Anonymization of Event Logs for Network Security Monitoring

A managed security service provider (MSSP) must collect security event logs from their customers’ network for monitoring and cybersecurity protection. These logs need to be processed by the MSSP before displaying it to the security operation center (SOC) analysts. The employees generate event logs during their working hours at the customers’ site. One challenge is that collected event logs consist of personally identifiable information (PII) data; visible in clear text to the SOC analysts or any user with access to the SIEM platform. We explore how pseudonymization can be applied to security event logs to help protect individuals’ identities from the SOC analysts while preserving data utility when possible. We compare the impact of using different pseudonymization functions on sensitive information or PII. Non-deterministic methods provide higher level of privacy but reduced utility of the data. Our contribution in this thesis is threefold. First, we study available architectures with different threat models, including their strengths and weaknesses. Second, we study pseudonymization functions and their application to PII fields; we benchmark them individually, as well as in our experimental platform. Last, we obtain valuable feedbacks and lessons from SOC analysts based on their experience. Existing works[43, 44, 48, 39] are generally restricting to the anonymization of the IP traces, which is only one part of the SOC analysts’ investigation of PCAP files inspection. In one of the closest work[47], the authors provide useful, practical anonymization methods for the IP addresses, ports, and raw logs

Routes for breaching and protecting genetic privacy

We are entering the era of ubiquitous genetic information for research, clinical care, and personal curiosity. Sharing these datasets is vital for rapid progress in understanding the genetic basis of human diseases. However, one growing concern is the ability to protect the genetic privacy of the data originators. Here, we technically map threats to genetic privacy and discuss potential mitigation strategies for privacy-preserving dissemination of genetic data.Comment: Draft for comment

An architecture for secure data management in medical research and aided diagnosis

Programa Oficial de Doutoramento en Tecnoloxías da Información e as Comunicacións. 5032V01[Resumo] O Regulamento Xeral de Proteccion de Datos (GDPR) implantouse o 25 de maio de 2018 e considerase o desenvolvemento mais importante na regulacion da privacidade de datos dos ultimos 20 anos. As multas fortes definense por violar esas regras e non e algo que os centros sanitarios poidan permitirse ignorar. O obxectivo principal desta tese e estudar e proponer unha capa segura/integracion para os curadores de datos sanitarios, onde: a conectividade entre sistemas illados (localizacions), a unificacion de rexistros nunha vision centrada no paciente e a comparticion de datos coa aprobacion do consentimento sexan as pedras angulares de a arquitectura controlar a sua identidade, os perfis de privacidade e as subvencions de acceso. Ten como obxectivo minimizar o medo a responsabilidade legal ao compartir os rexistros medicos mediante o uso da anonimizacion e facendo que os pacientes sexan responsables de protexer os seus propios rexistros medicos, pero preservando a calidade do tratamento do paciente. A nosa hipotese principal e: os conceptos Distributed Ledger e Self-Sovereign Identity son unha simbiose natural para resolver os retos do GDPR no contexto da saude? Requirense solucions para que os medicos e investigadores poidan manter os seus fluxos de traballo de colaboracion sen comprometer as regulacions. A arquitectura proposta logra eses obxectivos nun ambiente descentralizado adoptando perfis de privacidade de datos illados.[Resumen] El Reglamento General de Proteccion de Datos (GDPR) se implemento el 25 de mayo de 2018 y se considera el desarrollo mas importante en la regulacion de privacidad de datos en los ultimos 20 anos. Las fuertes multas estan definidas por violar esas reglas y no es algo que los centros de salud puedan darse el lujo de ignorar. El objetivo principal de esta tesis es estudiar y proponer una capa segura/de integración para curadores de datos de atencion medica, donde: la conectividad entre sistemas aislados (ubicaciones), la unificacion de registros en una vista centrada en el paciente y el intercambio de datos con la aprobacion del consentimiento son los pilares de la arquitectura propuesta. Esta propuesta otorga al titular de los datos un rol central, que le permite controlar su identidad, perfiles de privacidad y permisos de acceso. Su objetivo es minimizar el temor a la responsabilidad legal al compartir registros medicos utilizando el anonimato y haciendo que los pacientes sean responsables de proteger sus propios registros medicos, preservando al mismo tiempo la calidad del tratamiento del paciente. Nuestra hipotesis principal es: .son los conceptos de libro mayor distribuido e identidad autosuficiente una simbiosis natural para resolver los desafios del RGPD en el contexto de la atencion medica? Se requieren soluciones para que los medicos y los investigadores puedan mantener sus flujos de trabajo de colaboracion sin comprometer las regulaciones. La arquitectura propuesta logra esos objetivos en un entorno descentralizado mediante la adopcion de perfiles de privacidad de datos aislados.[Abstract] The General Data Protection Regulation (GDPR) was implemented on 25 May 2018 and is considered the most important development in data privacy regulation in the last 20 years. Heavy fines are defined for violating those rules and is not something that healthcare centers can afford to ignore. The main goal of this thesis is to study and propose a secure/integration layer for healthcare data curators, where: connectivity between isolated systems (locations), unification of records in a patientcentric view and data sharing with consent approval are the cornerstones of the proposed architecture. This proposal empowers the data subject with a central role, which allows to control their identity, privacy profiles and access grants. It aims to minimize the fear of legal liability when sharing medical records by using anonymisation and making patients responsible for securing their own medical records, yet preserving the patient’s quality of treatment. Our main hypothesis is: are the Distributed Ledger and Self-Sovereign Identity concepts a natural symbiosis to solve the GDPR challenges in the context of healthcare? Solutions are required so that clinicians and researchers can maintain their collaboration workflows without compromising regulations. The proposed architecture accomplishes those objectives in a decentralized environment by adopting isolated data privacy profiles

