Mobile Blood Donation Registration Service: Security and Privacy Issues
description
Transcript of Mobile Blood Donation Registration Service: Security and Privacy Issues
Mobile Blood Donation Registration Service: Security
and Privacy IssuesPresented by
Patrick C. K. HungFaculty of Business and IT
University of Ontario Institute of Technology (UOIT)
Canada
Salute Prof. Ho-Fung Leung (CUHK, Hong Kong) Dr. C. K. Lee (Hong Kong Blood Transfusion Service, Hong Kong) Prof. Jay Tashiro (UOIT, Canada and Wolfsongs Informatics, USA) Prof. Wendy Hui (University of Nottingham Ningbo, Ningbo) Prof. Michael Chau (HKU, Hong Kong) Dr. Lalita Narupiyakul (UOIT, Canada) Mr. Frenco Cheung (CUHK, Hong Kong) Mr. Mars Yim (CUHK, Hong Kong) Mr. Matthias Farwick (University of Innsbruck, Austria) Mr. Kai-kin Chan (Baptist U, Hong Kong) Mr. Thomas Trojer (University of Innsbruck, Austria) Ms. Michelle Watson (UOIT, Canada) Ms. Stephanie Chow (UOIT, Canada) Mr. Ryan Bishop (UOIT, Canada)
Outline Blood Donation Registration XML Technology Security and Privacy Issues Our System Pilot Tests Demonstration Future Work Q&A
Blood Donation Procedure Objective Blood Donation Form Electronic Blood Donation Form
Blood Donation Registration
Blood Donation Procedures Personal data Health history enquiry Haemoglobin test and blood pressure
checking Interviewed by nurse Blood donation
Objective Minimize drop out blood donors
Maximize return blood donors Reduce time and human error Keep contact with blood donors
Promote blood donation events Provide visualize education about blood donation
Maximize blood donation services
Blood Donation Form
Blood Donation Form (cont’d)
Electronic Blood Donation Form
Electronic Blood Donation Form (cont’d)
XML XML Schema Extensible Stylesheet Language Web Service Web Service Description Language Simple Object Access Protocol Service Oriented Architecture Semantic Web – OWL, SWRL
XML Technology
XML: eXtensible Markup Language A general-purpose specification for
creating custom markup languages. Allow users to define their own
elements. Facilitate the sharing of structured data
across different information systems Used to encode documents and to
serialize dataTraditional Database or SpreadsheetAdam, Smith, asmith, 1765, John, Smith, jsmith, 1234, ...
XML<Staff> <Name> <FirstName> Adam </FirstName> <LastName> Smith </LastName> </Name> <Login> asmith </Login> <Ext> 1765 </Ext></Staff>
XML Example
XML Schema A description of a type of XML document Express in terms of constraints on the
structure and content of documents Example of XML schema
Extensible Stylesheet Language(XSL) A family of transformation languages
XSL Transformations, XSL Formatting Objects and XML Path Language
XSL Transformations (XSLT): an XML language for transforming XML documents
Describe how to format or transform files encoded in the XML standard
XSLT Example
Web ServiceW3C Definition of a Web Service
has a unique Uniform Resource Identifier (URI) http://en.wikipedia.org/wiki/Uniform_Resource_Identifier
can be defined, described, and discovered using XML
supports exchange of XML messages via Internet-based protocols
Supported by all major computing companies, e.g., IBM, Microsoft, Sun Java, and etc.
Web Service Description LanguageWeb Services Description Language (WSDL) describes the Web service’s interface:
what operations the Web service supports what protocols to use how the data exchanged should be
packed
The WSDL document is a contract between the service requestor and provider.
Simple Object Access ProtocolSimple Object Access Protocol (SOAP) is an XML-based messaging protocol.
SOAP is independent of the underlying transport protocol:
HTTP SMTP FTP.
