SecureTeleassistance towards endless medical litigations: - - PDF document

secureteleassistance towards endless
SMART_READER_LITE
LIVE PREVIEW

SecureTeleassistance towards endless medical litigations: - - PDF document

Dec 02, 2022 279 likes •489 views

SecureTeleassistance towards endless medical litigations: Identification of liabilities through a protocol using Joint Watermarking-Encryption Evidences Dalel Bouslimi, Gouenou Coatrieux, Michel Cozic, Christian Roux

slide-1
SLIDE 1

Institut Mines-Télécom

SecureTeleassistance towards endless medical litigations: Identification of liabilities through a protocol using Joint Watermarking-Encryption Evidences

Dalel Bouslimi, Gouenou Coatrieux, Michel Cozic, Christian Roux

03/09/2014

Dalel.Bouslimi@telecom-bretagne.eu

slide-2
SLIDE 2

Institut Mines-Télécom 2

03/09/2014

Présentation de Télécom Bretagne

Outline

  • Telemedicine and security
  • French legislation and security needs
  • Proposed telemedicine protocol

A. “Request for Opinion” sub-protocol B. “Opinion Response” sub-protocol C. “Verification” sub-protocol

  • Security analysis
  • Conclusion
slide-3
SLIDE 3

Institut Mines-Télécom 3 Présentation de Télécom Bretagne

Telemedicine and Security

  • Example : tele-expertise scenario

Expert (E)

Internet

Request for opinion Referent opinion Physician (P)

Threat

  • Security?
  • Liability of each

physician?

03/09/2014

slide-4
SLIDE 4

Institut Mines-Télécom 4 Présentation de Télécom Bretagne

French legislation and security needs

  • transmitted data have to be saved with the identity of all practitioners

and patient, the transaction date and time.

  • Save the substance of the answer of the referent with the identifiers of

the physician, the specialist, the transaction date and time.

  • The date, time and substance of the answer of the referent practitioner

must be strongly linked to the documents he received before sending it.

  • Both practitioners must be identified in such a way they cannot

repudiate their respective messages.

  • Data have to be stored on a non-erasable medium for the prescription

period required by national law.

  • all elements involved in the transaction must be carefully stored, with no

means of modification, and must be rendered unreadable from an unauthorized access.

03/09/2014

slide-5
SLIDE 5

Institut Mines-Télécom 5 Présentation de Télécom Bretagne

French legislation and security needs

  • transmitted data have to be saved with the identity of all practitioners

and patient, the transaction date and time.

  • Save the substance of the answer of the referent with the identifiers of

the physician, the specialist, the transaction date and time.

  • The date, time and substance of the answer of the referent practitioner

must be strongly linked to the documents he received before sending it.

  • Both practitioners must be identified in such a way they cannot

repudiate their respective messages.

  • Data have to be stored on a non-erasable medium for the prescription

period required by national law.

  • all elements involved in the transaction must be carefully stored, with no

means of modification, and must be rendered unreadable from an unauthorized access. Save exchanged data with the identifiers of physicians and patient, and the transaction timestamp Maintain a strong link between the request for opinion and its answer Ensure the confidentiality , the integrity and the non- repudiation

03/09/2014

slide-6
SLIDE 6

Institut Mines-Télécom 6 Présentation de Télécom Bretagne

Proposed telemedicine protocol

  • Based on Joint Watermarking-Encryption (JWE)

Encryption: confidentiality

Watermarking : Dissimulate the information in the data themselves independently of its file format.

  • !"#$%& %&'()*('(+,

%&'()*('(+,

  • ("+&.%(+, / )$+0&"+(1(+,2

3 3 &4*&5 )" ("+&.%(+, 6%778 / +0& (5&"+(8(&%# 78 +0& 5(88&%&"+ &"+(+(&# ("97'9&5 (" +0& &:10)".&;

  • Introduce a secure link between exchanged data

3 &4*&5 +%)"#)1+(7" +(4&#+)46 / 5(.(+)' #(.")+$%& 78 %&')+&5 571$4&"+#;

03/09/2014

slide-7
SLIDE 7

Institut Mines-Télécom 7 Présentation de Télécom Bretagne

Joint Watermarking-encryption approach

03/09/2014

Give access to watermarking security functionalities before & after decryption process.

Compliant with DICOM standard.

