SecureTeleassistance towards endless medical litigations: Identification of liabilities through a protocol using Joint Watermarking-Encryption Evidences Dalel Bouslimi, Gouenou Coatrieux, Michel Cozic, Christian Roux Dalel.Bouslimi@telecom-bretagne.eu 03/09/2014 Institut Mines-Télécom
Outline ● Telemedicine and security ● French legislation and security needs ● Proposed telemedicine protocol A. “Request for Opinion” sub-protocol B. “Opinion Response” sub-protocol C. “Verification” sub-protocol ● Security analysis ● Conclusion 2 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
Telemedicine and Security ● Example : tele-expertise scenario Request for opinion Internet Referent opinion Expert ( E ) Physician ( P ) • Security? • Liability of each Threat physician? 3 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
French legislation and security needs ● transmitted data have to be saved with the identity of all practitioners and patient , the transaction date and time . ● Save the substance of the answer of the referent with the identifiers of the physician , the specialist , the transaction date and time . ● The date , time and substance of the answer of the referent practitioner must be strongly linked to the documents he received before sending it. ● Both practitioners must be identified in such a way they cannot repudiate their respective messages . ● Data have to be stored on a non-erasable medium for the prescription period required by national law. ● all elements involved in the transaction must be carefully stored , with no means of modification , and must be rendered unreadable from an unauthorized access . 4 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
French legislation and security needs ● transmitted data have to be saved with the identity of all practitioners and patient , the transaction date and time . Save exchanged data with the identifiers of physicians ● Save the substance of the answer of the referent with the identifiers of and patient, and the transaction timestamp the physician , the specialist , the transaction date and time . ● The date , time and substance of the answer of the referent practitioner must be strongly linked to the documents he received before sending it. Maintain a strong link between the request for opinion ● Both practitioners must be identified in such a way they cannot and its answer repudiate their respective messages . ● Data have to be stored on a non-erasable medium for the prescription period required by national law. ● all elements involved in the transaction must be carefully stored , with no Ensure the confidentiality , the integrity and the non- means of modification , and must be rendered unreadable from an repudiation unauthorized access . 5 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
Proposed telemedicine protocol ● Based on Joint Watermarking-Encryption (JWE) Encryption: confidentiality ➢ Watermarking : Dissimulate the information in the data ➢ themselves independently of its file format. • !"#$%& %&'()*('(+, %&'()*('(+, -("+&.%(+, / )$+0&"+(1(+,2 3 3 &4*&5 )" ("+&.%(+, 6%778 / +0& (5&"+(8(&%# 78 +0& 5(88&%&"+ &"+(+(&# ("97'9&5 (" +0& &:10)".&; • Introduce a secure link between exchanged data 3 &4*&5 +%)"#)1+(7" +(4&#+)46 / 5(.(+)' #(.")+$%& 78 %&')+&5 571$4&"+#; 6 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
Joint Watermarking-encryption approach • ms & me : messages available in the spatial and encrypted domains. ☺ Give access to watermarking security functionalities before & after decryption process. ☺ Compliant with DICOM standard. 7 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
Proposed telemedicine protocol: general principal Third Tierce Party (TTP) Request & generate Request & generate a watermark a watermark Request for opinion / Referent opinion Expert Praticien (E) (P) 8 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
Proposed telemedicine protocol: general principal Third Tierce Party (TTP) Request & generate Request & generate a watermark a watermark Submit evidences Request for opinion / Referent opinion Expert Praticien (E) (P) 9 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
Proposed telemedicine protocol • Three sub-protocols: A. “Request for Opinion” sub-protocol B. “Opinion Response” sub-protocol C. “Verification” sub-protocol 10 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
“Request for Opinion” sub-protocol Third Tierce Party (TTP) Physician (P) Expert (E) X : document to Y : document to send to the send to the referent (request physician (referent for opinion) opinion) 11 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
“Request for Opinion” sub-protocol Third Tierce Party (TTP) Physician (P) Expert (R) 1. Watermark Identifiers in encrypted form generation Generate watermark & its digital signature WX WX in encrypted form & its digital signature 12 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
“Request for Opinion” sub-protocol Third Tierce Party (TTP) Physician (P) Expert (R) 1. Watermark Identifiers in encrypted form generation Generate watermark & its digital signature WX 2. Request Store the Transmission WX in encrypted form signature of WX & its digital Reliability WX signature proof ( me ) JWE 13 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
“Request for Opinion” sub-protocol Third Tierce Party (TTP) Physician (P) Expert (R) 1. Watermark Identifiers in encrypted form generation Generate watermark & its digital signature WX 2. Request Store the Transmission WX in encrypted form signature of WX & its digital Reliability WX signature proof ( me ) JWE Xwe Verify image reliability 3. Receipt acknowldg. transmission Generate a receipt Store acknowledg. 14 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
“Opinion Response” sub-protocol Third Tierce Party (TTP) Referent (R) Expert(E) 1. Watermark Identifiers in encrypted generation Generate watermark form & its signature WY 2. Request Store the Reliability Transmission WY in encrypted form signature of WY proof Xw & its signature WY me Generate me JWE Ywe Verify image reliability 3. Receipt acknowldg. & its link with Xw transmission Generate a receipt Store acknowledg. 15 Présentation de Télécom Bretagne 12/12/2013 15 Institut Mines-Télécom 03/09/2014
“Verification” sub-protocol Proofs ● Exchanged documents ( Xw & Yw ). ● TTP digital signatures of WX & WY . ● Receipt acknowledgment: signatures of received documents ( Xw & Yw ). 1. Verification of embedded watermarks. ! "#$%& '#$ ()%*+$,' -*'#$,'.%.'/ -,( .'0 1.,& 2.'# '#$ '3-,0-%'.),4 16 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
“Verification” sub-protocol Proofs ● Exchanged documents ( Xw & Yw ). ● TTP digital signatures of WX & WY . ● Receipt acknowledgment: signatures of received documents ( Xw & Yw ). 2. Verification Xw and Yw correspond to those really exchanged. Watermarked document Compute Xw (resp. Yw ) signature =? Yes/no Stored signature of Xw (resp. Yw ) 17 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
Security analysis ● Robust to non-repudiation issue and collusion attack . ● Collusion attack o Both physicians cooperate to circumvent the protocol. o Repeat protocol steps to build false evidences. o Insert new watermarks or watermarks previously generated into new documents. ! ! The timestamps and/or the images’ identifiers don’t correspond to those presented by the colluders. 18 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
Conclusion ● A new secure tele-assistance protocol based on Joint Watermarking-Encryption algorithm ● Jointly offered security services: • Confidentiality. • !"#" $%&'"('&'#)* • +$,-'.% %-'.%/0% #1"# "/ %201"/3% ,004$$%.* • Identify which data were involved by means of a secure link between them. ● Resistant to non-repudiation issue and collusion attack 19 Institut Mines-Télécom Présentation de Télécom Bretagne 03/09/2014
Thank Thank you you for for your your attention attention 20 Institut Mines-Télécom Présentation de Télécom Bretagne 02/09/2014
Recommend
More recommend