Service Oriented Architecture
BUSI 2501U E-Business Tech. - Winter 2008 20
Web Services ProviderWeb ServiceInterface:
Web Service Description Language (WSDL)
Implementation:Services-oriented Architecture
Web Services Requestor
Input Message
Output Message
Simple Object Access Protocol (SOAP)
Simple Object Access Protocol (SOAP)
RegistriesUniversal Description,
Discovery and Integration (UDDI)
Optional
Web Services Provider
Web ServicesBroker
Semantic Web – OWL, SWRL The Semantic Web is a web that is able
to describe things in a way that computer applications can understand
Ontology Web Lanuage (OWL) is a language for defining and instantiating Web ontology Ontology refers to the science of describing
the kinds of entities in the world and how they are related
Semantic Web Rule Language (SWRL) is a language for defining the relationship between instances on OWL
Health Level 7 (HL7)Formed in the United States in 1987One of several American National Standards
Institute (ANSI) "Level Seven"
Refer to the highest level of the International Organization for Standardization (ISO) communications model for Open Systems Interconnection (OSI)
Application levelWho needs HL7
Hospitals, doctors, nurses and health care practitioners Require the ability to send and receive healthcare data
Ex. patients information, lab reports and test results www.hl7.org
Clinical Document Architecture (CDA)HL7 is in the XML platform
Version 3.0 Provide XML schema as standard
Clinical Document Architecture (CDA) Version 2.0 Standard for the clinical document Schemas for recording clinical events in documents Composed of 2 main parts
Header: Patient information, Document information, Confidential level, Time stamp
Body: Medical background, Physical examination, Image, Video
Literature Review Privacy Access Control Threat Modeling
Security and Privacy Issues
Literature Review
Adapted from Blobel, B. and F. Roger-France. (2001). A systematic approach for analysis and design of secure health information systems. International Journal of Medical Informatics, Volume 62, Number 1, pp. 51-78.
Literature Review (cont.)
Adapted from Blobel, B. and F. Roger-France. (2001). A systematic approach for analysis and design of secure health information systems. International Journal of Medical Informatics, Volume 62, Number 1, pp. 51-78.
Literature Review (cont.)
• “Preserve donor privacy by restricting access to donor data to authorized Red Cross personnel”
• “Protect the integrity of donor data”• “Protect the integrity of usage data”
• “Maintain availability of communication paths”• “Maintain availability of web service server”
Availability
Integrity
Confid
entia
lity
Privacy “Privacy is the ability of an individual or group
to stop information about themselves from becoming known to people other than those they choose to give the information to.”
http://en.wikipedia.org/wiki/Privacy
“All persons have a fundamental right to privacy, and hence to have control over the collection, storage, access, communication, manipulation and disposition of data about themselves.”
International Medical Informatics Association (IMIA)
Access Control
29
American National Standard 359-2004 is the Information Technology industry consensus standard for RBAC
Adapted from: David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn and Ramaswamy Chandramouli, “Proposed NIST Standard for Role-Based Access Control, ACM Transactions on Information and Systems Security (TISSEC),” Volume 4, Number 3, August 2001.
Role Based Access Control (RBAC)
Access Control (cont.)eXtensible Access Control Markup Language
(XACML) Allow administrators to define the access control
requirements for their application resourcesSupport data types, functions, and combining
logic Allow complex (or simple) rules to be defined
XACML privacy profileIncludes an access decision language
used to represent the runtime request for a resourceWhen a policy is located which protects a
resource The functions compare attributes in the request
against attributes contained in the policy rules ultimately yielding a permit or deny decision
Access Control (cont.)
Access Control (cont.) GEO-Privacy
Extend GEO-Privacy with complex constraints like „Two Eyes Principle“, or role-location conflicts
Create a prototypical implementation using XACML and the IPhone‘s location API
RPOS
SES Ri
Rs
UsersU
OPS Obj
Sessio
nUse
rs User Role Instance
Assignment
Session roles
Enabled Session RolesSPATIAL ROLES
Obligations
Conditions
Retentions
Purposes
Threat Modeling
Threat Modeling (cont.)Man-in-the-middle
Threat Modeling (cont.)
