Estratto del documento

INTRODUCITON

INTRODUCITON

Data could be non-personal data generated by a production machine or personal data: name address

localisation, online identifier, cultural profile, income and health information of one subject. Within personal

data we find Biomedical Data: all those data and information that belongs to a patient. The main kind are:

- Medical examination – all data concerning all examinations that depict medical condition.

- Inpatient health monitoring – all data generated and stored when we are submitted to some clinical

practice (i.e. an ECG recording)

- Medical imaging - those images we have associated a report where it is interpreted and where it is

written what kind of illnesses you may have.

- Laboratory data - data obtained from analysis in laboratory

- Patient generated health data – data generated with some application on our smartphone.

All biomedical data must be protected from physical falls in structures of falling in the protection system of the

same structure. The Italy has the electronic health record, a collection of the position, the hospital or the

laboratory, in which are stored patient’s data. In the last years, the cybersecurity developed because some

cybercriminals attack different hospital all over the world, blocking system or stealing data, for ransom.

MEDJACK, hijacking medical device, has as target healthcare system and devices (blood gas analysers, PACS,

infusion/insulin pumps, pacemaker…) because are often used obsolete software (WinXP, …) and are closed

(systems no updated and no antivirus). IT departments cannot manage them, don’t have administrator

privileges and they often treat data in clear. All those instruments are very delicate object from the

cybersecurity point of view. These software target obsolete software with WinXP for example, this obsolete

system it is less important than other systems, and this medjack system is no longer considered dangerous by

protection systems. At this point it perform a “lateral movement” and infects weak devices. Once the weak

device has been infected, it leaves a backdoor to the cybercriminal in the corporate network of the hospital.

In this way, they can access everywhere, in each hospital, in each country. Another way to attack is the

Orangeworm, a malware Kwampirs detected in X-Ray and MRI control machines and in computer used for

filling patient consent statements. The healthcare sector is so targeted from those attack because personal

data earn a lot of money in the black market, and more sensible data are the healthcare records.

In general, there are three areas that we must care about: Safety – protecting data or infrastructure, from an

accident occurred, by chance. Privacy – the state of being alone or kept apart from others. Security –means

protect data, system and infrastructure from fraudulent attacks.

The level of security and safety is related to a lot of technical regulations, Italian mandatory regulation are:

General data Protection Regulation (GDPR): involves EU citizens everywhere they are and must be observed

by any entity company and institution that treated personal data.

Network and Information System Directive: it is about system, for a more technological aspect that handle

personal data, it applies to critical infrastructure that cannot be block, here data flow continually.

Minimal measure of security ICT and data treatment: they are a practical reference for evaluating and

improving the level of IT security of administrations, in order to counter the most frequent cyber threats. The

measures consist of controls of a technological, organizational and procedural nature and useful for the Public

Administrations to assess their level of IT security. There are other regulations that are optional, so the hospital

could choose to comply with this control. 1 GDPR

GDPR

General Data Protection Regulation (GDPR) is a European regulation, valid in all the UE countries, for

protecting personal data. Enforced on 25 May 2018, aims to harmonize data privacy laws across Europe, and

to protect and empower all EU citizens data privacy, both from legal both from technical point of view.

- Art. 5 GDPR – principles relating to processing of personal data. Personal data shall be: processed

lawfully, fairly and in a transparent manner in relation to the data subject. They are collected for

specified, explicit and legitimate purposes and not further processed in a manner that is incompatible

with those purposes.

- Art. 9 GDPR – Processing of special categories of personal data such as racial or ethnic origin, political

opinions, religious or philosophical beliefs, biometric data for the purpose of uniquely identifying a

natural person, data concerning health or person's sex life or sexual orientation, shall be prohibited. It

does not applies if the data subject has given explicit consent to the processing of those personal data

for some specified purposes.

- Art. 32 GDPR – Security of processing: the controller and the processor shall implement appropriate

technical and organisational measures to ensure a level of security appropriate to the risk, including the

pseudonymisation and encryption of personal data; the ability to ensure confidentiality (the state of

keeping or being kept secret or private), integrity (internal consistency or lack of corruption in electronic

data), availability (the quality of being able to be used or obtained) and resilience (resilient to accidents,

made with redundancy) of processing systems and services.

