from enabling to enforcing privacy
play

From Enabling to Enforcing Privacy Naipeng Dong, Hugo Jonker , Jun - PowerPoint PPT Presentation

Oct 21, 2023 •219 likes •546 views

From Enabling to Enforcing Privacy Naipeng Dong, Hugo Jonker , Jun Pang Why privacy for eHealth? Healthcare data: inherently private. Subversion of data processing: dangerous! FHIES, 29-30 August 2011 Hugo Jonker - p. 2/25 Current

  1. From Enabling to Enforcing Privacy Naipeng Dong, Hugo Jonker , Jun Pang

  2. Why privacy for eHealth? ■ Healthcare data: inherently private. ■ Subversion of data processing: dangerous! FHIES, 29-30 August 2011 Hugo Jonker - p. 2/25

  3. Current approaches to privacy in eHealth FHIES, 29-30 August 2011 Hugo Jonker - p. 3/25

  4. patient privacy (1/3): access control ■ Anderson [And98]: restrict #users that access a record, restrict #records accessed by a user. ■ Louwerse [Lou98]: consent-based access control necessary to implement “need-to-know”. ■ Evered et al. [EB04]: minimal disclosure rules: use middle layer. ■ Reid et al. [RCHS03]: RBAC + explicit consent + explicit denial for privacy. ■ Kalam et al. [KBM + 03]: RBAC, TBAC insufficient for context-aware policies. Organisational BAC (OrBAC). ■ Cuppens et al. [CCG07]: inconsistent access rules: rule prioritisation. FHIES, 29-30 August 2011 Hugo Jonker - p. 4/25

  5. patient privacy (2/3): architectural design ■ Ko et al. [KLS + 10]: privacy issues in wireless sensor networks for eHealth. ■ Maglogiannis et al. [MKD09]: patient location privacy via proxies. ■ Chiu et al. [CHCK07]: privacy-aware cross-institution image sharing: RBAC and watermarks. FHIES, 29-30 August 2011 Hugo Jonker - p. 5/25

  6. patient privacy (3/3): cryptographic approaches ■ vd Haak et al. [HWB + 03]: digital signatures, PK authentication. ■ Ateniese et al. [ACM + 03]: patient pseudonyms, method to transform statements on pseudonym a to pseudonym b . ■ Layouni et al. [LVS + 09]: wallet-based credentials for patient control of sensor info. ■ De Decker et al. [DLV08]: Belgian healthcare system compliant system using ZKP , signed proofs of knowledge, bit-commitments. FHIES, 29-30 August 2011 Hugo Jonker - p. 6/25

  7. Doctor privacy ■ Matyáš [Mat98]: prescription analysis while preserving doctor privacy. ■ Ateniese et al. [ACM + 03]: doctor privacy to protect against administrative meddling. ■ De Decker et al. [DLV08]: doctor privacy to prevent bribery. FHIES, 29-30 August 2011 Hugo Jonker - p. 7/25

  8. Survey summary ■ Access control to ensure patient privacy: [And98, Lou98, RCHS03, KBM + 03, EB04, CCG07]. ■ Architectural design for patient privacy: [CHCK07, MKD09, KLS + 10]. ■ Using crypto for patient privacy: [HWB + 03, ACM + 03, LVS + 09, DLV08] FHIES, 29-30 August 2011 Hugo Jonker - p. 8/25

  9. Survey summary ■ Access control to ensure patient privacy: [And98, Lou98, RCHS03, KBM + 03, EB04, CCG07]. ■ Architectural design for patient privacy: [CHCK07, MKD09, KLS + 10]. ■ Using crypto for patient privacy: [HWB + 03, ACM + 03, LVS + 09, DLV08] ■ Doctor privacy: [Mat98, ACM + 03, DLV08] FHIES, 29-30 August 2011 Hugo Jonker - p. 8/25

  10. Survey summary ■ Access control to ensure patient privacy: [And98, Lou98, RCHS03, KBM + 03, EB04, CCG07]. ■ Architectural design for patient privacy: [CHCK07, MKD09, KLS + 10]. ■ Using crypto for patient privacy: [HWB + 03, ACM + 03, LVS + 09, DLV08] ■ Doctor privacy: [Mat98, ACM + 03, DLV08] ■ Much focus on patient privacy, not on doctor privacy. FHIES, 29-30 August 2011 Hugo Jonker - p. 8/25

  11. Sufficient concern for privacy? ■ roles: ■ enforced privacy FHIES, 29-30 August 2011 Hugo Jonker - p. 9/25

  12. Motivation for doctor privacy ■ [ACM + 03]: safeguard against administrative meddling. ■ [DLV08]: prevent bribery by pharmaceutical industry. FHIES, 29-30 August 2011 Hugo Jonker - p. 10/25

  13. Motivation for doctor privacy ■ [ACM + 03]: safeguard against administrative meddling. ■ [DLV08]: prevent bribery by pharmaceutical industry. [Jonker, FHIES’11]: Privacy protection needs no motivation. Privacy invasion needs motivation. FHIES, 29-30 August 2011 Hugo Jonker - p. 10/25

