An architecture for secure data management in medical research and aided diagnosis

Programa Oficial de Doutoramento en Tecnoloxías da Información e as Comunicacións. 5032V01[Resumo] O Regulamento Xeral de Proteccion de Datos (GDPR) implantouse o 25 de maio de 2018 e considerase o desenvolvemento mais importante na regulacion da privacidade de datos dos ultimos 20 anos. As multas fortes definense por violar esas regras e non e algo que os centros sanitarios poidan permitirse ignorar. O obxectivo principal desta tese e estudar e proponer unha capa segura/integracion para os curadores de datos sanitarios, onde: a conectividade entre sistemas illados (localizacions), a unificacion de rexistros nunha vision centrada no paciente e a comparticion de datos coa aprobacion do consentimento sexan as pedras angulares de a arquitectura controlar a sua identidade, os perfis de privacidade e as subvencions de acceso. Ten como obxectivo minimizar o medo a responsabilidade legal ao compartir os rexistros medicos mediante o uso da anonimizacion e facendo que os pacientes sexan responsables de protexer os seus propios rexistros medicos, pero preservando a calidade do tratamento do paciente. A nosa hipotese principal e: os conceptos Distributed Ledger e Self-Sovereign Identity son unha simbiose natural para resolver os retos do GDPR no contexto da saude? Requirense solucions para que os medicos e investigadores poidan manter os seus fluxos de traballo de colaboracion sen comprometer as regulacions. A arquitectura proposta logra eses obxectivos nun ambiente descentralizado adoptando perfis de privacidade de datos illados.[Resumen] El Reglamento General de Proteccion de Datos (GDPR) se implemento el 25 de mayo de 2018 y se considera el desarrollo mas importante en la regulacion de privacidad de datos en los ultimos 20 anos. Las fuertes multas estan definidas por violar esas reglas y no es algo que los centros de salud puedan darse el lujo de ignorar. El objetivo principal de esta tesis es estudiar y proponer una capa segura/de integración para curadores de datos de atencion medica, donde: la conectividad entre sistemas aislados (ubicaciones), la unificacion de registros en una vista centrada en el paciente y el intercambio de datos con la aprobacion del consentimiento son los pilares de la arquitectura propuesta. Esta propuesta otorga al titular de los datos un rol central, que le permite controlar su identidad, perfiles de privacidad y permisos de acceso. Su objetivo es minimizar el temor a la responsabilidad legal al compartir registros medicos utilizando el anonimato y haciendo que los pacientes sean responsables de proteger sus propios registros medicos, preservando al mismo tiempo la calidad del tratamiento del paciente. Nuestra hipotesis principal es: .son los conceptos de libro mayor distribuido e identidad autosuficiente una simbiosis natural para resolver los desafios del RGPD en el contexto de la atencion medica? Se requieren soluciones para que los medicos y los investigadores puedan mantener sus flujos de trabajo de colaboracion sin comprometer las regulaciones. La arquitectura propuesta logra esos objetivos en un entorno descentralizado mediante la adopcion de perfiles de privacidad de datos aislados.[Abstract] The General Data Protection Regulation (GDPR) was implemented on 25 May 2018 and is considered the most important development in data privacy regulation in the last 20 years. Heavy fines are defined for violating those rules and is not something that healthcare centers can afford to ignore. The main goal of this thesis is to study and propose a secure/integration layer for healthcare data curators, where: connectivity between isolated systems (locations), unification of records in a patientcentric view and data sharing with consent approval are the cornerstones of the proposed architecture. This proposal empowers the data subject with a central role, which allows to control their identity, privacy profiles and access grants. It aims to minimize the fear of legal liability when sharing medical records by using anonymisation and making patients responsible for securing their own medical records, yet preserving the patient’s quality of treatment. Our main hypothesis is: are the Distributed Ledger and Self-Sovereign Identity concepts a natural symbiosis to solve the GDPR challenges in the context of healthcare? Solutions are required so that clinicians and researchers can maintain their collaboration workflows without compromising regulations. The proposed architecture accomplishes those objectives in a decentralized environment by adopting isolated data privacy profiles

