Keeping Health Data Under Lock and Key
November 27, 2018 | Technische Universität MünchenEstimated reading time: 3 minutes
Researchers from the Collaborative Research Center CROSSING at Technische Universität Darmstadt (Germany) have developed a solution that will ensure decades of safe storage for sensitive health data in a joint project with Japanese and Canadian partners. An initial prototype was presented during a recent conference in Beijing, China. The system will go into trial operation in Japan in the coming weeks.
The introduction of an electronic patient record system has been discussed in Germany and internationally for quite some time. However, development is often thwarted by concerns regarding data security. Health data in particular – which due to the progress of modern medicine contains genome information more frequently than ever before – must be securely stored for a lifetime and or even multiple generations.
A major challenge are the technological developments that will occur over this extended time period, as these have an enormous impact on the security of existing cryptographic schemes. “All encryption methods used today will become insecure over the course of the next few years and decades”, explains Professor Johannes Buchmann, spokesperson for the Collaborative Research Center CROSSING. “The attackers’ computing power will increase and their attacks will improve. Therefore we can assume that all encrypted data will be compromised in 20 years if not sooner.”
Long-Term Confidentiality Through “Secret Sharing”
Buchmann and his team have been working to prevent this since 2015, in cooperation with Japanese research institute NICT (National Institute of Information and Communications Technology). Together they collaborate on the project “LINCOS – Long-Term Integrity and Confidentiality Protection System”. In 2017, the Japanese hospital operator Kochi Health Science Center and the Canadian company ISARA joined the project. The LINCOS system is the first to combine information theoretic confidentiality protection with renewable integrity protection. This means that no matter what computing capacity and algorithms are available in the future, noone shall be able to access or modify the protected data.
The guarantee of long-term confidentiality is achieved through a technology called “secret sharing”. The original data set is distributed among several servers in such a way that the individual parts are meaningless. Only when a sufficient number of parts – known as “shares” – are combined, the original data set of the patient file can be reconstructed. If one of the servers is compromised, the captured share is of no use to the attacker. In addition, the distribution is renewed regularly. The integrity, i.e. ensuring that data have not been changed, is achieved by quantum computer-resistant signatures. But even if the scheme utilised is classified as uncertain in the longterm, the researchers have taken precautions: The signature schemes are exchanged regularly. Integrity protection is thereby seamlessly ensured.
Sustainable Protection is Needed
The Canadian company ISARA, the industrial partner of the project, protects the data during transfer between the hospital and the server operators with quantum computer-resistant encryption. This is the third component of the LINCOS system. In the future, the researchers want to add yet another level of security that they have already realised in prototype with the Japanese team: quantum key exchange. This procedure guarantees sustainable secure keys, since it is impossible for an attacker to intercept the key exchange. The scientists at Collaborative Research Center CROSSING are even working on this research topic in their own quantum laboratory at TU Darmstadt.
“The sustainable protection of electronic health records is only one example of areas where sustainable security is urgently needed. In our digitised world, we produce an unimaginable amount of sensitive data every day, which must remain confidential and unchanged over a long period of time, for instance in the implementation of Industry 4.0 which is crucial to Germany as an industrial nation. Policymakers are called upon to ensure the guaranteed long-term protection of our data”, appeals Buchmann.
About CROSSING
More than 65 scientists from cryptography, quantum physics, system security and software engineering jointly work in the Collaborative Research Center CROSSING and perform both basic and application-oriented research. The goal is to develop security solutions that enable secure and trustworthy IT systems in the future. CROSSING is funded by the Deutsche Forschungsgemeinschaft since 2014.
Suggested Items
Lockheed Martin Successfully Transitions Long Range Discrimination Radar To The Missile Defense Agency
04/23/2024 | Lockheed MartinThe Long Range Discrimination Radar (LRDR) at Clear Space Force Station in Clear, Alaska, completed DD250 final acceptance and was officially handed over to the Missile Defense Agency in preparation for an Operational Capability Baseline (OCB) decision and final transition to the Warfighter. In addition, prior to this transition, the system has started Space Domain Awareness data collects for the United States Space Force.
US Department of Defense Selects Intel Foundry for Phase Three of RAMP-C
04/23/2024 | IntelThe U.S. Department of Defense (DoD) has awarded Intel Foundry Phase Three of its Rapid Assured Microelectronics Prototypes - Commercial (RAMP-C) program.
Real Time with... IPC APEX EXPO 2024: AI Implementation at Omron
04/18/2024 | Real Time with...IPC APEX EXPOEditor Nolan Johnson and Omron Product Manager Nick Fieldhouse discuss the company's focus on AI implementation to enhance customer experience and results. They address programming challenges and how AI can help customers achieve better outcomes with less experience. Omron's AI is compatible with existing systems, facilitating easy upgrades.
Cadence Unveils Palladium Z3 and Protium X3 Systems
04/18/2024 | Cadence Design SystemsThe Palladium Z3 and Protium X3 systems offer increased capacity, and scale from job sizes of 16 million gates up to 48 billion gates, so the largest SoCs can be tested as a whole rather than just partial models, ensuring proper functionality and performance.
Real Time with... IPC APEX EXPO 2024: MYCRONIC's Evolution and New Solutions
04/17/2024 | Real Time with...IPC APEX EXPOHenry Crandall interviews Kevin Clue, the vice president of global sales for MYCRONIC's High Flex division. They discuss the company's evolution, emphasizing its strong customer relationships and its role as a versatile, turnkey solution provider. Kevin unveils new solutions launched at IPC APEX EXPO, including an AI-integrated inspection system and the A40 pick-and-place platform. The conversation also touches on the increased use of AI and deep learning.