Protocolo flexível de autenticação multi-fator: estudo de caso para ambientes de telemedicina

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2013.Sistemas de telemedicina e telessaúde necessitam de serviços de autenticação fortes para garantir a identidade e a privacidade dos dados e, ao mesmo tempo, flexíveis para atender as necessidade de profissionais e pacientes. O foco deste trabalho é o processo de autenticação. Nós propomos um protocolo de autenticação multi-fator flexível e uma implementação do mesmo baseada em tecnologias de web services voltado ao ambiente de telessaúde. Este serviço faz uso de métodos escaláveis em um processo de autenticação de dois fatores. No novo modelo o usuário se autentica da mesma forma que fazia anteriormente e, em um segundo passo, informa algum dado que prove que ele tem a posse de determinado dispositivo único (token). Suas principais características são a flexibilidade de configuração dos mecanismos de autenticação, assim como o uso de um sistema robusto para o registro de eventos. Neste trabalho são tratados a engenharia de requisitos de segurança, e os detalhes da sua implementação. Também são discutidos sua adequação no ambiente de telemedicina e telessaúde e a integração do uso de diferentes métodos de autenticação.Abstract: Telemedicine and telehealth systems require authentication services that are strong enough to ensure identification and privacy, and flexible to meet the needs of health professionals and patients. The focus of this work is the authentication process. We propose a multi-factor authentication protocol and an implementation based on web service technology for telemedicine environment. This service makes use of scalable authentication methods based on two-factor authentication mechanisms. In the new model users authenticate exactly the same way they use to do and, in a second step, they have to provide some information that proves that they possess some specific device (token). Its main characteristics are: flexibility of configuration for the authentication mechanisms, as well as the use of a robust system for recording events. In this dissertation we deal with the engineering requirements of the security system and the details of its implementation. We also discuss the efficacy and ease of use of different authentication methods

Defining, Measuring, and Enabling Transparency for Electronic Medical Systems

Transparency is a novel concept in the context of Information and Communication Technology (ICT). It has arisen from regulations as a data protection principle, and it is now being studied to encompass the peculiarities of digital information. Transparency, however, is not the first security concept to be borrowed from regulations; privacy once emerged from discussions on individual’s rights. Privacy began to be vigorously debated in 1890, when Warren and Brandeis analysed legal cases for which penalties were applied on the basis of defamation, infringement of copyrights, and violation of confidence. The authors defended that those cases were, in fact, built upon a broader principle called privacy. But privacy was only given a structured definition almost one century later, in 1960, when Prosser examined cases produced after Warren and Brandeis’ work, classifying violation of privacy into four different torts; it took twenty years more before the concept was thoroughly studied for its functions in ICT. Guidelines by the OECD outlined principles to support the discussion of privacy as a technical requirement. Proceeded by international standards for a privacy framework (ISO/IEC 29100), which translated the former legal concepts into information security terms, such as data minimisation, accuracy, and accountability. Transparency has a younger, but comparable history; the current General Data Protection Regulation (GDPR) defines it as a principle which requires “that any information and communication relating to the processing of those personal data be easily accessible and easy to understand [..]". However, other related and more abstract concepts preceded it. In the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the Privacy Rule demands to document privacy policies and procedures and to notify individuals of uses of their health information. Former European Directives, i.e., 95/46/EC and 2011/24/EU, establish “the right for individuals to have access to their personal data concerning their health [..] also in the context of cross-border healthcare”. The same did the Freedom of Information Act (FOIA) of 1966, instituting that any person has a right to obtain from agencies information regarding their records. These and other similar requests refer to the transversal quality called transparency. Similarly to what happened with privacy, transparency was also the subject of guidelines that clarify its interpretation in ICT. However, no framework or standard has been defined yet that translates transparency into a technical property. This translation is the goal of our work. This thesis is dedicated to debate existing interpretations for transparency, to establish requirements and measurement procedures for it, and to study solutions that can help systems adhere to the transparency principle from a technical perspective. Our work constitutes an initial step towards the definition of a framework that helps accomplish meaningful transparency in the context of Electronic Medical Systems

Property Inference Attacks on Convolutional Neural Networks:Influence and Implications of Target Model's Complexity

