Integrated, reliable and cloud-based personal health record: a scoping review.

Personal Health Records (PHR) emerge as an alternative to integrate patient’s health information to give a global view of patients' status. However, integration is not a trivial feature when dealing with a variety electronic health systems from healthcare centers. Access to PHR sensitive information must comply with privacy policies defined by the patient. Architecture PHR design should be in accordance to these, and take advantage of nowadays technology. Cloud computing is a current technology that provides scalability, ubiquity, and elasticity features. This paper presents a scoping review related to PHR systems that achieve three characteristics: integrated, reliable and cloud-based. We found 101 articles that addressed thosecharacteristics. We identified four main research topics: proposal/developed systems, PHR recommendations for development, system integration and standards, and security and privacy. Integration is tackled with HL7 CDA standard. Information reliability is based in ABE security-privacy mechanism. Cloud-based technology access is achieved via SOA.CONACYT - Consejo Nacional de Ciencia y TecnologíaPROCIENCI

A Survey of Access Control Models in Wireless Sensor Networks

Copyright 2014 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/)Wireless sensor networks (WSNs) have attracted considerable interest in the research community, because of their wide range of applications. However, due to the distributed nature of WSNs and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. Resource constraints in sensor nodes mean that security mechanisms with a large overhead of computation and communication are impractical to use in WSNs; security in sensor networks is, therefore, a challenge. Access control is a critical security service that offers the appropriate access privileges to legitimate users and prevents illegitimate users from unauthorized access. However, access control has not received much attention in the context of WSNs. This paper provides an overview of security threats and attacks, outlines the security requirements and presents a state-of-the-art survey on access control models, including a comparison and evaluation based on their characteristics in WSNs. Potential challenging issues for access control schemes in WSNs are also discussed.Peer reviewe

