Security Analysis of Standards-Driven Communication Protocols for Healthcare Scenarios

Masi, Massimiliano; Pugliese, Rosario; Tiezzi, Francesco

doi:10.1007/s10916-012-9843-1

Cited by 5 publications

(10 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…All the XDS and XDM services are given as a courtesy of the company Tiani "Spirit" GmbH 9 , located in Vienna, Austria. An outline of the overall implementation of the protocol is available online [29].…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

A standard-driven communication protocol for disconnected clinics in rural areas

Masi

Pugliese

Tiezzi

2011

2011 IEEE 13th International Conference on E-Health Networking, Applications and Services

Self Cite

View full text Add to dashboard Cite

Abstract-The importance of the Electronic Health Record (EHR), which stores all healthcare-related data belonging to a patient, has been recognized in recent years by governments, institutions, and industry. Initiatives like Integrating the Healthcare Enterprise (IHE) have been developed for the definition of standard methodologies for secure and interoperable EHR exchanges among clinics and hospitals. Using the requisites specified by these initiatives, many large-scale projects have been set up to enable healthcare professionals to handle patients' EHRs. Applications deployed in these settings are often considered safety-critical, thus ensuring such security properties as confidentiality, authentication, and authorization is crucial for their success. In this paper, we propose a communication protocol, based on the IHE specifications, for authenticating healthcare professionals and assuring patients' safety in settings where no network connection is available, such as in rural areas of some developing countries. We define a specific threat model, driven by the experience of use cases covered by international projects, and prove that an intruder cannot cause damages to the safety of patients and their data by performing any of the attacks falling within this threat model. To demonstrate the feasibility and effectiveness of our protocol, we have fully implemented it.

show abstract

Section: Discussionmentioning

confidence: 99%

“…We refer the interested reader to [29] for a complete account of the specification, and to [16], [25] for the presentation of COWS and of many examples illustrating its peculiarities and expressiveness.…”

Section: Specification and Analysismentioning

confidence: 99%

A standard-driven communication protocol for disconnected clinics in rural areas

Masi

Pugliese

Tiezzi

2011

2011 IEEE 13th International Conference on E-Health Networking, Applications and Services

Self Cite

View full text Add to dashboard Cite

show abstract

“…A possible solution of such an authentication flaw, which does not put any requirement on the security of the van itself, is presented in [9]. This work introduces an ad-hoc protocol for exchanging medical records that exploits the XDM standard.…”

Section: Applying the Protocol For Disconnected Clinicsmentioning

confidence: 99%

“…In order to perform analysis on the security of the protocol, a threat model is proposed in [9]. In such a model, an attackerà la Dolev-Yao [13] is used.…”

Section: Applying the Protocol For Disconnected Clinicsmentioning

confidence: 99%

“…Therefore, since a considerable area of the Gauteng province suffers from the above mentioned connectivity problems, we believe that such security flaws would occur in the extension of the PoC, unless suitable measures are taken. In this paper, we tackle the problem of amending the system developed in the E-HR.GP's PoC by proposing the use of a formally-proved correct IHE-based protocol [9], so to include also clinics in rural areas with low or absent Internet connectivity and reachable only by hundred of kilometers of sand tracks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

e-Health for Rural Areas in Developing Countries: Lessons from the Sebokeng Experience

Masi

Pugliese

Tiezzi

2012

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

Self Cite

View full text Add to dashboard Cite

Abstract. We report the experience gained in an e-Health project in the Gauteng province, in South Africa. A Proof-of-Concept of the project has been already installed in 3 clinics in the Sebokeng township. The project is now going to be applied to 300 clinics in the whole province. This extension of the Proof-of-Concept can however give rise to security flaws because of the inclusion of rural areas with unreliable Internet connection. We address this problem and propose a safe solution.

show abstract

Image De-Identification Methods for Clinical Research in the XDS Environment

Aryanto

Kernebeek

Berendsen³

et al. 2016

J Med Syst

View full text Add to dashboard Cite

To investigate possible de-identification methodologies within the Cross-Enterprise Document Sharing for imaging (XDS-I) environment in order to provide strengthened support for image data exchange as part of clinical research projects. De-identification, using anonymization or pseudonymization, is the most common method to perform information removal within DICOM data. However, it is not a standard part of the XDS-I profiles. Different methodologies were observed to define how and where de-identification should take place within an XDS environment used for scientific research. De-identification service can be placed in three locations within the XDS-I framework: 1) within the Document Source, 2) between the Document Source and Document Consumer, and 3) within the Document Consumer. First method has a potential advantage with respect to the exposure of the images to outside systems but has drawbacks with respect to additional hardware and configuration requirements. Second and third method have big concern in exposing original documents with all identifiable data being intact after leaving the Document Source. De-identification within the Document Source has more advantages compared to the other methods. On the contrary, it is less recommended to perform de-identification within the Document Consumer since it has the highest risk of the exposure of patients identity due to the fact that images are exposed without de-identification during the transfers.

show abstract

Security Analysis of Standards-Driven Communication Protocols for Healthcare Scenarios

Cited by 5 publications

References 10 publications

A standard-driven communication protocol for disconnected clinics in rural areas

A standard-driven communication protocol for disconnected clinics in rural areas

e-Health for Rural Areas in Developing Countries: Lessons from the Sebokeng Experience

Image De-Identification Methods for Clinical Research in the XDS Environment

Contact Info

Product

Resources

About