  14. Motivation for doctor privacy ■ [ACM + 03]: safeguard against administrative meddling. ■ [DLV08]: prevent bribery by pharmaceutical industry. [Jonker, FHIES’11]: Privacy protection needs no motivation. Privacy invasion needs motivation. Neither relation with doctors is on equal footing. FHIES, 29-30 August 2011 Hugo Jonker - p. 10/25

  15. Enforced privacy ■ Emerged in voting: vote buying (receipt-freeness) [BT94]. “A voter cannot prove how she voted.” FHIES, 29-30 August 2011 Hugo Jonker - p. 11/25

  16. Enforced privacy ■ Emerged in voting: vote buying (receipt-freeness) [BT94]. “A voter cannot prove how she voted.” ■ Matured in voting: coercion-resistance [JCJ05]. RF+resistance against: - Forced randomised voting. - Forced abstention. - Forced to give up voting credentials. = ⇒ resistance against interactive intruder. = ⇒ no transferable voter-secrets FHIES, 29-30 August 2011 Hugo Jonker - p. 11/25

  17. Enforced privacy ■ Emerged in voting: vote buying (receipt-freeness) [BT94]. “A voter cannot prove how she voted.” ■ Matured in voting: coercion-resistance [JCJ05]. RF+resistance against: - Forced randomised voting. - Forced abstention. - Forced to give up voting credentials. = ⇒ resistance against interactive intruder. = ⇒ no transferable voter-secrets ■ Considered in online auctions: [AS02, CLK03]. FHIES, 29-30 August 2011 Hugo Jonker - p. 11/25

  18. What is enforced privacy? Privacy Enforced privacy • what can the intruder find out? • what can you prove? • observer • prover + verifier • optional: enabling • mandatory: enforcing FHIES, 29-30 August 2011 Hugo Jonker - p. 12/25

  19. EPRIV project “understanding and verifiying enforced privacy” ■ application domain: voting, auctions, healthcare, anonymous routing, . . . . ■ approach: 1. domain-specific case study = ⇒ domain-specific verification framework. 2. specific frameworks = ⇒ domain-independent verification framework. 3. tool support. FHIES, 29-30 August 2011 Hugo Jonker - p. 13/25

  20. Case study: DLV08 ■ formalise protocol in applied π . ■ extract and formalise requirements upon the model. ■ use ProVerif to prove a security. DLV08 requirements: ■ . . . , doctors cannot prove what they prescribed, . . . a limited models where necessary FHIES, 29-30 August 2011 Hugo Jonker - p. 14/25

  21. DLV08 protocols ■ patient-doctor ■ patient-pharmacist ■ pharmacist-MPA ■ MPA-HII ■ IFEB-MPA Doctor not often involved: easy to ensure prescription privacy? FHIES, 29-30 August 2011 Hugo Jonker - p. 15/25

  22. DLV08 protocols ■ patient-doctor ■ patient-pharmacist ■ pharmacist-MPA ■ MPA-HII ■ IFEB-MPA Doctor not often involved: easy to ensure prescription privacy? but a pharmacist also knows things about prescriptions! FHIES, 29-30 August 2011 Hugo Jonker - p. 15/25

  23. Privacy challenges for eHealth Challenge I: Enforced privacy. ■ doctor privacy. . . who else? ■ needs privacy-enforcing protocols and techniques. ■ also needs independent verification framework. FHIES, 29-30 August 2011 Hugo Jonker - p. 16/25

  24. Privacy challenges for eHealth Challenge II: Coalition-enforced privacy. ■ one party may help another wrt unveiling privacy. ■ helper can help either prover or verifier. ■ helping verifier: threshold crypto. helping prover: ??. FHIES, 29-30 August 2011 Hugo Jonker - p. 17/25

  25. Enforced privacy in DLV08 Notation: ■ P dr ( a, a ) : doctor prescribes a , claims to prescribe a . ′ ( a, b ) : doctor prescribes a , claims to prescribe b . ■ P dr Privacy enforced iff: ′ ( b, a ) | P pt | P ph | P mpa | P hii P dr ( a, a ) | P pt | P ph | P mpa | P hii ≈ P dr FHIES, 29-30 August 2011 Hugo Jonker - p. 18/25

  26. Possible directions ■ privacy-strengthening coalitions ■ game-theoretic approaches ■ improving tool support FHIES, 29-30 August 2011 Hugo Jonker - p. 19/25

  27. Conclusions ■ 2 key privacy challenges: - Challenge I: enforced privacy - Challenge II: coalition-enforced privacy ■ formal methods necessary for security ■ initial steps made ■ still some work left. FHIES, 29-30 August 2011 Hugo Jonker - p. 20/25

  28. References [And98] Anderson, R.: A security policy model for clinical information systems. In: Proc. 17th IEEE Symposium on Security and Privacy, IEEE CS (1996) 30–43 [Lou98] Louwerse, K.: The electronic patient record; the management of access – case study: Leiden University hospital. International Journal of Medical Informatics 49 (1998) 39–44 [EB04] Evered, M., Bögeholz, S.: A case study in access control requirements for a health information system. In: Proc. 2nd Australian Information Security Workshop. Volume 32 of Conferences in Research and Practice in Information Technology., Australian Computer Society (2004) 53–61 [RCHS03] Reid, J., Cheong, I., Henricksen, M., Smith, J.: A novel use of rBAC to protect privacy in distributed health care information systems. In: Proc. 8th Australian Conference on Information Security and Privacy. LNCS 2727, Springer (2003) 403–415 FHIES, 29-30 August 2011 Hugo Jonker - p. 21/25

