NEW SECURE SOLUTIONS FOR PRIVACY AND ACCESS CONTROL IN HEALTH INFORMATION EXCHANGE

In the current digital age, almost every healthcare organization (HCO) has moved from storing patient health records on paper to storing them electronically. Health Information Exchange (HIE) is the ability to share (or transfer) patients’ health information between different HCOs while maintaining national security standards like the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Over the past few years, research has been conducted to develop privacy and access control frameworks for HIE systems. The goal of this dissertation is to address the privacy and access control concerns by building practical and efficient HIE frameworks to secure the sharing of patients’ health information. The first solution allows secure HIE among different healthcare providers while focusing primarily on the privacy of patients’ information. It allows patients to authorize a certain type of health information to be retrieved, which helps prevent any unintentional leakage of information. The privacy solution also provides healthcare providers with the capability of mutual authentication and patient authentication. It also ensures the integrity and auditability of health information being exchanged. The security and performance study for the first protocol shows that it is efficient for the purpose of HIE and offers a high level of security for such exchanges. The second framework presents a new cloud-based protocol for access control to facilitate HIE across different HCOs, employing a trapdoor hash-based proxy signature in a novel manner to enable secure (authenticated and authorized) on-demand access to patient records. The proposed proxy signature-based scheme provides an explicit mechanism for patients to authorize the sharing of specific medical information with specific HCOs, which helps prevent any undesired or unintentional leakage of health information. The scheme also ensures that such authorizations are authentic with respect to both the HCOs and the patient. Moreover, the use of proxy signatures simplifies security auditing and the ability to obtain support for investigations by providing non-repudiation. Formal definitions, security specifications, and a detailed theoretical analysis, including correctness, security, and performance of both frameworks are provided which demonstrate the improvements upon other existing HIE systems

Exploração de Covert Channels de Rede sobre comunicações IEEE 802.15.4

The advancements in information and communication technology in the past decades have been converging into a new communication paradigm in which everything is expected to be interconnected with the heightened pervasiveness and ubiquity of the Internet of Things (IoT) paradigm. As these technologies mature, they are increasingly finding its way into more sensitive domains, such as Medical and Industrial IoT, in which safety and cyber-security are paramount. While the number of deployed IoT devices continues to increase annually, up to tens of billions of connected devices, IoT devices continue to present severe cyber-security vulnerabilities, which are worsened by challenges such as scalability, heterogeneity, and their often scarce computing capacity. Network covert channels are increasingly being used to support malware with stealthy behaviours, aiming at exfiltrating data or to orchestrate nodes of a botnet in a cloaked fashion. Nevertheless, the attention to this problem regarding underlying and pervasive IoT protocols such as the IEEE 802.15.4 has been scarce. Therefore, in this Thesis, we aim at analysing the performance and feasibility of such covertchannel implementations upon the IEEE 802.15.4 protocol to support the development of new mechanisms and add-ons that can effectively contribute to improve the current state of-art of IoT systems which rely on such, or similar underlying communication technologies.Os avanços nas tecnologias de informação e comunicação nas últimas décadas têm convergido num novo paradigma de comunicação, onde se espera que todos os intervenientes estejam interconectados pela ubiquidade do paradigma da Internet of Things (Internet das Coisas). Com a maturação destas tecnologias, elas têm-se vindo a infiltrar em domínios cada vez mais sensíveis, como nas aplicações médicas e industriais, onde a confiabilidade da informação e cyber-segurança são um fator crítico. Num contexto onde o número de dispositivos IoT continua a aumentar anualmente, já na ordem das dezenas de biliões de dispositivos interconectados, estes continuam, contudo, a apresentar severas vulnerabilidades no campo da cyber-segurança, sendo que os desafios como a escalabilidade, heterogeneidade e, na maioria das vezes, a sua baixa capacidade de processamento, tornam ainda mais complexa a sua resolução de forma permanente. Os covert channels de rede são cada vez mais um meio de suporte a malwares que apresentam comportamentos furtivos, almejando a extração de informação sensível ou a orquestração de nós de uma botnet de uma forma camuflada. Contudo, a atenção dada a este problema em protocolos de rede IoT abrangentes como o IEEE 802.15.4, tem sido escassa. Portanto, nesta tese, pretende-se elaborar uma análise da performance e da viabilidade da implementação de covert channels em modelos de rede onde figura o protocolo IEEE 802.15.4 de forma a suportar o desenvolvimento de novos mecanismos e complementos que podem efetivamente contribuir para melhorar a ciber-segurança de sistemas IoT que dependem do suporte destas tecnologias de comunicação

