INTRODUCITON
INTRODUCITON
Data could be non-personal data generated by a production machine or personal data: name address
localisation, online identifier, cultural profile, income and health information of one subject. Within personal
data we find Biomedical Data: all those data and information that belongs to a patient. The main kind are:
- Medical examination – all data concerning all examinations that depict medical condition.
- Inpatient health monitoring – all data generated and stored when we are submitted to some clinical
practice (i.e. an ECG recording)
- Medical imaging - those images we have associated a report where it is interpreted and where it is
written what kind of illnesses you may have.
- Laboratory data - data obtained from analysis in laboratory
- Patient generated health data – data generated with some application on our smartphone.
All biomedical data must be protected from physical falls in structures of falling in the protection system of the
same structure. The Italy has the electronic health record, a collection of the position, the hospital or the
laboratory, in which are stored patient’s data. In the last years, the cybersecurity developed because some
cybercriminals attack different hospital all over the world, blocking system or stealing data, for ransom.
MEDJACK, hijacking medical device, has as target healthcare system and devices (blood gas analysers, PACS,
infusion/insulin pumps, pacemaker…) because are often used obsolete software (WinXP, …) and are closed
(systems no updated and no antivirus). IT departments cannot manage them, don’t have administrator
privileges and they often treat data in clear. All those instruments are very delicate object from the
cybersecurity point of view. These software target obsolete software with WinXP for example, this obsolete
system it is less important than other systems, and this medjack system is no longer considered dangerous by
protection systems. At this point it perform a “lateral movement” and infects weak devices. Once the weak
device has been infected, it leaves a backdoor to the cybercriminal in the corporate network of the hospital.
In this way, they can access everywhere, in each hospital, in each country. Another way to attack is the
Orangeworm, a malware Kwampirs detected in X-Ray and MRI control machines and in computer used for
filling patient consent statements. The healthcare sector is so targeted from those attack because personal
data earn a lot of money in the black market, and more sensible data are the healthcare records.
In general, there are three areas that we must care about: Safety – protecting data or infrastructure, from an
accident occurred, by chance. Privacy – the state of being alone or kept apart from others. Security –means
protect data, system and infrastructure from fraudulent attacks.
The level of security and safety is related to a lot of technical regulations, Italian mandatory regulation are:
General data Protection Regulation (GDPR): involves EU citizens everywhere they are and must be observed
by any entity company and institution that treated personal data.
Network and Information System Directive: it is about system, for a more technological aspect that handle
personal data, it applies to critical infrastructure that cannot be block, here data flow continually.
Minimal measure of security ICT and data treatment: they are a practical reference for evaluating and
improving the level of IT security of administrations, in order to counter the most frequent cyber threats. The
measures consist of controls of a technological, organizational and procedural nature and useful for the Public
Administrations to assess their level of IT security. There are other regulations that are optional, so the hospital
could choose to comply with this control. 1 GDPR
GDPR
General Data Protection Regulation (GDPR) is a European regulation, valid in all the UE countries, for
protecting personal data. Enforced on 25 May 2018, aims to harmonize data privacy laws across Europe, and
to protect and empower all EU citizens data privacy, both from legal both from technical point of view.
- Art. 5 GDPR – principles relating to processing of personal data. Personal data shall be: processed
lawfully, fairly and in a transparent manner in relation to the data subject. They are collected for
specified, explicit and legitimate purposes and not further processed in a manner that is incompatible
with those purposes.
- Art. 9 GDPR – Processing of special categories of personal data such as racial or ethnic origin, political
opinions, religious or philosophical beliefs, biometric data for the purpose of uniquely identifying a
natural person, data concerning health or person's sex life or sexual orientation, shall be prohibited. It
does not applies if the data subject has given explicit consent to the processing of those personal data
for some specified purposes.
- Art. 32 GDPR – Security of processing: the controller and the processor shall implement appropriate
technical and organisational measures to ensure a level of security appropriate to the risk, including the
pseudonymisation and encryption of personal data; the ability to ensure confidentiality (the state of
keeping or being kept secret or private), integrity (internal consistency or lack of corruption in electronic
data), availability (the quality of being able to be used or obtained) and resilience (resilient to accidents,
made with redundancy) of processing systems and services.
GDPR Actors
European Data Protection Board – the board is composed of the head of a supervisory authority of each
Member State and of the European Data Protection Supervisor. Its role is to review what is working and what
is not working and to give advice and guidance. The Board has a Chair/President. There’s consultation between
the European Union commission and the Board.
Supervisory Authority – an independent public authority which is established by any Member State to enforce
legislation locally. It makes sure that the regulation is executed in each state. It is responsible for imposing and
managing administration fines to controllers and processors. It must coordinate with other Supervisory
Authorities when there are multiple actors in more than one-member state in any dispute.
Data Processor - a natural or legal person, public authority, agency or other body which process personal data
on behalf of the controller. The processors do not determine the purpose and or means of the processing. They
just process the data as requested by the controller. This also occurs when data processing is outsourced by
the controller and data is processed by a third party (example: cloud service provider). Under the previous
directive, it was only the data controller that would be fined in case of non-compliance. Under the new
legislation, the processor is also liable.
