Verifiable and Redactable Medical Documents
18
description
Jordan Brown ( [email protected] ) & Douglas M. Blough. Verifiable and Redactable Medical Documents. Problem. It is difficult and time consuming to distribute different views of verifiable medical records. We want to make the process more manageable and efficient. Proposed Process. - PowerPoint PPT Presentation
Transcript of Verifiable and Redactable Medical Documents
Problem
It is difficult and time consuming to distribute different views of verifiable medical records. We want to make the process more manageable and
efficient.
Proposed ProcessIn
stitu
tiona
l Bou
ndar
ies
Data Provider
IntermediaryData
Consumers
Related Works
Application of the work seen in paper by Bauer, Blough, and Cash (ACM 2008)
Other similar approaches – (CDA Documents) Wu et al (JMS 2010) Slamanig and Stingl (IEEE 2009) Slamanig and Rass (Springer 2010)
Continuity of Care Document (CCD)
Cryptographic Primitives
CONCEPTS FOR BUILDING MERKLE HASH TREES
Hash Function One-way function Variable length input Maps to fixed length
output Statistically unlikely to
find/calculate collisions Computationally cheap
compared to signatures
Public Key Signatures Use secret key in
combination with message to sign
Send signed message and original message
Using public key on signed message returns the original message
If actual message matches calculated message the signature verifies
Merkle Hash Tree (MHT)
Sign(Hash)
Hash(1,2)
Hash(1)1
Hash(2)2
Hash(3,4)
Hash(3)3
Hash(4)4
MHT Continued
Redaction Remove unused
data Keep Hashes Prune Tree
Verification Reconstruct
remainder of tree Verify the root
signature
Sign(Hash)
Hash(1,2)
Hash(1) Hash(2)
Hash(3,4)
Hash(3)3
Hash(4)421
Multi-Level MHTs
…
……
Root
… … …
Multi-level signatures
Comprehensive document across multiple sources
CCD Contained in MHT
Sign(Hash)
Hash(1,2)
Hash(1) Hash(2)
Hash(3,4)
Hash(3) Hash(4)
Continued
Performance Results
Overview
SETUP
All times (CPU) Eclipse 3.6.2 with Java
SE 1.6 Windows 7 PC with
2.4 GHz Intel Core i5 and 4GB RAM
DATASET 206 Records Average element count of
190 Maximum element count
was 828 Average extraction time
was 312 ms Optimizations have since
been made (~10%) Remaining results found
with permutations of a single record
Data Provider Overhead
Not included in time Process single document Extract relevant items
Included Create leaves Form tree Sign root
Structure construction much more efficient than extracting elements
Tree Construction
Intermediary Overhead
Setup Create multi-level
tree with 20 sub-trees
Process Randomly redact
from even distribution of trees
Prune after each redaction
Very fast operation
Tree Redaction
Data Consumer Overhead
Not included: Document
reconstruction Included:
Reconstruct hashes Verify root signature
Cost comparable with construction
Document reconstruction expensive
Tree Verification
Conclusions &Future Additions Computationally Efficient Verifiable
Redactable Data Dependencies – Bauer et al. (ACM 2009) Redaction Tracking – Izu et al. (2005) Pseudonymization – Haber et al. (ACM 2008) Sanitization (Invisibility) – Miyazaki et al.
(ACM 2006) Distributed Approach to Research Data
Access Tracking and Control (joint work with Emory University Center for Clinical Informatics)
Questions/Comments?
