271 research outputs found
Balancing Privacy and Progress in Artificial Intelligence: Anonymization in Histopathology for Biomedical Research and Education
The advancement of biomedical research heavily relies on access to large
amounts of medical data. In the case of histopathology, Whole Slide Images
(WSI) and clinicopathological information are valuable for developing
Artificial Intelligence (AI) algorithms for Digital Pathology (DP).
Transferring medical data "as open as possible" enhances the usability of the
data for secondary purposes but poses a risk to patient privacy. At the same
time, existing regulations push towards keeping medical data "as closed as
necessary" to avoid re-identification risks. Generally, these legal regulations
require the removal of sensitive data but do not consider the possibility of
data linkage attacks due to modern image-matching algorithms. In addition, the
lack of standardization in DP makes it harder to establish a single solution
for all formats of WSIs. These challenges raise problems for bio-informatics
researchers in balancing privacy and progress while developing AI algorithms.
This paper explores the legal regulations and terminologies for medical
data-sharing. We review existing approaches and highlight challenges from the
histopathological perspective. We also present a data-sharing guideline for
histological data to foster multidisciplinary research and education.Comment: Accepted to FAIEMA 202
Privacy-Preserving Data Integration for Health
The digital transformation of health processes has resulted in the collection of vast amounts of health-related data that presents significant potential to support medical research projects and improve the healthcare system. Many of these possibilities arise as a consequence of integrating data from different sources to create an accurate and unified representation of the underlying data and enable detailed data analysis that is not possible through any individual source. Achieving this vision requires the collection and processing of sensitive health-related data about individuals, thus privacy and confidentiality implications have to be considered. In this paper, I describe my doctoral research topic: the design and development of a novel Privacy-Preserving Data Integration (PPDI) framework which aims to effectively address the challenges and opportunities of integrating Big Health Data (BHD) while ensuring compliance with the General Data Protection Regulation (GDPR). The paper describes the planned methodology for implementing the PPDI process through the usage of data pseudonymization techniques and Privacy-Preserving Record Linkage (PPRL) methods and provides an overview of the new framework, which is based on the re-implementation of MOMIS towards a microservices architecture with added PPDI functionalities
Incorporation of Multiple Sources into IT - and Data Protection Concepts: Lessons Learned from the FARKOR Project
The IT- and data protection concept of the FAmiliäres Risiko für das KOloRektale Karzinom (FARKOR) project will be presented. FARKOR is a risk adapted screening-project in Bavaria, Germany focusing on young adults with familial colorectal cancer (CRC). For each participant, data from different sources have to be integrated: Treatment records centrally administered by the resident doctors association (KVB), data from health insurance companies (HIC), and patient reported lifestyle data. Patient privacy rights must be observed. Record Linkage is performed by a central independent trust center. Data are decrypted, integrated and analyzed in a secure part of the scientific evaluation center with no connection to the internet (SECSP). The presented concept guarantees participants privacy through different identifiers, separation of responsibilities, data pseudonymization, public-private key encryption of medical data and encrypted data transfer
REISCH: incorporating lightweight and reliable algorithms into healthcare applications of WSNs
Healthcare institutions require advanced technology to collect patients' data accurately and continuously. The tradition technologies still suffer from two problems: performance and security efficiency. The existing research has serious drawbacks when using public-key mechanisms such as digital signature algorithms. In this paper, we propose Reliable and Efficient Integrity Scheme for Data Collection in HWSN (REISCH) to alleviate these problems by using secure and lightweight signature algorithms. The results of the performance analysis indicate that our scheme provides high efficiency in data integration between sensors and server (saves more than 24% of alive sensors compared to traditional algorithms). Additionally, we use Automated Validation of Internet Security Protocols and Applications (AVISPA) to validate the security procedures in our scheme. Security analysis results confirm that REISCH is safe against some well-known attacks
Secured Data Masking Framework and Technique for Preserving Privacy in a Business Intelligence Analytics Platform
The main concept behind business intelligence (BI) is how to use integrated data across different business systems within an enterprise to make strategic decisions. It is difficult to map internal and external BI’s users to subsets of the enterprise’s data warehouse (DW), resulting that protecting the privacy of this data while maintaining its utility is a challenging task. Today, such DW systems constitute one of the most serious privacy breach threats that an enterprise might face when many internal users of different security levels have access to BI components. This thesis proposes a data masking framework (iMaskU: Identify, Map, Apply, Sign, Keep testing, Utilize) for a BI platform to protect the data at rest, preserve the data format, and maintain the data utility on-the-fly querying level. A new reversible data masking technique (COntent BAsed Data masking - COBAD) is developed as an implementation of iMaskU. The masking algorithm in COBAD is based on the statistical content of the extracted dataset, so that, the masked data cannot be linked with specific individuals or be re-identified by any means.