On the Use of XML in Medical Imaging Web-Based Applications

The rapid growth of digital technology in medical fields over recent years has increased the need for applications able to manage patient medical records, imaging data, and chart information. Web-based applications are implemented with the purpose to link digital databases, storage and transmission protocols, management of large volumes of data and security concepts, allowing the possibility to read, analyze, and even diagnose remotely from the medical center where the information was acquired. The objective of this paper is to analyze the use of the Extensible Markup Language (XML) language in web-based applications that aid in diagnosis or treatment of patients, considering how this protocol allows indexing and exchanging the huge amount of information associated with each medical case. The purpose of this paper is to point out the main advantages and drawbacks of the XML technology in order to provide key ideas for future web-based applicationsPeer ReviewedPostprint (author's final draft

Towards Privacy-, Budget-, and Deadline-Aware Service Optimization for Large Medical Image Processing across Hybrid Clouds

Efficiently processing medical images, such as whole slide images in digital pathology, is essential for timely diagnosing high-risk diseases. However, this demands advanced computing infrastructure, e.g., GPU servers for deep learning inferencing, and local processing is time-consuming and costly. Besides, privacy concerns further complicate the employment of remote cloud infrastructures. While previous research has explored privacy and security-aware workflow scheduling in hybrid clouds for distributed processing, privacy-preserving data splitting, optimizing the service allocation of outsourcing computation on split data to the cloud, and privacy evaluation for large medical images still need to be addressed. This study focuses on tailoring a virtual infrastructure within a hybrid cloud environment and scheduling the image processing services while preserving privacy. We aim to minimize the use of untrusted nodes, lower monetary costs, and reduce execution time under privacy, budget, and deadline requirements. We consider a two-phase solution and develop 1) a privacy-preserving data splitting algorithm and 2) a greedy Pareto front-based algorithm for optimizing the service allocation. We conducted experiments with real and simulated data to validate and compare our method with a baseline. The results show that our privacy mechanism design outperforms the baseline regarding the average lower band on individual privacy and information gain for privacy evaluation. In addition, our approach can obtain various Pareto optimal-based allocations with users' preferences on the maximum number of untrusted nodes, budget, and time threshold. Our solutions often dominate the baseline's solution and are superior on a tight budget. Specifically, our approach has been ahead of baseline, up to 85.2% and 6.8% in terms of the total financial and time costs, respectively

