A Test Vehicle For Compliance With Resilience Requirements In Index-Based E-Health Systems

Increasingly, national and international governments have a strong mandate to develop national e-health systems to enable delivery of much-needed healthcare services. Research is, therefore, needed into appropriate security and reliance structures for the development of health information systems which must be compliant with governmental and alike obligations. The protection of e-health information security is critical to the successful implementation of any e-health initiative. To address this, this paper proposes a security architecture for index-based e-health environments, according to the broad outline of Australia’s National E-health Strategy and National E-health Transition Authority (NEHTA)’s Connectivity Architecture. This proposal, however, could be equally applied to any distributed, index-based health information system involving referencing to disparate health information systems. The practicality of the proposed security architecture is supported through an experimental demonstration. This successful prototype completion demonstrates the comprehensibility of the proposed architecture, and the clarity and feasibility of system specifications, in enabling ready development of such a system. This test vehicle has also indicated a number of parameters that need to be considered in any national indexed-based e-health system design with reasonable levels of system security. This paper has identified the need for evaluation of the levels of education, training, and expertise required to create such a system

A Sustainable Approach to Security and Privacy in Health Information Systems

This paper identifies and discusses recent information privacy violations or weaknesses which have been found in national infrastructure systems in Australia, the United Kingdom (UK) and the United States of America (USA), two of which involve departments of health and social services. The feasibility of health information systems (HIS) based upon intrinsically more secure technological architectures than those in general use in today\u27s marketplace is investigated. We propose a viable and sustainable IT solution which addresses the privacy and security concerns at all levels in HIS with a focus on trustworthy access control mechanisms

Crisis on Impact: Responding to Cyber Attacks on Critical Information Infrastructures, 30 J. Marshall J. Info. Tech. & Privacy L. 31 (2013)

In the developing digital economy, the notion of traditional attack on enterprises of national significance or interest has transcended into different modes of electronic attack, surpassing accepted traditional forms of physical attack upon a target. The terrorist attacks that took place in the United States on September 11, 2001 demonstrated the physical devastation that could occur if any nation were the target of a large-scale terrorist attack. Therefore, there is a need to protect critical national infrastructure and critical information infrastructure. In particular, this protection is crucial for the proper functioning of a modern society and for a government to fulfill one of its most important prerogatives – namely, the protection of its people. Computer networks have many benefits that governments, corporations, and individuals alike take advantage of in order to promote and perform their duties and roles. Today, there is almost complete dependence on private sector telecommunication infrastructures and the associated computer hardware and software systems. These infrastructures and systems even support government and defense activity. This Article discusses possible at-tacks on critical information infrastructures and the government reactions to these attacks

An Efficient Public Key Management System: An Application In Vehicular Ad Hoc Networks

The major purpose of Vehicular Ad Hoc Networks (VANETs) is to provide safety-related message access for motorists to react or make a life-critical decision for road safety enhancement. Accessing safety-related information through the use of VANET communications, therefore, must be protected, as motorists may make critical decisions in response to emergency situations in VANETs. If introducing security services into VANETs causes considerable transmission latency or processing delays, this would defeat the purpose of using VANETs to improve road safety. Current research in secure messaging for VANETs appears to focus on employing certificate-based Public Key Cryptosystem (PKC) to support security. The security overhead of such a scheme, however, creates a transmission delay and introduces a time-consuming verification process to VANET communications. This paper proposes an efficient public key management system for VANETs: the Public Key Registry (PKR) system. Not only does this paper demonstrate that the proposed PKR system can maintain security, but it also asserts that it can improve overall performance and scalability at a lower cost, compared to the certificate-based PKC scheme. It is believed that the proposed PKR system will create a new dimension to the key management and verification services for VANETs

A Viable LoRa Framework for Smart Cities

This research is intended to provide practical insights to empower designers, developers and management to develop smart cities underpinned by Long Range (LoRa) technology. LoRa, one of most prevalent long-range wireless communication technologies, can be used to underpin the development of smart cities. This study draws upon relevant research to gain an understanding of underlying principles and issues involved in the design and management of long-range and low-power networks such as LoRa. This research uses empirical evidence that has been gathered through experiments with a LoRa network to analyse network design and identify challenges and then proposes cost-effective and timely solutions. Particularly, practical measurements of LoRa network dependencies and performance metrics are used to support our proposals. This research identifies a number of network performance metrics that need to be considered and controlled when designing and managing LoRa- specific networks from the perspectives of hardware, software, networking and security

Response to The Department of the Prime Minister and Cabinet's discussion paper "Connecting with Confidence"

The ACS has prepared this response to the discussion paper to assist with the design of the cyber whitepaper expected in 2012. The ACS also welcomes the opportunity to promote discussion and support of our digital economy to position Australia for the future. Drawing from its membership of ICT professionals, and academics - particularly in areas of cyber resilience and security - the ACS established a Cyber Taskforce for this purpose. The ACS recommends: greater focus on education - noting that ICT education in primary and secondary schooling is essential - to developing ICT skills of the future and that school level educational activity forms the base on which appropriate tertiary level education programs can function for the education and training of ICT professionals; greater assistance to small and medium sized business as this is the engine room of the Australian economy; policy coordination on trusted identities; better coordination of cyber related education and research; providing consumers and businesses with resources directed to the everyday real-life challenges they face; global Internet governance changes designed to underpin and deliver trustworthy people, processes and systems including, where appropriate, a legislated mandatory baseline of trustworthiness attributes analogous to the non-excludable warranties implied in consumer contacts

DRM, Trusted Computing and Operating System Architecture

Robust technological enforcement of DRM licenses assumes that the prevention of direct access to the raw bit representation of decrypted digital content and the license enforcement mechanisms themselves is possible. This is difficult to achieve on an open computing platform such as a PC. Recent trusted computing initiatives namely, the Trusted Computing Group (TCG) specification, and Microsoft's Next Generation Secure Computing Base (NGSCB) aim in part to address this problem. The protection architecture and access control model of mainstream operating systems makes them inappropriate as a platform for a DRM content rendering client because decrypted content cannot be protected against a privileged process. If a DRM client is to be deployed on an open computing platform, the operating system should implement the reference monitor concept, which underpins the mandatory access control model. The TCG model of trusted computing has important limitations when combined with an operating system enforcing discretionary access control. We argue that the TCG services of sealed storage and remote attestation which are important in DRM applications, cannot operate in a secure and efficient manner on such an operating system

Securing Grid Data Using Mandatory Access Controls

The main contribution of this paper is to investigate issues in using Mandatory Access Controls (MACs), namely those provided by SELinux, to secure application-level data. Particular emphasis is placed on health-care records located on the grid. The paper disccuses the importance of a trusted computing base in providing application security. It de- scribes a secure three-tiered architecture, incorporating trusted hardware, SELinux, and application security mechanisms that are appropriate for securing sensitive application data