GDPR Actors

European Data Protection Board – the board is composed of the head of a supervisory authority of each

Member State and of the European Data Protection Supervisor. Its role is to review what is working and what

is not working and to give advice and guidance. The Board has a Chair/President. There’s consultation between

the European Union commission and the Board.

Supervisory Authority – an independent public authority which is established by any Member State to enforce

legislation locally. It makes sure that the regulation is executed in each state. It is responsible for imposing and

managing administration fines to controllers and processors. It must coordinate with other Supervisory

Authorities when there are multiple actors in more than one-member state in any dispute.

Data Processor - a natural or legal person, public authority, agency or other body which process personal data

on behalf of the controller. The processors do not determine the purpose and or means of the processing. They

just process the data as requested by the controller. This also occurs when data processing is outsourced by

the controller and data is processed by a third party (example: cloud service provider). Under the previous

directive, it was only the data controller that would be fined in case of non-compliance. Under the new

legislation, the processor is also liable.

Data controller – defines what personal data the company needs and for what purposes. The company then

requests that data from people. It is responsible for compliance with the regulation. Under the new law, the

controller must be able to demonstrate compliance at any given time following a request from SA or DSj.

Data subject – is a natural person, a living being. 2 GDPR

Data Protection Officer - It is a new figure created by GDPR. It is mandatory only for those controllers and

processors whose core activities consists of processing operations which require regular and systematic

monitoring of data subject (i.e. university) on a large scale or of special categories of data, including

information such as health data or religious and political beliefs.

It must be appointed in the basis of professional qualities and expert knowledge on data protection law and

practice. It must be a staff member or an external professional. Appropriate resources are provided to carry

out their tasks and maintain their expert knowledge. That must report directly to the highest level of

management and not carry out other tasks that could result in a conflict of interest.

GDPR- key elements – There are some right that people have on their data, and those are regulated by GDPS:

- Breach notification: is mandatory for any data breach that is likely to “result in a risk for the rights and

freedoms of individuals”. It must be dome within 72 hours after discovering the breach. Data possessors

must notify data controllers “without undue delay” after direst becoming aware of a data breach

- Right to access: obtain from the data controller confirmation as to whether a citizen’s personal data are

being processed, where and for what purpose. The controller shall provide a copy to the personal data, free

of charge, in an electronic format

- Right to be Forgotten: the data subject can request the data controller to erase his/her personal data, crease

further dissemination of the data, and potentially have third parties halt processing of the data.

- Data portability: the data subject has the right to receive his/her personal data in a ‘commonly use and

machine-readable format’ and has the right to transmit that data to another controller

- Privacy by Design and by Default: inclusion of data protection from the onset of the designing of systems,

rather than an addition

- Data minimization: controllers must hold and process only the data necessary for the completion of their

duties. Access to personal data must be limited to those needing to perform their processing

- Security of processing: the controller and the processor shall implement appropriate technical and

organizational measures to ensure a level of security appropriate to the risk.

Pseudonymization and anonymization – The two main measure used for data protection are:

- Pseudonymization: data management and de-identification procedure by which personally identifiable

information fields within a data record are replaced by one or more artificial identifiers, or pseudonyms.

Pseudonymized data can still go through re-identification to associate them again with a subject. Some

Pseudonymization techniques are Scrambling: mixing or obfuscation of letters, the process may be

reversible or not; Encryption (symmetric): reversible for there who know the secret key; Masking: some

important/unique part of the data is replaced with random characters or other data; Tokenization: non-

mathematical approach that replaces sensitive data with non-sensitive substitutes, referred to as token;

Blurring: uses an approximation of data values

- Anonymization: personal data are rendered anonymous in such a fashion that the data subject is no longer

identifiable, and GDPR does not apply to anonymous data. Data cannot be re-identified. k- Anonymity is a

special form of anonymization in which info of each subject cannot be distinguished from that of at least

other k-1 individual. For example, you have 10 individuals with the same data (all born in august but we don’t

know the day). The greater k, the more ambiguous is the identification. Let RT(A_1, ….. , A_n) be a table and

QI is a “quasi identifier” associated with it. RT is said to satisfy k-anonymity if and only if each sequence of

RT

values in RT [QI ] appears with at least k occurrences in RT [QI ]. This is made by generalization, i.e. by

RT RT

transforming the QI values into less specific forms so that they no longer uniquely represent individuals. k-

anonymity guarantees that an individual can be associated with her/his real tuple with a probability of a most

1/k. 3 INTROCUCTION TO CRYPTOGRAPHY

INTROCUCTION TO CRYPTOGRAPHY

Cryptography is one of the main technique we need for data protection. At each time of history, people tied

to protect data and messages using Steganography – hiding the message without altering its shape. Examples:

engraving of hidden text on wooden tables covered with wax, Invisible ink, microdots or money etc or

Cryptography – by altering a message, it is made unintelligible for anyone who has not some secret tools that,

instead, are owned by the writer and the legitimate reader.