The InfoSec Handbook

Computer scienc

Cybersecurity and the Digital Health: An Investigation on the State of the Art and the Position of the Actors

Cybercrime is increasingly exposing the health domain to growing risk. The push towards a strong connection of citizens to health services, through digitalization, has undisputed advantages. Digital health allows remote care, the use of medical devices with a high mechatronic and IT content with strong automation, and a large interconnection of hospital networks with an increasingly effective exchange of data. However, all this requires a great cybersecurity commitment—a commitment that must start with scholars in research and then reach the stakeholders. New devices and technological solutions are increasingly breaking into healthcare, and are able to change the processes of interaction in the health domain. This requires cybersecurity to become a vital part of patient safety through changes in human behaviour, technology, and processes, as part of a complete solution. All professionals involved in cybersecurity in the health domain were invited to contribute with their experiences. This book contains contributions from various experts and different fields. Aspects of cybersecurity in healthcare relating to technological advance and emerging risks were addressed. The new boundaries of this field and the impact of COVID-19 on some sectors, such as mhealth, have also been addressed. We dedicate the book to all those with different roles involved in cybersecurity in the health domain

The InfoSec Handbook

Computer scienc

Authentication and Data Protection under Strong Adversarial Model

We are interested in addressing a series of existing and plausible threats to cybersecurity where the adversary possesses unconventional attack capabilities. Such unconventionality includes, in our exploration but not limited to, crowd-sourcing, physical/juridical coercion, substantial (but bounded) computational resources, malicious insiders, etc. Our studies show that unconventional adversaries can be counteracted with a special anchor of trust and/or a paradigm shift on a case-specific basis. Complementing cryptography, hardware security primitives are the last defense in the face of co-located (physical) and privileged (software) adversaries, hence serving as the special trust anchor. Examples of hardware primitives are architecture-shipped features (e.g., with CPU or chipsets), security chips or tokens, and certain features on peripheral/storage devices. We also propose changes of paradigm in conjunction with hardware primitives, such as containing attacks instead of counteracting, pretended compliance, and immunization instead of detection/prevention. In this thesis, we demonstrate how our philosophy is applied to cope with several exemplary scenarios of unconventional threats, and elaborate on the prototype systems we have implemented. Specifically, Gracewipe is designed for stealthy and verifiable secure deletion of on-disk user secrets under coercion; Hypnoguard protects in-RAM data when a computer is in sleep (ACPI S3) in case of various memory/guessing attacks; Uvauth mitigates large-scale human-assisted guessing attacks by receiving all login attempts in an indistinguishable manner, i.e., correct credentials in a legitimate session and incorrect ones in a plausible fake session; Inuksuk is proposed to protect user files against ransomware or other authorized tampering. It augments the hardware access control on self-encrypting drives with trusted execution to achieve data immunization. We have also extended the Gracewipe scenario to a network-based enterprise environment, aiming to address slightly different threats, e.g., malicious insiders. We believe the high-level methodology of these research topics can contribute to advancing the security research under strong adversarial assumptions, and the promotion of software-hardware orchestration in protecting execution integrity therein

The playwright-performer as scourge and benefactor : an examination of political satire and lampoon in South African theatre, with particular reference to Pieter-Dirk Uys.