Security protocols for mobile ubiquitous e-health systems

Mención Internacional en el título de doctorWearable and implantable medical devices constitute an already established industry nowadays. According to a recent research [113], North America is currently the most important market followed by Europe, Asia-Pacific and the rest of the world. Additionally, the same document remarks the importance of the Asia-Pacific region due to the rising ageing population and the overpopulation in that area. The most common implantable medical devices include pacemakers, defibrillators, cochlear implants, insulin pumps, and neurostimulators among others. In recent years, the proliferation of smartphones and other mobile “smart” devices with substantial computational and communication capabilities have reshaped the way wireless body area network may be implemented. In their current generation (or in a near future), all of them share a common feature: wireless communication capabilities [127]. Moreover, implantable medical devices have the ability to support and store telemetry data facilitating the remote monitoring of the patient. Medical devices can be part of a wireless body area network, operating both as sensors and as actuators and making decisions in real time. On the other hand, a new kind of devices called wearables such as smart bracelets or smart watches have been equipped with several sensors like Photoplethysmogram (PPG) to record the heart beats, accelerometers to count the steps or Global Positioning System (GPS) to geopositioning users and were originally conceived as cheap solutions to help people to improve their workout. However these devices have demonstrated to be quite useful in many healthcare environments due to a huge variety of different and low-cost medical sensors. Thus, patients can be monitored for long periods of time without interfering in their daily life and taking their vital signs constantly under control. Security and privacy issues have been described as two of the most challenging problems of implantable medical devices and, more generally, wireless body area networks [6, 47, 84, 103]. As an example, it has been demonstrated that somebody equipped with a low cost device can eavesdrop on the data exchanged between a reader and a peacemaker and may even induce a cardiac arrest [71]. Health-related data have been the focus of several attacks almost since the adoption of computers in the healthcare domain. As a recent example, in 2010 personal data from more than 26 million of veterans were stolen from the Department of Veterans Affairs’ database in the US by an employee who had access to the database [104]. The Ponemon Institute pointed out that Germany and the US spent in 2013 more than $7.56 and$11 millions, respectively, to protect personal health records from attacks. This PhD dissertation explores the security and privacy of data in healthcare environments where confidential information is measured in real time by some sensors placed in, on, or around the human body. Security and privacy in medical conditions have been widely studied by the research community, nonetheless with the recent boom of wearable devices, new security issues have arisen. The first part of this dissertation is dedicated to the introduction and to expose both the main motivation and objectives of this PhD Thesis. Additionally the contributions and the organization of this document are also presented. In the second part a recent proposal has been analysed from the security and privacy points of view. From this study, vulnerabilities concerning to full disclosure, impersonation, traceability, de-synchronization, and Denial-of-Service (DoS) attacks have been found. These attacks make the protocol infeasible to be introduced with an adequate security and sufficient privacy protection level. Finally, a new protocol named Fingerprint⁺ protocol for Internet of Thing (IoT) is presented, which is based on ISO/IEC 9798-2 and ISO/IEC 18000-6C and whose security is formally verified using BAN logic. In the third part of this dissertation, a new system based on International Standard Organization (ISO) standards and security National Institute of Standards and Technology (NIST) recommendations have been proposed. First, we present a mutual entity authentication protocol inspired on ISO/IEC 9798 Part 2. This system could be deployed in a hospital where Radio Frequency IDentification (RFID) technology may be used to prune blood-handling errors, i.e., the identities of the patients and blood bags are confirmed (authentication protocol) and after that the matching between both entities is checked (verification step). Second, a secure messaging protocol inspired on ISO/IEC 11770 Part 2 and similar to that used in electronic passports is presented. Nowadays the new generation of medical implants possess wireless connectivity. Imagine a doctor equipped with a reader aims to access the records of vital signals stored on the memory of an implant. In this scenario, the doctor (reader) and the patient (implant) are first mutually authenticated and then a secure exchange of data can be performed. The fourth part of this Thesis provides an architecture based on two cryptographic protocols, the first one is for publishing personal data in a body area network composed of different sensors whereas the second one is designed for sending commands to those sensors by guaranteeing the confidentiality and fine-grained access control to the private data. Both protocols are based on a recently proposed public cryptography paradigm named ciphertext policy attribute-based encryption scheme which is lightweight enough to be embedded into wearable devices and sensors. Contrarily to other proposals made on this field, this architecture allows sensors not only to encrypt data but also to decrypt messages generated by other devices. The fifth part presents a new decentralized attribute based encryption scheme named Decentralized Ciphertext-Policy Attribute Based Searchable Encryption that incorporates ciphertext-policy attribute-based encryption with keyword search over encrypted data. This scheme allows users to (a) encrypt their personal data collected by a