Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
Anonymous authentication with subset queries (extended abstract)
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Communications of the ACM
Limits of Anonymity in Open Environments
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
A secure and private system for subscription-based remote services
ACM Transactions on Information and System Security (TISSEC)
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Healthcom'09 Proceedings of the 11th international conference on e-Health networking, applications and services
Hi-index | 0.00 |
This paper investigates the privacy issues in the context of e-health and will especially consider e-health portals which provide patients access to Electronic Health Records (EHRs). Since e-health portals can be accessed via the internet, security and privacy issues arise that have to be considered carefully. Besides the traditional security properties, we focus mainly on additional threats, namely the disclosure attack, the anonymity set attack and statistical analysis of metadata. A disclosure attack takes place if a person 'motivates' or even forces another one to present her EHR. We propose so-called multiple identities, which help to eliminate this attack. In the context of anonymous authentication, we will point out weaknesses regarding the choice of anonymity sets. Additionally, by applying statistical analysis on the metadata of an e-health portal, it is possible to determine relevant information which could have negative effects on the patient. We present a concept that includes pseudonymisation of e-health portals, multiple identities, obfuscation of metadata and anonymity methods to prevent the above-mentioned attacks and make statistical analysis difficult. Furthermore, all privacy-enhancing methods do not rely on application-layer mechanisms (which in general can easily be bypassed by insiders), but are based on cryptographic primitives which are state of the art.