Threat analysis of online health information system

Electronic health records are increasingly used to enhance availability, recovery, and transfer of health records. Newly developed online health systems such as Google-Health create new security and privacy risks. In this paper, we elucidate a clear threat model for online health information systems. We distinguish between privacy and security threats. In response to these risks, we propose a traitor-tracing solution, which embeds proof to trace an attacker who leaks data from a repository. We argue that the application of traitor-tracing techniques to online health systems can align incentives and decrease risks.

[1]  Stefanos Gritzalis,et al.  Privacy Enhancing Technologies: A Review , 2003, EGOV.

[2]  Alessandro Acquisti,et al.  Do data breach disclosure laws reduce identity theft?: Do Data Breach Disclosure Laws Reduce Identity Theft? , 2011 .

[3]  Reza Curtmola,et al.  Medical Information Privacy Assurance: Cryptographic and System Aspects , 2002, SCN.

[4]  Rahul Telang,et al.  Competitive and Strategic Effects in the Timing of Patch Release , 2006, WEIS.

[5]  Alessandro Acquisti,et al.  When 25 Cents is Too Much: An Experiment on Willingness-To-Sell and Willingness-To-Protect Personal Information , 2007, WEIS.

[6]  Hung-Min Sun,et al.  On the Security of Some Password Authentication Protocols , 2003, Informatica.

[7]  Rainer Böhme,et al.  On the Viability of Privacy-Enhancing Technologies in a Self-Regulated Business-to-Consumer Market: Will Privacy Remain a Luxury Good? , 2007, WEIS.

[8]  Andrew P. Martin,et al.  Towards an open, trusted digital rights management platform , 2006, DRM '06.

[9]  Andy Podgurski,et al.  In Sickness, Health, and Cyberspace: Protecting the Security of Electronic Private Health Information , 2009 .

[10]  M. Eric Johnson,et al.  Data Hemorrhages in the Health-Care Sector , 2009, Financial Cryptography.

[11]  Amos Fiat,et al.  Dynamic Traitor Tracing , 2001, Journal of Cryptology.

[12]  Hideki Imai,et al.  Efficient Asymmetric Self-Enforcement Scheme with Public Traceability , 2001, Public Key Cryptography.

[13]  Tyler Moore,et al.  The Impact of Incentives on Notice and Take-down , 2008, WEIS.

[14]  Benny Pinkas,et al.  Traitor Tracing , 2005, Encyclopedia of Cryptography and Security.

[15]  Beng Chin Ooi,et al.  Privacy and ownership preserving of outsourced medical data , 2005, 21st International Conference on Data Engineering (ICDE'05).

[16]  Lawrence A. Gordon,et al.  An Economics Perspective on the Sharing of Information Related to Security Breaches: Concepts and Empirical Evidence , 2002 .

[17]  L. Sweeney Computational Disclosure Control for Medical Microdata , 1997 .

[18]  Lawrence O'Gorman,et al.  Electronic marking and identification techniques to discourage document copying , 1994, Proceedings of INFOCOM '94 Conference on Computer Communications.

[19]  A. Acquisti Losses , Gains , and Hyperbolic Discounting : An Experimental Approach to Information Security Attitudes and Behavior , 2003 .

[20]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[21]  Dong Hoon Lee,et al.  An Anonymous Asymmetric Public Key Traitor Tracing Scheme , 2003, EC-Web.

[22]  Jerome H. Saltier,et al.  Protection of information in computer systems , 1975, IEEE CSIT Newsletter.

[23]  Chaim Fershtman,et al.  Network Security: Vulnerabilities and Disclosure Policy , 2007, WEIS.

[24]  Bruce H. Kobayashi,et al.  Private versus Social Incentives in Cybersecurity: Law and Economics , 2005 .

[25]  Benjamin Edelman,et al.  Adverse selection in online "trust" certifications , 2009, WEIS.

[26]  Hal R. Varian,et al.  Who Signed Up for the Do-Not-Call List? , 2004 .

[27]  Moni Naor,et al.  Threshold Traitor Tracing , 1998, CRYPTO.

[28]  Reihaneh Safavi-Naini,et al.  Sequential Traitor Tracing , 2000, CRYPTO.

[29]  Anindya Ghose,et al.  The Economic Consequences of Sharing Security Information , 2004, Economics of Information Security.

[30]  Thomas Bozek,et al.  Research on Mitigating the Insider Threat to Information Systems - #2 , 2000 .

[31]  Aggelos Kiayias,et al.  Breaking and Repairing Asymmetric Public-Key Traitor Tracing , 2002, Digital Rights Management Workshop.

[32]  Jeffrey K. MacKie-Mason,et al.  Incentive-Centered Design in Information Security , 2006, HotSec.

[33]  Moni Naor,et al.  Digital signets: self-enforcing protection of digital information (preliminary version) , 1996, STOC '96.

[34]  Anja Becker,et al.  Assessing privacy criteria for drm using eu privacy legislation , 2008, DRM '08.

[35]  L. Gostin,et al.  National health information privacy: regulations under the Health Insurance Portability and Accountability Act. , 2001, JAMA.

[36]  Rajeev Krishna,et al.  Patient confidentiality in the research use of clinical medical databases. , 2007, American journal of public health.

[37]  Eytan Adar,et al.  Valuating Privacy , 2005, WEIS.

[38]  Eric Diehl A four-layer model for security of digital rights management , 2008, DRM '08.

[39]  Panayiotis Kotzanikolaou,et al.  An Asymmetric Traceability Scheme for Copyright Protection without Trust Assumptions , 2001, EC-Web.

[40]  Jack Brassil Hiding Information in Document Images , 2007 .

[41]  Larry Korba,et al.  Applying digital rights management systems to privacy rights management , 2002, Comput. Secur..

[42]  Alessandro Acquisti,et al.  Do Data Breach Disclosure Laws Reduce Identity Theft? (Updated) , 2008 .