Today cryptography studies the design of secure systems both with Cryptanalysis that studies techniques to

"break" cryptographic systems are the two main part of Cryptology that studies communication over insecure

channels and its problems. Cryptology and cryptanalysis are strictly link and improve together.

General model of cryptographic system – Three people named Alice Bob and Eve are the main actor of the

transmission of a message: Alice is the user who generates the message, Bob is the receiver of the message

and Eve is the malicious user who want to intercept the message.

In the simplest model, Alice protect the message creating a secret key and somehow share it with Bob so they

own two copies of the same key. These two copies are used to perform description and inscription: Alice starts

with the plaintext = message in clear and uses some encryption methods in which she put the message as

input, uses the secret key as a second input and the box produced as output the ciphertext = message

encrypted (or hidden). These ciphertext is shared in the public network and reaches Bob passing into the

decryption box that gives the original message in thee condition in which Bob has the decryption key. Eve is

looking in the public network for some message passing, she try to get it and read the content. If Alice transmits

the cyphertext, Eve could get it, she could know the encryption algorithm but since she has not the secret key

she could not read the original content. Secrecy of the message (confidentiality) depends on secrecy of the

key. The most common Eve’s attacks could be, passive attacks in which her goals could be read one or more

secret messages or find the secret key and then read all secret messages or also active attack where she alter

the secret message or impersonate Alice (forge messages).

Today if we want to be sure that a cryptographic system has a reasonable level of security we have to consider

these kind of possible attacks: the first is the one in which is known the ciphertext only, it is the most difficult

attach because the malicious user has few information; in the second is known the ciphertext and the

corresponding plaintext, in this case is now some part of cyphertext with the corresponding plaintext. The last

two are those in which encryption and decryption machine are temporary accessible so plaintext and

ciphertext can be chosen. The used could choose several plaintext encrypting them and record the

corresponding ciphertext without knowing the ciphertext to be attached.

The way to share the key between the two main user is based on Kerckoffs principle (1883): the security of a

cryptographic system cannot be based on the secrecy of the encryption/decryption algorithm conversely, it is

based on the secrecy of the key. The rules imposed by Kerckoffs, valid still today are:

1. A cryptographic system must be physically, if not mathematically, indecipherable (perfect cipher).

2. The system should not require secrecy, and must be able to fall into alien hands without drawbacks.

3. It must be possible to exchange and store the key without the need of written notes, and it must be

possible to change the key when desired by users

4. The system must be applicable to telegraphic correspondence

5. The system must be portable and its use and operation must not require the availability of a large number

of people

6. Finally, given the circumstances in which it will presumably be used, the system must not require

knowledge of a long set of rules, or be difficult to apply

4 INTROCUCTION TO CRYPTOGRAPHY

Symmetric (or private key) cryptography – The first and oldest form of cryptography. Alice and Bob shared a

copy the secret key before communication start. Alice starts from a plaintext input, transforms the plaintext

(X) into a cyphertext message through the secret key (K). She used an encryption algorithm (E) that starting

from k and X gives the cyphertext (Y). = (, )

Then the cyphertext is transmitted to Bob that having the copy of the key is able to get back the initial message

using a decryption algorithm (D) under the condition is that the input (K, Y) are consistent.

= (, )

Even if Eve intercept Y could not read the message because does not know k.

There are different algorithm to do it, the two modern cryptosystems are Data Encryption Standard (DES) and,

the most used today, Advanced Encryption Standard (AES).

