construct and begin an inventory of the steps necessary to further proceed with this process

Surveillance and security - a dodgy relationship

Modern societies are vulnerable. We have known this long before the attacks of September 11, but they made it clear to everyone. The second lesson learned was that it is impossible to foresee such events. Although these attacks to the real world were 'low-tech', now there are attempts around the globe to control especially the electronic or virtual world. However, does more surveillance really lead to more security? If so, what will be the price we have to pay? This paper gives an overview over what happened on a governmental level after September 11 in the EU, in some EU-member states and in the USA. Apart from political actions, we already face even direct socio-economic implications as some anonymizer services were shut down. They empowered Internet users to protect their right of privacy, and they were the first targets of investigation and suspicion. Shutting down these services reduces the potential room of users to protect their privacy by using privacy enhancing technologies (PETs). This is an indicator for a serious societal problem: democracy already has changed. In a second part this paper analyses the relationship between surveillance and security. It is argued that, the international over-reactions will not lead to the intended effects. Rather, they will have long-term implications for the respective societies.Privacy, security, surveillance, international policy

A secure archive for Voice-over-IP conversations

An efficient archive securing the integrity of VoIP-based two-party conversations is presented. The solution is based on chains of hashes and continuously chained electronic signatures. Security is concentrated in a single, efficient component, allowing for a detailed analysis.Comment: 9 pages, 2 figures. (C) ACM, (2006). This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Proceedings of VSW06, June, 2006, Berlin, German

Machine-Readable Privacy Certificates for Services

Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements). Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.Comment: 20 pages, 6 figure

Security Issues in Mobile Payment from the Customer Viewpoint

The perception of mobile payment procedures’ security by the customer is one major factor for the market breakthrough of the according systems. In this paper we examine security issues in mobile payment from the viewpoint of customers. Based on theoretical research we analyze empirical data from the MP2 mobile payment study with 8295 respondents in order to develop a set of dimensions, categories and aspects. The results do have a scientific as well as a practical impact: They provide a basis for the selection of appropriate indicators for further empirical studies. Furthermore they can serve as a guideline for mobile payment service providers in order to prevent security concerns through appropriate design and communication of payment procedures and to convince customers of the security of their mobile procedures by meeting concerns in informative advertising.