Privacy-enhancing methods for e-health applications: how to prevent statistical analyses and attacks

Authors:
Christian Stingl;Daniel Slamanig
Affiliations:
School of Medical Information Technology, Carinthia University of Applied Sciences, Primoschgasse 10, 9020 Klagenfurt, Austria.;School of Medical Information Technology, Carinthia University of Applied Sciences, Primoschgasse 10, 9020 Klagenfurt, Austria
Venue:
International Journal of Business Intelligence and Data Mining
Year:
2008

Citing 9
Cited 1

Security without identification: transaction systems to make big brother obsolete

Communications of the ACM
Anonymous authentication with subset queries (extended abstract)

CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Untraceable electronic mail, return addresses, and digital pseudonyms

Communications of the ACM
How to share a secret

Communications of the ACM
Limits of Anonymity in Open Environments

IH '02 Revised Papers from the 5th International Workshop on Information Hiding
A secure and private system for subscription-based remote services

ACM Transactions on Information and System Security (TISSEC)
A secure system for data access based on anonymous authentication and time-dependent hierarchical keys

ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Tor: the second-generation onion router

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Privacy Aspects of eHealth

ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security

Disclosing verifiable partial information of signed CDA documents using generalized redactable signatures

Healthcom'09 Proceedings of the 11th international conference on e-Health networking, applications and services

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper investigates the privacy issues in the context of e-health and will especially consider e-health portals which provide patients access to Electronic Health Records (EHRs). Since e-health portals can be accessed via the internet, security and privacy issues arise that have to be considered carefully. Besides the traditional security properties, we focus mainly on additional threats, namely the disclosure attack, the anonymity set attack and statistical analysis of metadata. A disclosure attack takes place if a person 'motivates' or even forces another one to present her EHR. We propose so-called multiple identities, which help to eliminate this attack. In the context of anonymous authentication, we will point out weaknesses regarding the choice of anonymity sets. Additionally, by applying statistical analysis on the metadata of an e-health portal, it is possible to determine relevant information which could have negative effects on the patient. We present a concept that includes pseudonymisation of e-health portals, multiple identities, obfuscation of metadata and anonymity methods to prevent the above-mentioned attacks and make statistical analysis difficult. Furthermore, all privacy-enhancing methods do not rely on application-layer mechanisms (which in general can easily be bypassed by insiders), but are based on cryptographic primitives which are state of the art.