Data controller – defines what personal data the company needs and for what purposes. The company then
requests that data from people. It is responsible for compliance with the regulation. Under the new law, the
controller must be able to demonstrate compliance at any given time following a request from SA or DSj.
Data subject – is a natural person, a living being. 2 GDPR
Data Protection Officer - It is a new figure created by GDPR. It is mandatory only for those controllers and
processors whose core activities consists of processing operations which require regular and systematic
monitoring of data subject (i.e. university) on a large scale or of special categories of data, including
information such as health data or religious and political beliefs.
It must be appointed in the basis of professional qualities and expert knowledge on data protection law and
practice. It must be a staff member or an external professional. Appropriate resources are provided to carry
out their tasks and maintain their expert knowledge. That must report directly to the highest level of
management and not carry out other tasks that could result in a conflict of interest.
GDPR- key elements – There are some right that people have on their data, and those are regulated by GDPS:
- Breach notification: is mandatory for any data breach that is likely to “result in a risk for the rights and
freedoms of individuals”. It must be dome within 72 hours after discovering the breach. Data possessors
must notify data controllers “without undue delay” after direst becoming aware of a data breach
- Right to access: obtain from the data controller confirmation as to whether a citizen’s personal data are
being processed, where and for what purpose. The controller shall provide a copy to the personal data, free
of charge, in an electronic format
- Right to be Forgotten: the data subject can request the data controller to erase his/her personal data, crease
further dissemination of the data, and potentially have third parties halt processing of the data.
- Data portability: the data subject has the right to receive his/her personal data in a ‘commonly use and
machine-readable format’ and has the right to transmit that data to another controller
- Privacy by Design and by Default: inclusion of data protection from the onset of the designing of systems,
rather than an addition
- Data minimization: controllers must hold and process only the data necessary for the completion of their
duties. Access to personal data must be limited to those needing to perform their processing
- Security of processing: the controller and the processor shall implement appropriate technical and
organizational measures to ensure a level of security appropriate to the risk.
Pseudonymization and anonymization – The two main measure used for data protection are:
- Pseudonymization: data management and de-identification procedure by which personally identifiable
information fields within a data record are replaced by one or more artificial identifiers, or pseudonyms.
Pseudonymized data can still go through re-identification to associate them again with a subject. Some
Pseudonymization techniques are Scrambling: mixing or obfuscation of letters, the process may be
reversible or not; Encryption (symmetric): reversible for there who know the secret key; Masking: some
important/unique part of the data is replaced with random characters or other data; Tokenization: non-
mathematical approach that replaces sensitive data with non-sensitive substitutes, referred to as token;
Blurring: uses an approximation of data values
- Anonymization: personal data are rendered anonymous in such a fashion that the data subject is no longer
identifiable, and GDPR does not apply to anonymous data. Data cannot be re-identified. k- Anonymity is a
special form of anonymization in which info of each subject cannot be distinguished from that of at least
other k-1 individual. For example, you have 10 individuals with the same data (all born in august but we don’t
know the day). The greater k, the more ambiguous is the identification. Let RT(A_1, ….. , A_n) be a table and
QI is a “quasi identifier” associated with it. RT is said to satisfy k-anonymity if and only if each sequence of
RT
values in RT [QI ] appears with at least k occurrences in RT [QI ]. This is made by generalization, i.e. by
RT RT
transforming the QI values into less specific forms so that they no longer uniquely represent individuals. k-
anonymity guarantees that an individual can be associated with her/his real tuple with a probability of a most
1/k. 3 INTROCUCTION TO CRYPTOGRAPHY
INTROCUCTION TO CRYPTOGRAPHY
Cryptography is one of the main technique we need for data protection. At each time of history, people tied
to protect data and messages using Steganography – hiding the message without altering its shape. Examples:
engraving of hidden text on wooden tables covered with wax, Invisible ink, microdots or money etc or
Cryptography – by altering a message, it is made unintelligible for anyone who has not some secret tools that,
instead, are owned by the writer and the legitimate reader.
Today cryptography studies the design of secure systems both with Cryptanalysis that studies techniques to
"break" cryptographic systems are the two main part of Cryptology that studies communication over insecure
channels and its problems. Cryptology and cryptanalysis are strictly link and improve together.
General model of cryptographic system – Three people named Alice Bob and Eve are the main actor of the
transmission of a message: Alice is the user who generates the message, Bob is the receiver of the message
and Eve is the malicious user who want to intercept the message.