Recommend

How to get a trustworthy DNS Privacy enabling recursive resolver an analysis of authentication

How to get a trustworthy DNS Privacy enabling recursive resolver an analysis of authentication

How to get a trustworthy DNS Privacy enabling recursive resolver an analysis of authentication mechanisms for DNS Privacy enabling recursive resolvers Benno Overeinder Melinda Shore Willem Toorop Fastly NLnet Labs NLnet Labs (presenter)

321 views • 21 slides
Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does

Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does

Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does privacy end and security begin? What are the responsibilities of an organization to protect their assets while balancing the privacy of those who

980 views • 52 slides
Applications using Erlang Web 2.0 Security & Privacy (W2SP) 2010 May 20, Berkeley,

Applications using Erlang Web 2.0 Security & Privacy (W2SP) 2010 May 20, Berkeley,

Enforcing User Privacy in Web Applications using Erlang Web 2.0 Security & Privacy (W2SP) 2010 May 20, Berkeley, California, USA Ioannis Papagiannis , Matteo Department of Computing Migliavacca, Peter Pietzuch Imperial College London

627 views • 30 slides
Enabling Privacy-Aware Zone Exchanges Among Authoritative and Recursive DNS Servers Nikos

Enabling Privacy-Aware Zone Exchanges Among Authoritative and Recursive DNS Servers Nikos

Enabling Privacy-Aware Zone Exchanges Among Authoritative and Recursive DNS Servers Nikos Kostopoulos, Dimitris Kalogeras and Vasilis Maglaris NET work M anagement & O ptimal De sign ( NETMODE ) Laboratory School of Electrical & Computer

309 views • 17 slides
On Enforcing the Digital Immunity of a Large Humanitarian Organization Stevens Le Blond ,

On Enforcing the Digital Immunity of a Large Humanitarian Organization Stevens Le Blond ,

On Enforcing the Digital Immunity of a Large Humanitarian Organization Stevens Le Blond , Alejandro Cuevas, Juan Ramon Troncoso- Pastoriza, Philipp Jovanovic, Bryan Ford, Jean-Pierre Hubaux 2 Digital immunity Computer security and privacy

872 views • 44 slides
Enforcing Kernel Security Invariants with Data Flow Integrity Chengyu Song , ByoungyoungLee,

Enforcing Kernel Security Invariants with Data Flow Integrity Chengyu Song , ByoungyoungLee,

Enforcing Kernel Security Invariants with Data Flow Integrity Chengyu Song , ByoungyoungLee, Kangjie Lu, William Harris, Taesoo Kim, Wenke Lee Institute for Information Security & Privacy Georgia Tech Kernel Memory Corruption Vulnerability

493 views • 24 slides
LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships Changchang Liu, Prateek

LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships Changchang Liu, Prateek

Outline Introduction LinkMirage Conclusion LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships Changchang Liu, Prateek Mittal Email: cl12@princeton.edu, pmittal@princeton.edu Princeton University February 23, 2016 1 /

917 views • 42 slides
Ease of Doing Business - Enforcing Contracts A localised perspective on the efficacy of

Ease of Doing Business - Enforcing Contracts A localised perspective on the efficacy of

Ease of Doing Business - Enforcing Contracts A localised perspective on the efficacy of enforcing contracts in Malaysia Sabarina Samadi ASEAN INSIDERS 5-6 December 2016 by origin and passion 1 OVERVIEW Introduction to the Malaysian

390 views • 37 slides
Non-Signatories Before and After Arbitration: Compelling Arbitration and Enforcing Awards Panel

Non-Signatories Before and After Arbitration: Compelling Arbitration and Enforcing Awards Panel

Non-Signatories Before and After Arbitration: Compelling Arbitration and Enforcing Awards Panel II Enforcing Awards Speakers: Teddy Baldwin, Steptoe & Johnson LLP Victoria Shannon Sahani , Sandra Day OConnor College of Law at Arizona

404 views • 22 slides
GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Advising, Monitoring, Enforcing European Data Protection Board Art. 68 - 73 (replacing the Art. 29 Working Party) advise Supervisory

626 views • 8 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Privacy-Enabling Social Networking Over Untrusted Networks Jonathan Anderson, Claudia Diaz * ,

Privacy-Enabling Social Networking Over Untrusted Networks Jonathan Anderson, Claudia Diaz * ,

Privacy-Enabling Social Networking Over Untrusted Networks Jonathan Anderson, Claudia Diaz * , Joseph Bonneau and Frank Stajano {jonathan.anderson,joseph.bonneau,frank.stajano}@cl.cam.ac.uk claudia.diaz@esat.kuleuven.be Computer Laboratory *

574 views • 54 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides

More recommend