Design and Analysis of Opaque Signatures

Digital signatures were introduced to guarantee the authenticity and integrity of the underlying messages. A digital signature scheme comprises the key generation, the signature, and the verification algorithms. The key generation algorithm creates the signing and the verifying keys, called also the signer’s private and public keys respectively. The signature algorithm, which is run by the signer, produces a signature on the input message. Finally, the verification algorithm, run by anyone who knows the signer’s public key, checks whether a purported signature on some message is valid or not. The last property, namely the universal verification of digital signatures is undesirable in situations where the signed data is commercially or personally sensitive. Therefore, mechanisms which share most properties with digital signatures except for the universal verification were invented to respond to the aforementioned need; we call such mechanisms “opaque signatures”. In this thesis, we study the signatures where the verification cannot be achieved without the cooperation of a specific entity, namely the signer in case of undeniable signatures, or the confirmer in case of confirmer signatures; we make three main contributions. We first study the relationship between two security properties important for public key encryption, namely data privacy and key privacy. Our study is motivated by the fact that opaque signatures involve always an encryption layer that ensures their opacity. The properties required for this encryption vary according to whether we want to protect the identity (i.e. the key) of the signer or hide the validity of the signature. Therefore, it would be convenient to use existing work about the encryption scheme in order to derive one notion from the other. Next, we delve into the generic constructions of confirmer signatures from basic cryptographic primitives, e.g. digital signatures, encryption, or commitment schemes. In fact, generic constructions give easy-to-understand and easy-to-prove schemes, however, this convenience is often achieved at the expense of efficiency. In this contribution, which constitutes the core of this thesis, we first analyze the already existing constructions; our study concludes that the popular generic constructions of confirmer signatures necessitate strong security assumptions on the building blocks, which impacts negatively the efficiency of the resulting signatures. Next, we show that a small change in these constructionsmakes these assumptions drop drastically, allowing as a result constructions with instantiations that compete with the dedicated realizations of these signatures. Finally, we revisit two early undeniable signatures which were proposed with a conjectural security. We disprove the claimed security of the first scheme, and we provide a fix to it in order to achieve strong security properties. Next, we upgrade the second scheme so that it supports a iii desirable feature, and we provide a formal security treatment of the new scheme: we prove that it is secure assuming new reasonable assumptions on the underlying constituents

Research Philosophy of Modern Cryptography

Proposing novel cryptography schemes (e.g., encryption, signatures, and protocols) is one of the main research goals in modern cryptography. In this paper, based on more than 800 research papers since 1976 that we have surveyed, we introduce the research philosophy of cryptography behind these papers. We use ``benefits and ``novelty as the keywords to introduce the research philosophy of proposing new schemes, assuming that there is already one scheme proposed for a cryptography notion. Next, we introduce how benefits were explored in the literature and we have categorized the methodology into 3 ways for benefits, 6 types of benefits, and 17 benefit areas. As examples, we introduce 40 research strategies within these benefit areas that were invented in the literature. The introduced research strategies have covered most cryptography schemes published in top-tier cryptography conferences

Optimizing secure communication standards for disadvantaged networks

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2009.Cataloged from PDF version of thesis.Includes bibliographical references (p. 137-140).We present methods for optimizing standardized cryptographic message protocols for use on disadvantaged network links. We first provide an assessment of current secure communication message packing standards and their relevance to disadvantaged networks. Then we offer methods to reduce message overhead in packing Cryptographic Message Syntax (CMS) structures by using ZLIB compression and using a Lite version of CMS. Finally, we offer a few extensions to the Extensible Messaging and Presence Protocol (XMPP) to wrap secure group messages for chat on disadvantaged networks and to reduce XMPP message overhead in secure group transmissions. We present the design and implementation of these optimizations and the results that these optimizations have on message overhead, extensibility, and usability of both CMS and XMPP. We have developed these methods to extend CMS and XMPP with the ultimate goal of establishing standards for securing communications in disadvantaged networks.by Stephen Hiroshi Okano.M.Eng