In the simplest model, Alice protect the message creating a secret key and somehow share it with Bob so they
own two copies of the same key. These two copies are used to perform description and inscription: Alice starts
with the plaintext = message in clear and uses some encryption methods in which she put the message as
input, uses the secret key as a second input and the box produced as output the ciphertext = message
encrypted (or hidden). These ciphertext is shared in the public network and reaches Bob passing into the
decryption box that gives the original message in thee condition in which Bob has the decryption key. Eve is
looking in the public network for some message passing, she try to get it and read the content. If Alice transmits
the cyphertext, Eve could get it, she could know the encryption algorithm but since she has not the secret key
she could not read the original content. Secrecy of the message (confidentiality) depends on secrecy of the
key. The most common Eve’s attacks could be, passive attacks in which her goals could be read one or more
secret messages or find the secret key and then read all secret messages or also active attack where she alter
the secret message or impersonate Alice (forge messages).
Today if we want to be sure that a cryptographic system has a reasonable level of security we have to consider
these kind of possible attacks: the first is the one in which is known the ciphertext only, it is the most difficult
attach because the malicious user has few information; in the second is known the ciphertext and the
corresponding plaintext, in this case is now some part of cyphertext with the corresponding plaintext. The last
two are those in which encryption and decryption machine are temporary accessible so plaintext and
ciphertext can be chosen. The used could choose several plaintext encrypting them and record the
corresponding ciphertext without knowing the ciphertext to be attached.
The way to share the key between the two main user is based on Kerckoffs principle (1883): the security of a
cryptographic system cannot be based on the secrecy of the encryption/decryption algorithm conversely, it is
based on the secrecy of the key. The rules imposed by Kerckoffs, valid still today are:
1. A cryptographic system must be physically, if not mathematically, indecipherable (perfect cipher).
2. The system should not require secrecy, and must be able to fall into alien hands without drawbacks.
3. It must be possible to exchange and store the key without the need of written notes, and it must be
possible to change the key when desired by users
4. The system must be applicable to telegraphic correspondence
5. The system must be portable and its use and operation must not require the availability of a large number
of people
6. Finally, given the circumstances in which it will presumably be used, the system must not require
knowledge of a long set of rules, or be difficult to apply
4 INTROCUCTION TO CRYPTOGRAPHY
Symmetric (or private key) cryptography – The first and oldest form of cryptography. Alice and Bob shared a
copy the secret key before communication start. Alice starts from a plaintext input, transforms the plaintext
(X) into a cyphertext message through the secret key (K). She used an encryption algorithm (E) that starting
from k and X gives the cyphertext (Y). = (, )
Then the cyphertext is transmitted to Bob that having the copy of the key is able to get back the initial message
using a decryption algorithm (D) under the condition is that the input (K, Y) are consistent.
= (, )
Even if Eve intercept Y could not read the message because does not know k.
There are different algorithm to do it, the two modern cryptosystems are Data Encryption Standard (DES) and,
the most used today, Advanced Encryption Standard (AES).
Asymmetric (or public key) cryptography – Is the method used today. Starting from 1972 researchers found
mathematical solution to asymmetric encryption using paired keys, one is secret one is public. First the user
(Alice) computes the private key, than starting from the private key, applies a one way function to obtain the
public key. The one way function is a function that can be easily computed in one direction but is unfeasible
(impossibile) to compute in the other direction. So Alice could create the public key with these function but
none, neither Alice, could go back to the private key. After that the key is published because do not reveal
information of the private one. The cryptographic algorithm is splitted in two part: one for encryption one for
decryption, the public key is used only for encryption instead the private one is used only for decryption. These
means that Bob, who has all the public keys, want to send Alice a private message. He could take her public
key in the public directory for encryption and then can transmit the ciphertext to Alice. The encryption
algorithm (E), uses as input the Alice’s public key (PU ) and the plaintext (X), and compute the ciphertext (Y).
a
= (PUa, )
The message is transmitted to Alice gain. She is the only use who knows the private key corresponding to the
public one used and she can use the decryption algorithm (D), the private kay (PR ) and the cyphertext to
a
obtain the plaintext (X). = (PRa, )
We have two different boxes E/D that work with different keys so there’s no more the problem to share safely
the key, top! Even if Eve get the ciphertext and the public key she can make the decryption in anyway because
she does not know the Alice’s private key. The most important asymmetric algorithm are RSA, El Gamal McEl…
Digital Signatures – Another use of asymmetric cryptography is the case in which we want to keep secret
authentication of the message. So the case in which when Bob sent a message to A
Scarica il documento per vederlo tutto.
Scarica il documento per vederlo tutto.
Scarica il documento per vederlo tutto.
Scarica il documento per vederlo tutto.
Scarica il documento per vederlo tutto.
Scarica il documento per vederlo tutto.
Scarica il documento per vederlo tutto.
Scarica il documento per vederlo tutto.
Scarica il documento per vederlo tutto.
Scarica il documento per vederlo tutto.
Scarica il documento per vederlo tutto.
Scarica il documento per vederlo tutto.
Scarica il documento per vederlo tutto.
Scarica il documento per vederlo tutto.
Scarica il documento per vederlo tutto.
Scarica il documento per vederlo tutto.
-
Biomedical Signal and data processing
-
Analysis of biomedical data and signals
-
Esame di Analysis of biomedical data and signals, valutazione giugno
-
Biomedical Sensors