  • ms & me : messages available in the spatial and encrypted domains.
slide-8
SLIDE 8

Institut Mines-Télécom 8 Présentation de Télécom Bretagne

Proposed telemedicine protocol: general principal

Third Tierce Party (TTP) Praticien (P) Expert (E)

Request for opinion Request & generate a watermark Request & generate a watermark / Referent opinion

03/09/2014

slide-9
SLIDE 9

Institut Mines-Télécom 9 Présentation de Télécom Bretagne

Proposed telemedicine protocol: general principal

Third Tierce Party (TTP) Praticien (P) Expert (E)

Request for opinion Request & generate a watermark Request & generate a watermark

Submit evidences

/ Referent opinion

03/09/2014

slide-10
SLIDE 10

Institut Mines-Télécom 10 Présentation de Télécom Bretagne

Proposed telemedicine protocol

  • Three sub-protocols:

A. “Request for Opinion” sub-protocol B. “Opinion Response” sub-protocol C. “Verification” sub-protocol

03/09/2014

slide-11
SLIDE 11

Institut Mines-Télécom 11 Présentation de Télécom Bretagne

“Request for Opinion” sub-protocol

Third Tierce Party (TTP) Physician (P)

X: document to send to the referent (request for opinion) Y: document to send to the physician (referent

  • pinion)

Expert (E)

03/09/2014

slide-12
SLIDE 12

Institut Mines-Télécom 12 Présentation de Télécom Bretagne

“Request for Opinion” sub-protocol

Generate watermark WX Identifiers in encrypted form & its digital signature

  • 1. Watermark

generation Third Tierce Party (TTP) Physician (P) Expert (R)

03/09/2014

WX in encrypted form & its digital signature

slide-13
SLIDE 13

Institut Mines-Télécom 13 Présentation de Télécom Bretagne

“Request for Opinion” sub-protocol

Generate watermark WX JWE Store the signature of WX Identifiers in encrypted form & its digital signature WX in encrypted form & its digital signature

  • 1. Watermark

generation

  • 2. Request

Transmission Third Tierce Party (TTP) Physician (P) Expert (R) Reliability proof (me) WX

03/09/2014

slide-14
SLIDE 14

Institut Mines-Télécom 14 Présentation de Télécom Bretagne

“Request for Opinion” sub-protocol

Generate watermark WX JWE Store the signature of WX Verify image reliability Identifiers in encrypted form & its digital signature WX in encrypted form & its digital signature

  • 1. Watermark

generation Xwe

  • 2. Request

Transmission

  • 3. Receipt acknowldg.

transmission Generate a receipt acknowledg. Store Third Tierce Party (TTP) Physician (P) Expert (R) Reliability proof (me) WX

03/09/2014

slide-15
SLIDE 15

Institut Mines-Télécom 15 Présentation de Télécom Bretagne

“Opinion Response” sub-protocol

12/12/2013

Generate watermark WY JWE Store the signature of WY Verify image reliability & its link with Xw Identifiers in encrypted form & its signature WY in encrypted form & its signature

  • 1. Watermark

generation Ywe

  • 2. Request

Transmission

  • 3. Receipt acknowldg.

transmission Generate a receipt acknowledg. Store Third Tierce Party (TTP) Expert(E) Referent (R) Reliability proof WY Generate me Xw me

03/09/2014

15

slide-16
SLIDE 16

Institut Mines-Télécom 16 Présentation de Télécom Bretagne

“Verification” sub-protocol

Proofs

  • Exchanged documents (Xw & Yw).
  • TTP digital signatures of WX & WY.
  • Receipt acknowledgment: signatures of received documents (Xw

& Yw).

1. Verification of embedded watermarks.

! "#$%& '#$ ()%*+$,'

  • *'#$,'.%.'/ -,( .'0 1.,& 2.'#

'#$ '3-,0-%'.),4

03/09/2014

slide-17
SLIDE 17

Institut Mines-Télécom 17 Présentation de Télécom Bretagne

“Verification” sub-protocol

Proofs

  • Exchanged documents (Xw & Yw).
  • TTP digital signatures of WX & WY.
  • Receipt acknowledgment: signatures of received documents (Xw

& Yw).

  • 2. Verification Xw and Yw correspond to those really

exchanged.

Compute signature Watermarked document Xw (resp. Yw) =? Yes/no Stored signature of Xw (resp. Yw)

03/09/2014

slide-18
SLIDE 18

Institut Mines-Télécom 18 Présentation de Télécom Bretagne

Security analysis

  • Robust to non-repudiation issue and collusion attack.
  • Collusion attack
  • Both physicians cooperate to circumvent the protocol.
  • Repeat protocol steps to build false evidences.
  • Insert new watermarks or watermarks previously

generated into new documents. ! ! The timestamps and/or the images’ identifiers don’t correspond to those presented by the colluders.

03/09/2014

slide-19
SLIDE 19

Institut Mines-Télécom 19 Présentation de Télécom Bretagne

Conclusion

  • A new secure tele-assistance protocol based on Joint

Watermarking-Encryption algorithm

  • Jointly offered security services:
  • Confidentiality.
  • !"#" $%&'"('&'#)*
  • +$,-'.% %-'.%/0% #1"#

"/ %201"/3% ,004$$%.*

  • Identify which data were involved by means of a

secure link between them.

  • Resistant to non-repudiation issue and collusion attack

03/09/2014

slide-20
SLIDE 20

Institut Mines-Télécom

02/09/2014

Présentation de Télécom Bretagne 20

Thank Thank you you for for your your attention attention