AICPA Technical Practice Aids, as of June 1, 2005, Volume 2

https://egrove.olemiss.edu/aicpa_guides/2584/thumbnail.jp

Towards End-to-End Data Privacy: from Generation to Consumption

Preserving data privacy is a formidable challenge in today’s interconnected and data-centric world. Individuals are surrounded by “smart” devices that collect and generate massive amounts of sensitive data. Moreover, organizations collect personalized data, including private information, to provide more functionalities and better quality for their data-driven services. Therefore, ensuring data privacy throughout its lifecycle, i.e., from generation to consumption, is paramount.To this end, this dissertation tackles several challenges to attain such end-to-end data privacy. We first investigate lower-end devices to preserve data privacy from its generation, and propose two secure architectures: one for mid-range devices with memory management unit and the other for low-end devices with no security features. Then, we revisit cryptographic computing, a promising privacy-enhancing technology for data in use, focusing on input correctness, generalized adversary models, and challenges in real-world applications

AICPA Technical Practice Aids, as of June 1, 2004, Volume 2

https://egrove.olemiss.edu/aicpa_guides/2554/thumbnail.jp

Electronic business and electronic commerce (supporting lecture notes for students of dirеction "Management" of all forms of education)

E-Business systems naturally have greater security risks than traditional business systems, therefore it is important for e-business systems to be fully protected against these risks. Customers, suppliers, employees, and numerous other people use any particular e-business system daily and expect their confidential information to stay secure. Hackers are one of the great threats to the security of e-businesses. Some common security concerns for e-Businesses include keeping business and customer information private and confidential, authenticity of data, and data integrity. Some of the methods of protecting e-business security and keeping information secure include physical security measures as well as data storage, data transmission, anti-virus software, firewalls, and encryption to list a few.Розглянуто та рекомендовано до друку на засіданні кафедри інноваційного менеджменту та підприємництва, протокол No1 від 27 серпня 2015 року. Схвалено та рекомендовано до друку на засіданні методичної комісії факультету управління та бізнесу у виробництві Тернопільського національного технічного університету імені Івана Пулюя, протокол No6 від 26 лютого 2016 року.The purpose of thе document is to present the different underlying "technologies" (in reality, organizational modes based on information and communication technologies) and their associated acronyms. The term "e-Business" therefore refers to the integration, within the company, of tools based on information and communication technologies (generally referred to as business software) to improve their functioning in order to create value for the enterprise, its clients, and its partners.Topic 1. Basic concepts of electronic business and electronic commerce 1.1. Basic concepts and principles of e-business. 1.2. Origins and growth of e-commerce. Topic 2. Ecommerce as a part of electronic business 2.1. E-business infrastructure, e-environment and e-business strategy 2.2. Ways of e-business conducting. Online trading. Topic 3. Basis of global computer network internet functioning. 3.1. Basic principles of internet. 3.2. The most common services of Іnternet. 3.3. The concept and structure of Internet marketing. Topic 4. E-commerce systems in corporate sector 4.1. The basic processes of implementation of electronic commerce in the B2B sector. Virtual enterprise, internet incubator, mobile commerce. 4.2. The role of supply-chain management (SCM) and customer relationship management (CRM) in e-commerce. Topic 5. Information management for effective e-commerce building through intranet and extranet 5.1. Basic principles of Intranet functioning. 5.2. Extranet and its security issues. Topic 6. Electronic payment systems 6.1. Electronic payment systems. 6.2. Primary classification of payment systems

AICPA Technical Practice Aids, as o June 1, 2003, Volume 2

https://egrove.olemiss.edu/aicpa_guides/2551/thumbnail.jp

A Knowledge Mining Approach for Effective Customer Relationship Management

The problem of existing customer relationship management (CRM) system is not lack of information but the ability to differentiate useful information from chatter or even disinformation and also maximize the richness of these heterogeneous information sources. This paper describes an improved text mining approach for automatically extracting association rules from collections of textual documents. It discovers association rules from keyword features extracted from the documents. The main contributions of the technique are that, in selecting the most discriminative keywords for use in association rules generation, the system combines syntactic and semantic relevance into its Information Retrieval Scheme which is integrated with XML technology. Experiments carried out revealed that the extracted association rules contain important features which form a worthy platform for making effective decisions as regards customer relationship management. The performance of the improved text mining approach is compared with existing system that uses the GARW algorithm to reveal a significant reduction in the large itemsets, leading to reduction in rules generated to more interesting ones due to the semantic analysis component being introduced. Also, it has brought about reduction of the execution time, compared to the GARW algorithm.</p