Wireless Body Area Network (WBAN) according to a policy of attributes; (b) define a set of keywords to enable other users (e.g., hospital stuff) to perform encrypted search over their personal (encrypted) data; (c) securely store the encrypted data on a semi-honest server and let the semi-honest server run the (encrypted) keyword search. Note that any user can perform a keyword query on the encrypted data, however the decryption of the resulting ciphertexts is possible only for users whose attribute satisfy the policy with which the data had been encrypted. We state and prove the security of our scheme against an honest-but-curious server and a passive adversary. Finally, we implement our system on heterogeneous devices and demonstrate its efficiency and scalability. Finally, this document ends with a conclusions achieved during this PhD and a summary of the main published contributions.Los dispositivos médicos implantables como los marcapasos o las bombas de insulina fueron concebidas originalmente para controlar automáticamente ciertos parámetros biológicos y, llegado el caso, poder actuar ante comportamientos anómalos como ataques cardíacos o episodios de hipoglucemia. Recientemente, han surgido uno dispositivos llamados wearables como las pulseras cuantificadoras, los relojes inteligentes o las bandas pectorales. Estos dispositivos han sido equipados con un número de sensores con capacidad de monitorizar señales vitales como el ritmo cardíaco, los movimientos (acelerómetros) o sistemas de posicionamiento (GPS) entre otros muchas opciones, siendo además una solución asequible y accesible para todo el mundo. A pesar de que el propósito original fue la mejora del rendimiento en actividades deportivas, estos dispositivos han resultado ser de gran utilidad en entornos médicos debido a su amplia variedad de sensores. Esta tecnología puede ayudar al personal médico a realizar seguimientos personalizados, constantes y en tiempo real del comportamiento de los pacientes, sin necesidad de interferir en sus vidas cotidianas. Esta Tesis doctoral está centrada en la seguridad y privacidad en entornos médicos, donde la información es recogida en tiempo real a través de una serie de sensores que pueden estar implantados o equipados en el propio paciente. La seguridad y la privacidad en entornos médicos ha sido el foco de muchos investigadores, no obstante con el reciente auge de los wearables se han generado nuevos retos debido a que son dispositivos con fuertes restricciones de cómputo, de memoria, de tamaño o de autonomía. En la primera parte de este documento, se introduce el problema de la seguridad y la privacidad en el paradigma de Internet de las cosas y haciendo especial hincapié en los entornos médicos. La motivación así como los principales objetivos y contribuciones también forman parte de este primer capítulo introductorio. La segunda parte de esta Tesis presenta un nuevo protocolo de autenticación basado en RFID para IoT. Este capítulo analiza previamente, desde el punto de vista de la seguridad y la privacidad un protocolo publicado recientemente y, tras demostrar que carece de las medidas de seguridad suficientes, un nuevo protocolo llamado Fingerprint⁺ compatible con los estándares de seguridad definidos en el estándar ISO/IEC 9798-2 y EPC-C1G2 (equivalente al estándard ISO/IEC 18000-6C) ha sido propuesto. Un nuevo sistema basado en estándares ISO y en recomendaciones realizadas por el NIST ha sido propuesto en la tercera parte de esta Tesis. En este capítulo se presentan dos protocolos bien diferenciados, el primero de ellos consiste en un protocolo de autenticación basado en el estándar ISO/IEC 9798 Part 2. A modo de ejemplo, este protocolo puede evitar problemas de compatibilidad sanguínea, es decir, primero se confirma que el paciente es quien dice ser y que la bolsa de sangre realmente contiene sangre (proceso de autenticación). Posteriormente se comprueba que esa bolsa de sangre va a ser compatible con el paciente (proceso de verificación). El segundo de los protocolos propuestos consiste en un protocolo seguro para el intercambio de información basado en el estándar ISO/IEC 11770 Part 2 (el mismo que los pasaportes electrónicos). Siguiendo con el ejemplo médico, imaginemos que un doctor equipado con un lector de radiofrecuencia desea acceder a los datos que un dispositivo implantado en el paciente está recopilando. En este escenario tanto el lector como el implante, se deben autenticar mutuamente para poder realizar el intercambio de información de manera segura. En el cuarto capítulo, una nueva arquitectura basada en el modelo de Publish/Subscribe ha sido propuesto. Esta solución está compuesta de dos protocolos, uno para el intercambio de información en una red de área personal y otro para poder reconfigurar el comportamiento de los sensores. Ambos protocolos están diseñados para garantizar tanto la seguridad como la privacidad de todos los datos que se envían en la red. Para ello, el sistema está basado en un sistema de criptografía de clave pública llamado Attribute Based Encryption que es suficientemente ligero y versátil como para ser implementado en dispositivos con altas restricciones de cómputo y de memoria. A continuación, en el quinto capítulo se propone una solución completamente orientada a entornos médicos donde la información que los sensores obtienen de los pacientes es cifrada y almacenada en servidores públicos. Una vez en estos servidores, cualquier usuario con privilegios suficientes puede realizar búsquedas sobre datos cifrados, obtener la información y descifrarla. De manera adicional, antes de que los datos cifrados se manden a la nube, el paciente puede definir una serie de palabras claves que se enlazarán a los datos para permitir posteriormente búsquedas y así obtener la información relacionada a un tema en concreto de manera fácil y eficiente. El último capítulo de esta Tesis se muestran las principales conclusiones obtenidas así como un resumen de las contribuciones científicas publicadas durante el período doctoral.Programa Oficial de Doctorado en Ciencia y Tecnología InformáticaPresidente: Arturo Ribagorda Garnacho.- Secretario: Jorge Blasco Alís.- Vocal: Jesús Garicia López de Lacall