Asymmetric (or public key) cryptography – Is the method used today. Starting from 1972 researchers found

mathematical solution to asymmetric encryption using paired keys, one is secret one is public. First the user

(Alice) computes the private key, than starting from the private key, applies a one way function to obtain the

public key. The one way function is a function that can be easily computed in one direction but is unfeasible

(impossibile) to compute in the other direction. So Alice could create the public key with these function but

none, neither Alice, could go back to the private key. After that the key is published because do not reveal

information of the private one. The cryptographic algorithm is splitted in two part: one for encryption one for

decryption, the public key is used only for encryption instead the private one is used only for decryption. These

means that Bob, who has all the public keys, want to send Alice a private message. He could take her public

key in the public directory for encryption and then can transmit the ciphertext to Alice. The encryption

algorithm (E), uses as input the Alice’s public key (PU ) and the plaintext (X), and compute the ciphertext (Y).

a

= (PUa, )

The message is transmitted to Alice gain. She is the only use who knows the private key corresponding to the

public one used and she can use the decryption algorithm (D), the private kay (PR ) and the cyphertext to

a

obtain the plaintext (X). = (PRa, )

We have two different boxes E/D that work with different keys so there’s no more the problem to share safely

the key, top! Even if Eve get the ciphertext and the public key she can make the decryption in anyway because

she does not know the Alice’s private key. The most important asymmetric algorithm are RSA, El Gamal McEl…

Digital Signatures – Another use of asymmetric cryptography is the case in which we want to keep secret

authentication of the message. So the case in which when Bob sent a message to A

Anteprima
Vedrai una selezione di 18 pagine su 82
Biomedical Data Protection Pag. 1 Biomedical Data Protection Pag. 2
Anteprima di 18 pagg. su 82.
Scarica il documento per vederlo tutto.
Biomedical Data Protection Pag. 6
Anteprima di 18 pagg. su 82.
Scarica il documento per vederlo tutto.
Biomedical Data Protection Pag. 11
Anteprima di 18 pagg. su 82.
Scarica il documento per vederlo tutto.
Biomedical Data Protection Pag. 16
Anteprima di 18 pagg. su 82.
Scarica il documento per vederlo tutto.
Biomedical Data Protection Pag. 21
Anteprima di 18 pagg. su 82.
Scarica il documento per vederlo tutto.
Biomedical Data Protection Pag. 26
Anteprima di 18 pagg. su 82.
Scarica il documento per vederlo tutto.
Biomedical Data Protection Pag. 31
Anteprima di 18 pagg. su 82.
Scarica il documento per vederlo tutto.
Biomedical Data Protection Pag. 36
Anteprima di 18 pagg. su 82.
Scarica il documento per vederlo tutto.
Biomedical Data Protection Pag. 41
Anteprima di 18 pagg. su 82.
Scarica il documento per vederlo tutto.
Biomedical Data Protection Pag. 46
Anteprima di 18 pagg. su 82.
Scarica il documento per vederlo tutto.
Biomedical Data Protection Pag. 51
Anteprima di 18 pagg. su 82.
Scarica il documento per vederlo tutto.
Biomedical Data Protection Pag. 56
Anteprima di 18 pagg. su 82.
Scarica il documento per vederlo tutto.
Biomedical Data Protection Pag. 61
Anteprima di 18 pagg. su 82.
Scarica il documento per vederlo tutto.
Biomedical Data Protection Pag. 66
Anteprima di 18 pagg. su 82.
Scarica il documento per vederlo tutto.
Biomedical Data Protection Pag. 71
Anteprima di 18 pagg. su 82.
Scarica il documento per vederlo tutto.
Biomedical Data Protection Pag. 76
Anteprima di 18 pagg. su 82.
Scarica il documento per vederlo tutto.
Biomedical Data Protection Pag. 81
1 su 82
D/illustrazione/soddisfatti o rimborsati
Acquista con carta o PayPal
Scarica i documenti tutte le volte che vuoi
Dettagli
SSD
Ingegneria industriale e dell'informazione ING-IND/34 Bioingegneria industriale

I contenuti di questa pagina costituiscono rielaborazioni personali del Publisher maria456789 di informazioni apprese con la frequenza delle lezioni di Biomedical Data Protection e studio autonomo di eventuali libri di riferimento in preparazione dell'esame finale o della tesi. Non devono intendersi come materiale ufficiale dell'università Università Politecnica delle Marche - Ancona o del prof Baldi Marco.
Appunti correlati Invia appunti e guadagna

Domande e risposte

Hai bisogno di aiuto?
Chiedi alla community