Presentation is loading. Please wait.

Presentation is loading. Please wait.

Offline Auditing for Privacy

Published by서훈 천 Modified over 6 years ago

Similar presentations

Presentation on theme: "Offline Auditing for Privacy"— Presentation transcript:

1 Offline Auditing for Privacy
17/09/2018 Offline Auditing for Privacy Jeff Dwoskin, Bill Horne, Tomas Sander Trusted Systems Laboratory Princeton HP_presentation_template

2 Why Auditing for Privacy?
Potential advantages Collect and analyze log data to detect privacy violations offline May also work where enforcement doesn’t Create trail of what happened to privacy sensitive data for Documentation Forensics Demonstrate compliance with internal privacy policy Watch the watchers 17 September 2018

3 Two challenges How can we audit for the benefit of privacy?
Privacy violation detection system functionality Compliance functionality How can auditing itself be performed in a privacy-friendly and secure way. Integrity Encrypted storage Pseudonymization and anonymization of audit file data Etc. 17 September 2018

4 What can we collect? Data access Privacy sensitive activities
User, Application, Time, Data record accessed Source E.g. machine the request came from, internal/external etc. Part of the data record itself E.g. age of data record subject Consent information present Opt in, opt out Privacy sensitive activities Deletion of records Consequences e.g. alert issued, where enforcement inappropriate 17 September 2018

5 How can we analyze collected data?
Against simple privacy policy rules (e.g., expressed in languages like EPAL) Have counters and collect statistics about behaviors that might be suspicious. Organize them into reports. Hope: Offline auditing can be more sophisticated due to lack of real-time requirements. 17 September 2018

6 What does HIPAA say about auditing?
We propose that audit control mechanisms be put in place to record and examine system activity. We adopt this requirement in the final rule. 17 September 2018

7 How is this interpreted?
Create events creation of records that contain PHI import of records that contain PHI Modify events editing of data re-association of data de-identifying of PHI View events access to PHI by any user export of PHI to digital media or network print or FAX of PHI Delete events user command to delete PHI automated command to delete PHI Non-PHI events user login & logout changes to user accounts detection of a virus network link failures changes to network security configuration etc.. 17 September 2018

8 What kinds of things might you look for?
access to PHI by anyone not directly related to the patients treatment, payment of healthcare operation access to information not corresponding to the role of the user access to PHI of VIPs or community figures access to records that have not been accessed in a long time access to PHI of an employee access to PHI or a terminated employee access to sensitive records such as psychiatric records access to PHI of minors data recorded without a corresponding order 17 September 2018

9 Pseudonymization Work by Flegel:
17/09/2018 Pseudonymization Work by Flegel: Audit data is intercepted by a local pseudonymiser and then forwarded by syslog to remote hosts or stored Pseudonymiser substitutes (predefined) identifying features (types of identifying info) by shares, generated via Shamir’s secret sharing scheme. Record encrypted under key K. K can be reconstructed if at least k shares are found. 17 September 2018 HP_presentation_template

10 Further work on pseudonymization
17/09/2018 Further work on pseudonymization Anonymouse log file anonymiser: analysis possible, but anonymised data cannot be recovered Privacy enhanced IDS supports the recovery of pseudonymised info e.g. IDA, AID Anonymouse log file anonymiser [Eckert & Pircher] is a customisable Perl script that anonymises all privacy critical data in log files in such a way that they may still be analysed, but the anonymised data cannot be recovered. IDA (Intrusion Detection and Avoidance) prototype pseudonymises the subject fields within audit records by encryption. AID (Adaptive Intrusion Detection) system uses encryption by a secret (shared) key for the pseudonymisation process; this key is changed from time to time. 17 September 2018 HP_presentation_template

11 Searching encrypted log data
Ex: public key based solutions: IBE based solutions Waters, Balfanz, Durfee, Smetters Boneh, Crescenszo, Ostrovsky,Persiano Idea: In Identity Based Encryption (IBE) every string can be used as a public key for encryption Corresponding decryption key supplied by key distribution center (KDC) 17 September 2018

12 Searching Encrypted Log Files II
Encryption: For each document m choose random sym. key K and encrypt m under K For keywords w1,….wl in m encrypt (FLAG, K) with public keys w1...wl. Store results c1, …cl with encrypted document. Keyword search: For keyword w investigator request private key corresponding to w from KDC For each doc m investigator attempts decryption of c1…cl If FLAG is found, doc contains w and K is found. 17 September 2018

13 17/09/2018 HP_presentation_template

Download ppt "Offline Auditing for Privacy"

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Privacy, Security, Confidentiality, and Legal Issues

Privacy, Security, Confidentiality, and Legal Issues
Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.

Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.
Information Security Policies and Standards

Information Security Policies and Standards
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Department Of Computer Engineering

Department Of Computer Engineering
SECURITY: 2014. Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.

SECURITY: Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.

September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
HIPAA COMPLIANCE WITH DELL

HIPAA COMPLIANCE WITH DELL
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey 07458 All rights reserved. Health Information Technology and Management Richard.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,
A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.
1 Applied Cryptography in CyberTA Brent Waters Work with Dan Boneh and Amit Sahai.

1 Applied Cryptography in CyberTA Brent Waters Work with Dan Boneh and Amit Sahai.

Similar presentations

Ads by Google