Machine learning models' goal is to make correct predictions for specific tasks by learning important properties and patterns from data. By doing so, there is a chance that the model learns properties that are unrelated to its primary task. Property Inference Attacks exploit this and aim to infer from a given model (i.e., the target model) properties about the training dataset seemingly unrelated to the model's primary goal. If the training data is sensitive, such an attack could lead to privacy leakage. This paper investigates the influence of the target model's complexity on the accuracy of this type of attack, focusing on convolutional neural network classifiers. We perform attacks on models that are trained on facial images to predict whether someone's mouth is open. Our attacks' goal is to infer whether the training dataset is balanced gender-wise. Our findings reveal that the risk of a privacy breach is present independently of the target model's complexity: for all studied architectures, the attack's accuracy is clearly over the baseline. We discuss the implication of the property inference on personal data in the light of Data Protection Regulations and Guidelines

SAFER: Development and Evaluation of an IoT Device Risk Assessment Framework in a Multinational Organization

Users of Internet of Things (IoT) devices are often unaware of their security risks and cannot sufficiently factor security considerations into their device selection. This puts networks, infrastructure and users at risk. We developed and evaluated SAFER, an IoT device risk assessment framework designed to improve users' ability to assess the security of connected devices. We deployed SAFER in a large multinational organization that permits use of private devices. To evaluate the framework, we conducted a mixed-method study with 20 employees. Our findings suggest that SAFER increases users' awareness of security issues. It provides valuable advice and impacts device selection. Based on our findings, we discuss implications for the design of device risk assessment tools, with particular regard to the relationship between risk communication and user perceptions of device complexity

Metrics for Transparency

Transparency is a novel non-functional requirement for software systems. It is acclaimed to improve the quality of service since it gives users access to information concerning the system's processes, clarifying who is responsible if something goes wrong. Thus, it is believed to support people's right to a secure and private processing of their personal data. We define eight quality metrics for transparency and we demonstrate the usage and the effectiveness of the metrics by assessing transparency on the Microsoft HealthVault, an on-line platform for users to collect, store, and share medical records

Mecanismos de segurança para deliberações eletrônicas

TCC (graduação) - Universidade Federal de Santa Catarina. Centro Tecnológico. Curso de Ciências da Computação.Com o avanço das tecnologias de informação atualmente é possível a realização de votações eletrônicas seguras que conseguem proteger a identidade de cada votante e garantir o anonimato dos votos, além de garantir a não coerção do sistema. O Brasil tornou-se referência mundial ao migrar para as votações eletrônicas nos processos de votações para todos os cargos políticos eletivos, e à medida que os processos democráticos avançam, percebe-se uma forte tendência da substituição gradual das votações em papel para a votação eletrônica em outras instâncias de poder, tais como corpos deliberativos, pela facilidade que esta proporciona em todos os aspectos de uma votação. Como a utilização de urnas eletrônicas é inviável, procedimental e monetariamente, o presente projeto objetiva-se a construir um sistema eletrônico e via web que auxilie em votações paritárias voltada para órgãos colegiados. Este sistema será implantado sobre a plataforma Polvo, com requisitos de segurança tais que possam garantir sua confiabilidade, acoplado a uma ferramenta para debates e discussões acerca dos elementos envolvidos na votação, além de suporte à audição de dados e análises estatísticas. Os testes serão realizados na Universidade do Estado de Santa Catarina (UDESC), em sessões reais realizadas por órgãos colegiados da mesma

Transparent Medical Data Systems

Transparency is described as the quality to be open about policies and practices. It is intended to inform end users of what happens to their data. It promotes good quality of service and is believed to sustain people's demand for privacy. However, at least for medical data systems, a clear definition of the property is missing and there is no agreement on what requirements qualify it. We look into this problem. First we identify concepts that relate with transparency: openness, empowerment, auditability, availability, accountability, verifiability. We discuss them in Health Information Technology, so clarifying what transparency is. Then we elicit a list of requirements that indicate how transparency can be realised in modern medical data systems such as those managing electronic health records

Qualifying and Measuring Transparency: A Medical Data System Case Study

Transparency is a data processing principle enforced by the GDPR but purposely left open to interpretation. As such, the means to adhere to it are left unspecified. Article 29 Working Party provides practical guidance on how to interpret transparency, however there are no defined requirements nor ways to verify the quality of the implementation of transparency. We address this problem. We discuss and define applicable metrics for transparency, propose how measurement can be conducted in an operative system, and suggest a practical way in which these metrics can be interpreted in order to increase confidence that transparency is realised in a system