Constant Size Secret Sharing: with General Thresholds, Towards Standard Assumptions, and Applications

We consider threshold Computational Secret Sharing Schemes, i.e., such that the secret can be recovered from any $t+1$ out of $n$ shares, and such that no computationally bounded adversary can distinguish between $t$ shares of a chosen secret and a uniform string. We say that such a scheme has Constant Size (CSSS) if, in the asymptotic regime of many shares of small size the security parameter, then the total size of shares reaches the minimum, which is the size of an erasures-correction encoding of the secret with same threshold. But all CSSS so far have only maximum threshold, i.e., $t=n-1$. They are known as All Or Nothing Transforms (AONT). On the other hand, for arbitrary thresholds $t<n-1$, the shortest scheme known so far is [Kra93, Crypto], which has instead twice larger size in the previous regime, due to a size overhead of $n$ times the security parameter. The other limitation of known CSSS is that they require a number of calls to idealized primitives which grows linearly with the size of the secret. Our first contribution is to show that the CSSS of [Des00, Crypto], which holds under the ideal cipher assumption, looses its privacy when instantiated with a plain pseudorandom permutation. Our main contribution is a scheme which: is the first CSSS for any threshold $t$, and furthermore, whose security holds, for the first time, under any plain pseudorandom function, with the only idealized assumption being in the key-derivation function. It is based on the possibly new observation that the scheme of [Des00] can be seen as an additive secret-sharing of an encryption key, using the ciphertext itself as a source of randomness. A variation of our construction enables to improve upon known schemes, that we denote as Encryption into Shares with Resilience against Key exposure (ESKE), having the property that all ciphertext blocks are needed to obtain any information, even when the key is leaked. We obtain the first ESKE with arbitrary threshold $t$ and constant size, furthermore in one pass of encryption. Also, for the first time, the only idealized assumption is in the key-derivation. Then, we demonstrate how to establish fast revocable storage on an untrusted server, from any black box ESKE. Instantiated with our ESKE, then encryption and decryption both require only $1$ pass of symmetric primitives under standard assumptions (except the key-derivation), compared to at least $2$ consecutive passes in [MS18, CT-RSA] and more in [Bac+16, CCS]. We finally bridge the gap between two conflicting specifications of AONT in the literature: one very similar to CSSS, which has indistinguishability, and one which has not

Hierarchical Group and Attribute-Based Access Control: Incorporating Hierarchical Groups and Delegation into Attribute-Based Access Control

Attribute-Based Access Control (ABAC) is a promising alternative to traditional models of access control (i.e. Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-Based Access control (RBAC)) that has drawn attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large-scale adoption is still in its infancy. The relatively recent popularity of ABAC still leaves a number of problems unexplored. Issues like delegation, administration, auditability, scalability, hierarchical representations, etc. have been largely ignored or left to future work. This thesis seeks to aid in the adoption of ABAC by filling in several of these gaps. The core contribution of this work is the Hierarchical Group and Attribute-Based Access Control (HGABAC) model, a novel formal model of ABAC which introduces the concept of hierarchical user and object attribute groups to ABAC. It is shown that HGABAC is capable of representing the traditional models of access control (MAC, DAC and RBAC) using this group hierarchy and that in many cases it’s use simplifies both attribute and policy administration. HGABAC serves as the basis upon which extensions are built to incorporate delegation into ABAC. Several potential strategies for introducing delegation into ABAC are proposed, categorized into families and the trade-offs of each are examined. One such strategy is formalized into a new User-to-User Attribute Delegation model, built as an extension to the HGABAC model. Attribute Delegation enables users to delegate a subset of their attributes to other users in an off-line manner (not requiring connecting to a third party). Finally, a supporting architecture for HGABAC is detailed including descriptions of services, high-level communication protocols and a new low-level attribute certificate format for exchanging user and connection attributes between independent services. Particular emphasis is placed on ensuring support for federated and distributed systems. Critical components of the architecture are implemented and evaluated with promising preliminary results. It is hoped that the contributions in this research will further the acceptance of ABAC in both academia and industry by solving the problem of delegation as well as simplifying administration and policy authoring through the introduction of hierarchical user groups

