学位论文详细信息
An Empirical Analysis of Security and Privacy in Health and Medical Systems
health;medical;systems;cryptography;cryptanalysis;location;authentication;security;privacy;Computer Science
Rushanan, Michael A.Rubin, Aviel D. ;
Johns Hopkins University
关键词: health;    medical;    systems;    cryptography;    cryptanalysis;    location;    authentication;    security;    privacy;    Computer Science;   
Others  :  https://jscholarship.library.jhu.edu/bitstream/handle/1774.2/44628/RUSHANAN-DISSERTATION-2016.pdf?sequence=1&isAllowed=y
瑞士|英语
来源: JOHNS HOPKINS DSpace Repository
PDF
【 摘 要 】

Healthcare reform, regulation, and adoption of technology such as wearables are substantially changing both the quality of care and how we receive it. For example, health and fitness devices contain sensors that collect data, wireless interfaces to transmit data, and cloud infrastructures to aggregate, analyze, and share data. FDA-defined class III devices such as pacemakers will soon share these capabilities. While technological growth in health care is clearly beneficial, it also brings new security and privacy challenges for systems, users, and regulators.We group these concepts under health and medical systems to connect and emphasize their importance to healthcare. Challenges include how to keep user health data private, how to limit and protect access to data, and how to securely store and transmit data while maintaining interoperability with other systems. The most critical challenge unique to healthcare is how to balance security and privacy with safety and utility concerns. Specifically, a life-critical medical device must fail-open (i.e., work regardless) in the event of an active threat or attack. This dissertation examines some of these challenges and introduces new systems that not only improve security and privacy but also enhance workflow and usability. Usability is important in this context because a secure system that inhibits workflow is often improperly used or circumvented.We present this concern and our solution in its respective chapter. Each chapter of this dissertation presents a unique challenge, or unanswered question,and solution based on empirical analysis.We present a survey of related work in embedded health and medical systems. The academic and regulatory communities greatly scrutinize the security and privacy of these devices because of their primary function of providing critical care. What we find is that securing embedded health and medical systems is hard, done incorrectly, and is analogous to non-embedded health and medical systems such as hospital servers, terminals, and personally owned mobile devices. A policy called bring your own device (BYOD) allows the use and integration of mobile devices in the workplace. We perform an analysis of Apple iMessage which both implicates BYOD in healthcare and secure messaging protocols used by health and medical systems.We analyze direct memory access engines, a special-purpose piece of hardware to transfer data into and out of main memory, and show that we can chain together memory transfers to perform arbitrary computation. This result potentially affects all computing systems used for healthcare. We also examine HTML5 web workers as they provide stealthy computation and covert communication. This finding is relevant to web applications such as personal and electronic health record portals. We design and implement two novel and secure health and medical systems. One is a wearable device that addresses the problem of authenticating a user (e.g., physician) to a terminal in a usable way. The other is a light-weight and low-cost wireless device we call Beacon+. This device extends the design of Apple;;s iBeacon specification with unspoofable, temporal, and authenticated advertisements; of which, enables secure location sensing applications that could improve numerous healthcare processes.

【 预 览 】
附件列表
Files Size Format View
An Empirical Analysis of Security and Privacy in Health and Medical Systems 21084KB PDF download
  文献评价指标  
  下载次数:16次 浏览次数:61次