35
Internet Backend Process
Privacy &Access Control
Authentication
Web Service Server
Wifi
Bluetooth
Cable
Database
PrivateKey
Public Key
Personal Data Files
Security Technology- SSL-Apache Technology + XML Encryption + XML Signature + XML Key Management + WS-Reliable Messaging: SANDESHA - XACML- Secure Transaction (Acknowledgement, Time Stamp)
Record of Donation
Record of Donation
Record of Donation
Web X.0 Technology- Facebook: HK Red Cross Donor Group- MSN- RSS: WHO.org and Redcross.org- Semantic Web + OWL files & SWRL rules
Business Logic
EEE PC
EEE PC
EEE PC
Donation Process,Paypal, etc
Overview of the System Architecture of the System User Interface - JavaServer Face Web Service-based SOA
Our system
Overview of the System
Linux Network UserInterface
Privacy&
Security
Open Source• Tomcat 6• Axis2• WASA• eXist
Connectivity• Private
Wireless Network
• LAN
GUI• JSF
XML Security• Apache
Rampart
Overview of the System (cond’t)
Overview of the System (cond’t)
Overview of the System (cond’t)
Architecture of the System
User Interface - JavaServer Face J2EE Model View Controller Pattern (MVC) for
the Web
Integrated validation of user input
Integrated dynamic page flow support
Ajax add-ons for dynamic behavior (i.e. progress bars, dynamic highlighting, etc)
Server-side Java classes make integration with Web Services easily
Web Service-based SOA Software-Oriented Architecture Used for businesses to communicate
with each other Allow organizations to communicate
data without intimate knowledge of each other's IT systems behind the firewall
The Hong Kong Red Cross Blood Donation Center
Pilot Test
Blood Donation Station Set-up Server – Lenovo Laptop(OS: Linux) Client side (Mobile Devices) – Asus
EeePC Red Cross side – our own notebook
November 28, 2009 – King’s Park
Result and Feedback 1st pilot test (on 9th August):
Fail to send the finished form from client to server
Unsatisfied reaction time for the interface 2nd pilot test (on 6th November):
Connection failure between the mobile devices and the server
Input interrupted A non-styled e-form occurred
3rd pilot test (on 26th November): Everything running smoothly
Result and Feedback (cont.) 4th pilot test (on 15th December):
Testing the Tablet PC with touch screen
General feedback from the users: Satisfactory on learning how to use the
system Prefer to use the paper form (but this may
depend on the age groups of the users and other reasons)
Agree that this system can help in shortening the waiting time for blood donation
Prefer to use the touch screen
Video Demonstrations
Demonstration
Client Side
Client Side (cond’t)
Client Side (cond’t)
Client Side (cond’t)
Client Side (cond’t)
Client Side (cond’t)
Client Side (cond’t)
Client Side (cond’t)
Client Side (cond’t)
Client Side (cond’t)
Client Side (cond’t)
Client Side (cond’t)
Client Side (cond’t)
Red Cross Side
Red Cross Side (cond’t)
Red Cross Side (cond’t)
Red Cross Side (cond’t)
Red Cross Side (cond’t)
Red Cross Side (cond’t)
Future Work Q&A
Future Work
Future Work Testing the Bone Marrow Donor
Registration Form
Future Work (cond’t) Implement Semantic Web technology
(OWL and SWRL )in Protégé.http://protege.stanford.edu/
Future Work (cond’t)
Q14a = Boolean14. Have you received surgery (including endoscopic examination, treatment involving the use of catheters)?
YE
S
Ask Level of Surgery
If elective minor then defer 3 monthsElse If elective major then defer 6 monthsElse If elective major emergency then defer 12 monthsElse contact nurse (nurse can decide a level)
Q8_1 = Boolean8(1). Have you had contact with an infectious disease?
YE
S
Ask to specifydisease
Check ontology and Decide the defer time
Disease Ontology
YE
S
Q8_1 = Boolean8(1). Have you had contact with an infectious disease?
YE
S
Check ontology and Decide the defer time
Q8_1 = Boolean8(1). Have you had contact with an infectious disease?
YE
S
Check ontology and Decide the defer time
Q8_1 = Boolean8(1). Have you had contact with an infectious disease?
YE
S
Check ontology and Decide the defer time
Q8 = Boolean8). Have you had contact with an infectious disease?
Future Work (cond’t) Implement a new interface for PDA and
iPhone Test out the form in PDA and iPhone Adapt Web 2.0 technologies in the
system More Pilot Tests for different fields of
people
Q&A Thanks you!