Advances in Information Security and Privacy

With the recent pandemic emergency, many people are spending their days in smart working and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims to establish the state of the art in protecting information by mitigating information risks. This objective is reached by presenting both surveys on specific topics and original approaches and solutions to specific problems. In total, 16 papers have been published in this Special Issue

A Survey on Security and Privacy of 5G Technologies: Potential Solutions, Recent Advancements, and Future Directions

Security has become the primary concern in many telecommunications industries today as risks can have high consequences. Especially, as the core and enable technologies will be associated with 5G network, the confidential information will move at all layers in future wireless systems. Several incidents revealed that the hazard encountered by an infected wireless network, not only affects the security and privacy concerns, but also impedes the complex dynamics of the communications ecosystem. Consequently, the complexity and strength of security attacks have increased in the recent past making the detection or prevention of sabotage a global challenge. From the security and privacy perspectives, this paper presents a comprehensive detail on the core and enabling technologies, which are used to build the 5G security model; network softwarization security, PHY (Physical) layer security and 5G privacy concerns, among others. Additionally, the paper includes discussion on security monitoring and management of 5G networks. This paper also evaluates the related security measures and standards of core 5G technologies by resorting to different standardization bodies and provide a brief overview of 5G standardization security forces. Furthermore, the key projects of international significance, in line with the security concerns of 5G and beyond are also presented. Finally, a future directions and open challenges section has included to encourage future research.European CommissionNational Research Tomsk Polytechnic UniversityUpdate citation details during checkdate report - A

A Trust-Based Adaptive Access Control Model for Wireless Sensor Networks

Wireless Sensor Networks (WSNs) have recently attracted much interest in the research community because of their wide range of applications. One emerging application for WSNs involves their use in healthcare where they are generally termed Wireless Medical Sensor Networks (WMSNs). In a hospital, fitting patients with tiny, wearable, wireless vital sign sensors would allow doctors, nurses and others to continuously monitor the state of those in their care. In the healthcare industry, patients are expected to be treated in reasonable time and any loss in data availability can result in further decline in the patient’s condition or can even lead to death. Therefore, the availability of data is more important than security concerns. The overwhelming priority is to take care of the patient, but the privacy and confidentiality of that patient’s medical records cannot be neglected. In current healthcare applications, there are many problems concerning security policy violations such as unauthorised denial of use, unauthorised information modification and unauthorised information release of medical data in the real world environment. Current WSN access control models used the traditional Role-Based Access Control (RBAC) or cryptographic methods for data access control but the systems still need to predefine attributes, roles and policies before deployment. It is, however, difficult to determine in advance all the possible needs for access in real world applications because there may be unanticipated situations at any time. This research proceeds to study possible approaches to address the above issues and to develop a new access control model to fill the gaps in work done by the WSN research community. Firstly, the adaptive access control model is proposed and developed based on the concept of discretionary overriding to address the data availability issue. In the healthcare industry, there are many problems concerning unauthorised information release. So, we extended the adaptive access control model with a prevention and detection mechanism to detect security policy violations, and added the concept of obligation to take a course of action when a restricted access is granted or denied. However, this approach does not consider privacy of patients’ information because data availability is prioritised. To address the conflict between data availability and data privacy, this research proposed the Trust-based Adaptive Access Control (TBA2C) model that integrates the concept of trust into the previous model. A simple user behaviour trust model is developed to calculate the behaviour trust value which measures the trustworthiness of the users and that is used as one of the defined thresholds to override access policy for data availability purpose, but the framework of the TBA2C model can be adapted with other trust models in the research community. The trust model can also protect data privacy because only a user who satisfies the relevant trust threshold can get restricted access in emergency and unanticipated situations. Moreover, the introduction of trust values in the enforcement of authorisation decisions can detect abnormal data access even from authorised users. Ponder2 is used to develop the TBA2C model gradually, starting from a simple access control model to the full TBA2C. In Ponder2, a Self-Managed Cell (SMC) simulates a sensor node with the TBA2C engine inside it. Additionally, to enable a full comparison with the proposed TBA2C model, the Break-The-Glass Role Based Access Control (BTGRBAC) model is redesigned and developed in the same platform (Ponder2). The proposed TBA2C model is the first to realise a flexible access control engine and to address the conflict between data availability and data privacy by combining the concepts of discretionary overriding, the user behaviour trust model, and the prevention and detection mechanism