Privacy-preserving efficient searchable encryption

Data storage and computation outsourcing to third-party managed data centers, in environments such as Cloud Computing, is increasingly being adopted by individuals, organizations, and governments. However, as cloud-based outsourcing models expand to society-critical data and services, the lack of effective and independent control over security and privacy conditions in such settings presents significant challenges. An interesting solution to these issues is to perform computations on encrypted data, directly in the outsourcing servers. Such an approach benefits from not requiring major data transfers and decryptions, increasing performance and scalability of operations. Searching operations, an important application case when cloud-backed repositories increase in number and size, are good examples where security, efficiency, and precision are relevant requisites. Yet existing proposals for searching encrypted data are still limited from multiple perspectives, including usability, query expressiveness, and client-side performance and scalability. This thesis focuses on the design and evaluation of mechanisms for searching encrypted data with improved efficiency, scalability, and usability. There are two particular concerns addressed in the thesis: on one hand, the thesis aims at supporting multiple media formats, especially text, images, and multimodal data (i.e. data with multiple media formats simultaneously); on the other hand the thesis addresses client-side overhead, and how it can be minimized in order to support client applications executing in both high-performance desktop devices and resource-constrained mobile devices. From the research performed to address these issues, three core contributions were developed and are presented in the thesis: (i) CloudCryptoSearch, a middleware system for storing and searching text documents with privacy guarantees, while supporting multiple modes of deployment (user device, local proxy, or computational cloud) and exploring different tradeoffs between security, usability, and performance; (ii) a novel framework for efficiently searching encrypted images based on IES-CBIR, an Image Encryption Scheme with Content-Based Image Retrieval properties that we also propose and evaluate; (iii) MIE, a Multimodal Indexable Encryption distributed middleware that allows storing, sharing, and searching encrypted multimodal data while minimizing client-side overhead and supporting both desktop and mobile devices

SoK: Demystifying Privacy Enhancing Technologies Through the Lens of Software Developers

In the absence of data protection measures, software applications lead to privacy breaches, posing threats to end-users and software organisations. Privacy Enhancing Technologies (PETs) are technical measures that protect personal data, thus minimising such privacy breaches. However, for software applications to deliver data protection using PETs, software developers should actively and correctly incorporate PETs into the software they develop. Therefore, to uncover ways to encourage and support developers to embed PETs into software, this Systematic Literature Review (SLR) analyses 39 empirical studies on developers' privacy practices. It reports the usage of six PETs in software application scenarios. Then, it discusses challenges developers face when integrating PETs into software, ranging from intrinsic challenges, such as the unawareness of PETs, to extrinsic challenges, such as the increased development cost. Next, the SLR presents the existing solutions to address these challenges, along with the limitations of the solutions. Further, it outlines future research avenues to better understand PETs from a developer perspective and minimise the challenges developers face when incorporating PETs into software

Metodología integral de protección de datos electrónicos médicos, aplicado al almacenamiento, acceso y análisis forense de las historias clínicas en Colombia

La Historia Clínica tiene unas características especiales que requieren un manejo diferente desde el punto de vista de la seguridad informática. Dadas las condiciones que anteceden para mantener su integridad, además de cumplir con la normatividad propia de cada país, se hace conveniente la transformación de la forma tradicional mediante manuscritos, a la utilización de las tecnologías de información. Con esta evolución, los incidentes de seguridad cibernética en un sector tan crítico como este, tienen un gran impacto en la sociedad, considerando que la información de la historia clínica podría ser usada de manera inadecuada, permitiendo el robo de identidad, ingreso no autorizado, daño de la información u alteración de los datos del paciente. Aplicando la Resolución Colombiana 1995 de 1999 [1], se desprende que la información del paciente debe registrarse cronológicamente, de la misma manera que los actos médicos, procedimientos ejecutados por el equipo de médico o cualquiera intervenga en su atención, a lo largo de los planteamientos hechos, los sistemas de salud se van volviendo cada vez más vulnerables a incidentes de seguridad informática, en consecuencia a la automatización, las tecnologías de información, los volúmenes de información y la conexión con los pacientes; Al mismo tiempo la inclusión de la seguridad en los sistemas de información de salud no es una prioridad. El resultado de esta investigación es una metodología integral que permita asegurar la accesibilidad al sistema, garantizar la integridad de los datos, además de la posibilidad de realizar un análisis forense en caso de ser vulnerado, al mismo tiempo logrando mitigar las causas, generando alertas, y factores por los cuales los datos electrónicos médicos en historias clínicas no logran ser protegidos.The Clinical History has some special characteristics that require different management from the point of view of computer security. Given the above conditions to maintain its integrity, in addition for complying with the regulations of each country, it is convenient to modify the traditional form by means of manuscripts, to the use of information technologies. With this evolution, the incidents of cybersecurity in a sector as critical as this one, have a great impact on society, such as information on history. Damage to information or alteration of patient data. Applying Colombian Resolution 1995 of 1999 [1], it follows that patient information must correspond chronologically, in the same way as medical acts, procedures performed by the doctor's team or any intervention in their care, throughout the given the facts, health systems are becoming increasingly vulnerable to computer security, automation, information technology, information and connection with patients; At the same time, the inclusion of security in health information systems is not a priority. The result of this research is a comprehensive methodology that allows accessibility in the system, the integrity of the data, the possibility of carrying out an analysis in the case of vulnerability, the same time in which mitigation of the causes is being achieved, generating alerts, electronic data in clinics cannot be protecte