Offline Auditing for Privacy

Slides:



Advertisements
Similar presentations
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Privacy, Security, Confidentiality, and Legal Issues
Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.
Information Security Policies and Standards
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Department Of Computer Engineering
SECURITY: Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
HIPAA COMPLIANCE WITH DELL
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,
A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.
1 Applied Cryptography in CyberTA Brent Waters Work with Dan Boneh and Amit Sahai.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Audit COM380 University of Sunderland Harry R. Erwin, PhD.
WebWatcher A Lightweight Tool for Analyzing Web Server Logs Hervé DEBAR IBM Zurich Research Laboratory Global Security Analysis Laboratory
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.
Security Methods and Practice CET4884
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Principles Identified - UK DfT -
SIEM Rotem Mesika System security engineering
REDCap General Overview
Health Insurance Portability and Accountability Act of 1996
Secure your complete data lifecycle using Azure Information Protection
Threat Modeling for Cloud Computing
chownIoT Secure Handling of Smart Home IoT Devices Ownership Change
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Cloud Security– an overview Keke Chen
Database Security and Authorization
TRUST Area 3 Overview: Privacy, Usability, & Social Impact
Understanding HIPAA Dr. Jennifer Lu.
Jim Fawcett CSE686 – Internet Programming Summer 2005
Radius, LDAP, Radius used in Authenticating Users
Integrating the Healthcare Enterprise
Principles of Computer Security
THE STEPS TO MANAGE THE GRID
Secure your complete data lifecycle using Azure Information Protection
HIPAA Basic Training for Privacy and Information Security
IS3440 Linux Security Unit 9 Linux System Logging and Monitoring
The Privacy Cycle A Five-Step Process to Improve Your Privacy Culture
Grid Security M. Jouvin / C. Loomis (LAL-Orsay)
Lesson 16-Windows NT Security Issues
County HIPAA Review All Rights Reserved 2002.
Intrusion Detection Systems
Building an Encrypted and Searchable Audit Log
Drew Hunt Network Security Analyst Valley Medical Center
The General Data Protection Regulation: Are You Ready?
Computer Security CIS326 Dr Rachel Shipsey.
ONLINE SECURE DATA SERVICE
Marco Casassa Mont Keith Harrison Martin Sadler
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Privacy and Security Update - 5 Years After Implementation
Designing IIS Security (IIS – Internet Information Service)
Introduction to Cryptography
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
Security Mechanisms Network Security.
Computer Security CIS326 Dr Rachel Shipsey.
Challenges Of Network Security
Chapter 5 Computer Security
Distributed Digital Rights Management
School of Medicine Orientation Information Security Training
Presentation transcript:

Offline Auditing for Privacy 17/09/2018 Offline Auditing for Privacy Jeff Dwoskin, Bill Horne, Tomas Sander Trusted Systems Laboratory Princeton HP_presentation_template

Why Auditing for Privacy? Potential advantages Collect and analyze log data to detect privacy violations offline May also work where enforcement doesn’t Create trail of what happened to privacy sensitive data for Documentation Forensics Demonstrate compliance with internal privacy policy Watch the watchers 17 September 2018

Two challenges How can we audit for the benefit of privacy? Privacy violation detection system functionality Compliance functionality How can auditing itself be performed in a privacy-friendly and secure way. Integrity Encrypted storage Pseudonymization and anonymization of audit file data Etc. 17 September 2018

What can we collect? Data access Privacy sensitive activities User, Application, Time, Data record accessed Source E.g. machine the request came from, internal/external etc. Part of the data record itself E.g. age of data record subject Consent information present Opt in, opt out Privacy sensitive activities Deletion of records Consequences e.g. alert issued, where enforcement inappropriate 17 September 2018

How can we analyze collected data? Against simple privacy policy rules (e.g., expressed in languages like EPAL) Have counters and collect statistics about behaviors that might be suspicious. Organize them into reports. Hope: Offline auditing can be more sophisticated due to lack of real-time requirements. 17 September 2018

What does HIPAA say about auditing? We propose that audit control mechanisms be put in place to record and examine system activity. We adopt this requirement in the final rule. 17 September 2018

How is this interpreted? Create events creation of records that contain PHI import of records that contain PHI Modify events editing of data re-association of data de-identifying of PHI View events access to PHI by any user export of PHI to digital media or network print or FAX of PHI Delete events user command to delete PHI automated command to delete PHI Non-PHI events user login & logout changes to user accounts detection of a virus network link failures changes to network security configuration etc.. 17 September 2018

What kinds of things might you look for? access to PHI by anyone not directly related to the patients treatment, payment of healthcare operation access to information not corresponding to the role of the user access to PHI of VIPs or community figures access to records that have not been accessed in a long time access to PHI of an employee access to PHI or a terminated employee access to sensitive records such as psychiatric records access to PHI of minors data recorded without a corresponding order 17 September 2018

Pseudonymization Work by Flegel: 17/09/2018 Pseudonymization Work by Flegel: Audit data is intercepted by a local pseudonymiser and then forwarded by syslog to remote hosts or stored Pseudonymiser substitutes (predefined) identifying features (types of identifying info) by shares, generated via Shamir’s secret sharing scheme. Record encrypted under key K. K can be reconstructed if at least k shares are found. 17 September 2018 HP_presentation_template

Further work on pseudonymization 17/09/2018 Further work on pseudonymization Anonymouse log file anonymiser: analysis possible, but anonymised data cannot be recovered Privacy enhanced IDS supports the recovery of pseudonymised info e.g. IDA, AID Anonymouse log file anonymiser [Eckert & Pircher] is a customisable Perl script that anonymises all privacy critical data in log files in such a way that they may still be analysed, but the anonymised data cannot be recovered. IDA (Intrusion Detection and Avoidance) prototype pseudonymises the subject fields within audit records by encryption. AID (Adaptive Intrusion Detection) system uses encryption by a secret (shared) key for the pseudonymisation process; this key is changed from time to time. 17 September 2018 HP_presentation_template

Searching encrypted log data Ex: public key based solutions: IBE based solutions Waters, Balfanz, Durfee, Smetters Boneh, Crescenszo, Ostrovsky,Persiano Idea: In Identity Based Encryption (IBE) every string can be used as a public key for encryption Corresponding decryption key supplied by key distribution center (KDC) 17 September 2018

Searching Encrypted Log Files II Encryption: For each document m choose random sym. key K and encrypt m under K For keywords w1,….wl in m encrypt (FLAG, K) with public keys w1...wl. Store results c1, …cl with encrypted document. Keyword search: For keyword w investigator request private key corresponding to w from KDC For each doc m investigator attempts decryption of c1…cl If FLAG is found, doc contains w and K is found. 17 September 2018

17/09/2018 HP_presentation_template