Privacy engineering for social networks

In this dissertation, I enumerate several privacy problems in online social networks (OSNs) and describe a system called Footlights that addresses them. Footlights is a platform for distributed social applications that allows users to control the sharing of private information. It is designed to compete with the performance of today's centralised OSNs, but it does not trust centralised infrastructure to enforce security properties. Based on several socio-technical scenarios, I extract concrete technical problems to be solved and show how the existing research literature does not solve them. Addressing these problems fully would fundamentally change users' interactions with OSNs, providing real control over online sharing. I also demonstrate that today's OSNs do not provide this control: both user data and the social graph are vulnerable to practical privacy attacks. Footlights' storage substrate provides private, scalable, sharable storage using untrusted servers. Under realistic assumptions, the direct cost of operating this storage system is less than one US dollar per user-year. It is the foundation for a practical shared filesystem, a perfectly unobservable communications channel and a distributed application platform. The Footlights application platform allows third-party developers to write social applications without direct access to users' private data. Applications run in a confined environment with a private-by-default security model: applications can only access user information with explicit user consent. I demonstrate that practical applications can be written on this platform. The security of Footlights user data is based on public-key cryptography, but users are able to log in to the system without carrying a private key on a hardware token. Instead, users authenticate to a set of authentication agents using a weak secret such as a user-chosen password or randomly-assigned 4-digit number. The protocol is designed to be secure even in the face of malicious authentication agents.This work was supported by the Rothermere Foundation and the Natural Sciences and Engineering Research Council of Canada (NSERC)

A comprehensive survey of V2X cybersecurity mechanisms and future research paths

Recent advancements in vehicle-to-everything (V2X) communication have notably improved existing transport systems by enabling increased connectivity and driving autonomy levels. The remarkable benefits of V2X connectivity come inadvertently with challenges which involve security vulnerabilities and breaches. Addressing security concerns is essential for seamless and safe operation of mission-critical V2X use cases. This paper surveys current literature on V2X security and provides a systematic and comprehensive review of the most relevant security enhancements to date. An in-depth classification of V2X attacks is first performed according to key security and privacy requirements. Our methodology resumes with a taxonomy of security mechanisms based on their proactive/reactive defensive approach, which helps identify strengths and limitations of state-of-the-art countermeasures for V2X attacks. In addition, this paper delves into the potential of emerging security approaches leveraging artificial intelligence tools to meet security objectives. Promising data-driven solutions tailored to tackle security, privacy and trust issues are thoroughly discussed along with new threat vectors introduced inevitably by these enablers. The lessons learned from the detailed review of existing works are also compiled and highlighted. We conclude this survey with a structured synthesis of open challenges and future research directions to foster contributions in this prominent field.This work is supported by the H2020-INSPIRE-5Gplus project (under Grant agreement No. 871808), the ”Ministerio de Asuntos Económicos y Transformacion Digital” and the European Union-NextGenerationEU in the frameworks of the ”Plan de Recuperación, Transformación y Resiliencia” and of the ”Mecanismo de Recuperación y Resiliencia” under references TSI-063000-2021-39/40/41, and the CHIST-ERA-17-BDSI-003 FIREMAN project funded by the Spanish National Foundation (Grant PCI2019-103780).Peer ReviewedPostprint (published version