Thesis (Ph.D.)-University of Natal, Durban, 1993.During the 1970s the plays of Pieter-Dirk Uys became causes celebres. In the 1980s he was, commercially and artistically, arguably the most successful South African satirist. By 1990 he had gained recognition in the United Kingdom, the United States of America, Canada, Australia, the Netherlands and Germany. Yet relatively little research has been undertaken or published which evaluates his contribution to South African theatre as a playwright and performer of political satire. This dissertation aims to document and assess the satiric work of Uys and that of his precursors and contemporaries. The first chapter identifies certain characteristic features and purposes of satire as a creative method which cannot be defined in purely literary terms. The views of local practitioners and references to its manifestation in various non-literary and indigenous forms are included to support the descriptive approach to satire in performance adopted in later chapters. Of necessity to a study of Uys's lampoons, Chapter 2 discusses the origins of lampoon and the theatrical presentation of actual persons by Aristophanes (the first extant Western playwright to do so). Both the textual and visual ridicule of Socrates, Euripides, Cleon and Lamachus are considered, to argue that Aristophanes employed the nominal character as a factional type to exemplify a concept for humorous rather than meliorative purposes. Part One of Chapter 3 is a necessarily selective survey of the diversity, style and censorship of satire in South Africa in various theatrical, literary and journalistic forms. Part Two describes the use of satire by Adam Leslie, Jeremy Taylor, Robert Kirby and, more recently, Paul Slabolepszy, Mark Banks, Ian Fraser, Eric Miyeni and the 'alternative' Afrikaners in plays and in revue, cabaret and stand-up comedy. Chapter 4 examines the principal themes of Uys's plays to date, the 1981-1992 revues as entertainment and as a reflection of certain social and political issues, the similarities between his theatrical praxis and that of Aristophanes, and his satiric strategies in performance: his preparatory and visual signifiers, his concern with proxemics, and his mastery of kinesics, paralanguage and chronemics in depicting a spectrum of fictional and non-fictional personae, including Evita Bezuidenhout, P.W. Botha and the Uys-persona

Cyber- Physical Robustness Enhancement Strategies for Demand Side Energy Systems

An integrated Cyber-Physical System (CPS) system realizes the two-way communication between end-users and power generation in which customers are able to actively re-shaped their consumption profiles to facilitate the energy efficiency of the grid. However, large-scale implementations of distributed assets and advanced communication infrastructures also increase the risks of grid operation. This thesis aims to enhance the robustness of the entire demand-side system in a cyber-physical environment and develop comprehensive strategies about outage energy management (i.e., community-level scheduling and appliance-level energy management), communications infrastructure development, and cybersecurity controls that encounter virus attacks. All these aspects facilitate the demand-side system’s self-serve capability and operational robustness under extreme conditions and dangerous scenarios. The research that contributes to this thesis is grouped around and builds a general scheme to enhance the robustness of CPS demand-side energy system with outage considerations, communication network layouts, and virus intrusions. Under system outage, there are two layers for maximizing the duration of self-power supply duration in extreme conditions. The study first proposed a resilient energy management system for residential communities (CEMS), by scheduling and coordinating the battery energy storage system and energy consumption of houses/units. Moreover, it also proposed a hierarchical resilient energy management system (EMS) by fully considering the appliance-level local scheduling. The method also takes into account customer satisfaction and lifestyle preferences in order to form the optimal outcome. To further enhance the robustness of the CPS system, a complex multi-hop wireless remote metering network model for communication layout on the CPS demand side was proposed. This decreased the number and locations of data centers on the demand side and reduced the security risk of communication and the infrastructure cost of the smart grid for residential energy management. A novel evolutionary aggregation algorithm (EAA) was proposed to obtain the minimum number and locations of the local data centers required to fulfill the connectivity of the smart meters. Finally, the potential for virus attacks has also been studied as well. A trade-off strategy to confront viruses in the system with numerous network nodes is proposed. The allocation of antivirus programs and schemes are studied to avoid system crashes and achieve the minimum potential damages. A DOWNHILL-TRADE OFF algorithm is proposed to address an appropriate allocation strategy under the time evolution of the expected state of the network. Simulations are conducted using the data from the Smart Grid, Smart City national demonstration project trials

Figure

This open access book shows how figures, figuring, and configuration are used to understand complex, contemporary problems. Figures are images, numbers, diagrams, data and datasets, turns-of-phrase, and representations. Contributors reflect on the history of figures as they have transformed disciplines and fields of study, and how methods of figuring and configuring have been integral to practices of description, computation, creation, criticism and political action. They do this by following figures across fields of social science, medicine, art, literature, media, politics, philosophy, history, anthropology, and science and technology studies. Readers will encounter figures as various as Je Suis Charlie, #MeToo, social media personae, gardeners, asthmatic children, systems configuration management and cloud computing – all demonstrate the methodological utility and contemporary relevance of thinking with figures. This book serves as a critical guide to a world of figures and a creative invitation to “go figure!