The strength of the re-identification risk factor for the COBAD technique has been computed using a supercomputer where, three security scheme/attacking methods are considered, a) the brute force attack, needs, on average, 55 years to crack the key of each record; b) the dictionary attack, needs 231 days to crack the same key for the entire extracted dataset (containing 50,000 records), c) a data linkage attack, the re-identification risk is very low when the common linked attributes are used. The performance validation of COBAD masking technique has been conducted. A database schema of 1GB is used in TPC-H decision support benchmark. The performance evaluation for the execution time of the selected TPC-H queries presented that the COBAD speed results are much better than AES128 and 3DES encryption. Theoretical and experimental results show that the proposed solution provides a reasonable trade-off between data security and the utility of re-identified data
Towards an auditable cryptographic access control to high-value sensitive data
We discuss the challenge of achieving an auditable key management for cryptographic access control to high-value sensitive data. In such settings it is important to be able to audit the key management process - and in particular to be able to provide verifiable proofs of key generation. The auditable key management has several possible use cases in both civilian and military world. In particular, the new regulations for protection of sensitive personal data, such as GDPR, introduce strict requirements for handling of personal data and apply a very restrictive definition of what can be considered a personal data. Cryptographic access control for personal data has a potential to become extremely important for preserving industrial ability to innovate, while protecting subject's privacy, especially in the context of widely deployed modern monitoring, tracking and profiling capabilities, that are used by both governmental institutions and high-tech companies. However, in general, an encrypted data is still considered as personal under GDPR and therefore cannot be, e.g., stored or processed in a public cloud or distributed ledger. In our work we propose an identity-based cryptographic framework that ensures confidentiality, availability, integrity of data while potentially remaining compliant with the GDPR framework
EPOS Security & GDPR Compliance
Since May 2018, companies have been required to comply with the General Data Protection
Regulation (GDPR). This means that many companies had to change their methods of collecting
and processing EU citizens’ data. The compliance process can be very expensive, for example,
more specialized human resources are needed, who need to study the regulations and then
implement the changes in the IT applications and infrastructures. As a result, new measures
and methods need to be developed and implemented, making this process expensive.
This project is part of the EPOS project. EPOS allows data on earth sciences from various
research institutes in Europe to be shared and used. The data is stored in a database and in
some file systems and in addition, there is web services for data mining and control. The EPOS
project is a complex distributed system and therefore it is important to guarantee not only its
security, but also that it is compatible with GDPR. The need to automate and facilitate this
compliance and verification process was identified, in particular the need to develop a tool
capable of analyzing applications web. This tool can provide companies in general an easier and
faster way to check the degree of compliance with the GDPR in order to assess and implement
any necessary changes.
With this, PADRES was developed that contains the main points of GDPR organized by principles
in the form of checklist which are answered manually. When submitted, a security analysis is
also performed based on NMAP and ZAP together with the cookie analyzer. Finally, a report
is generated with the information obtained together with a set of suggestions based on the
responses obtained from the checklist.
Applying this tool to EPOS, most of the points related to GDPR were answered as being in compliance although the rest of the suggestions were generated to help improve the level of compliance and also improve general data management. In the exploitation of vulnerabilities, some
were found to be classified as high risk, but most were found to be classified as medium risk.Desde maio de 2018 que as empresas precisam de cumprir o Regulamento Geral de Proteção
de Dados (GDPR). Isso significa que muitas empresas tiveram que mudar seus métodos de como
recolhem e processam os dados dos cidadãos da UE. O processo de conformidade pode ser muito
caro, por exemplo, são necessários recursos humanos mais especializados, que precisam estudar
os regulamentos e depois implementar as alterações nos aplicativos e infraestruturas de TI.
Com isso novas medidas e métodos precisam ser desenvolvidos e implementados, tornando esse
processo caro.
Este projeto está inserido no projeto European Plate Observing System (EPOS). O EPOS permite
que dados sobre ciências da terra de vários institutos de pesquisa na Europa sejam compartilhados e usados. Os dados são armazenados em base de dados e em alguns sistema de ficheiros
e além disso, existem web services para controle e mineração de dados. O projeto EPOS é um
sistema distribuído complexo e portanto, é importante garantir não apenas sua segurança, mas
também que seja compatível com o GDPR. Foi identificada a necessidade de automatizar e facilitar esse processo, em particular a necessidade de desenvolver uma ferramenta capaz de analisar aplicações web. Essa ferramenta, chamada PrivAcy, Data REgulation and Security (PADRES)
pode fornecer às empresas uma maneira mais fácil e rápida de verificar o grau de conformidade
com o GDPR com o objetivo de avaliar e implementar quaisquer alterações necessárias.
Com isto, esta ferramenta contém os pontos principais do General Data Protection Regulation
(GDPR) organizado por princípios em forma duma lista de verificação, os quais são respondidos
manualmente. Como os conceitos de privacidade e segurança se complementam, foi também
incluída a procura por vulnerabilidades em aplicações web. Ao integrar as ferramentas de código
aberto como o Network Mapper (NMAP) ou Zed Attack Proxy (ZAP), é possível então testar a
aplicações contra as vulnerabilidades mais frequentes segundo o Open Web Application Security
Project (OWASP) Top 10.
Aplicando esta ferramenta no EPOS, a maioria dos pontos relativos ao GDPR foram respondidos
como estando em conformidade apesar de nos restantes terem sido geradas as respetivas sugestões para ajudar a melhorar o nível de conformidade e também melhorar o gerenciamento
geral dos dados. Na exploração das vulnerabilidades foram encontradas algumas classificadas
com risco elevado mas na maioria foram encontradas mais com classificação média
- …