Keeping Health Data Under Lock and Key
November 27, 2018 | Technische Universität MünchenEstimated reading time: 3 minutes
Researchers from the Collaborative Research Center CROSSING at Technische Universität Darmstadt (Germany) have developed a solution that will ensure decades of safe storage for sensitive health data in a joint project with Japanese and Canadian partners. An initial prototype was presented during a recent conference in Beijing, China. The system will go into trial operation in Japan in the coming weeks.
The introduction of an electronic patient record system has been discussed in Germany and internationally for quite some time. However, development is often thwarted by concerns regarding data security. Health data in particular – which due to the progress of modern medicine contains genome information more frequently than ever before – must be securely stored for a lifetime and or even multiple generations.
A major challenge are the technological developments that will occur over this extended time period, as these have an enormous impact on the security of existing cryptographic schemes. “All encryption methods used today will become insecure over the course of the next few years and decades”, explains Professor Johannes Buchmann, spokesperson for the Collaborative Research Center CROSSING. “The attackers’ computing power will increase and their attacks will improve. Therefore we can assume that all encrypted data will be compromised in 20 years if not sooner.”
Long-Term Confidentiality Through “Secret Sharing”
Buchmann and his team have been working to prevent this since 2015, in cooperation with Japanese research institute NICT (National Institute of Information and Communications Technology). Together they collaborate on the project “LINCOS – Long-Term Integrity and Confidentiality Protection System”. In 2017, the Japanese hospital operator Kochi Health Science Center and the Canadian company ISARA joined the project. The LINCOS system is the first to combine information theoretic confidentiality protection with renewable integrity protection. This means that no matter what computing capacity and algorithms are available in the future, noone shall be able to access or modify the protected data.
The guarantee of long-term confidentiality is achieved through a technology called “secret sharing”. The original data set is distributed among several servers in such a way that the individual parts are meaningless. Only when a sufficient number of parts – known as “shares” – are combined, the original data set of the patient file can be reconstructed. If one of the servers is compromised, the captured share is of no use to the attacker. In addition, the distribution is renewed regularly. The integrity, i.e. ensuring that data have not been changed, is achieved by quantum computer-resistant signatures. But even if the scheme utilised is classified as uncertain in the longterm, the researchers have taken precautions: The signature schemes are exchanged regularly. Integrity protection is thereby seamlessly ensured.
Sustainable Protection is Needed
The Canadian company ISARA, the industrial partner of the project, protects the data during transfer between the hospital and the server operators with quantum computer-resistant encryption. This is the third component of the LINCOS system. In the future, the researchers want to add yet another level of security that they have already realised in prototype with the Japanese team: quantum key exchange. This procedure guarantees sustainable secure keys, since it is impossible for an attacker to intercept the key exchange. The scientists at Collaborative Research Center CROSSING are even working on this research topic in their own quantum laboratory at TU Darmstadt.
“The sustainable protection of electronic health records is only one example of areas where sustainable security is urgently needed. In our digitised world, we produce an unimaginable amount of sensitive data every day, which must remain confidential and unchanged over a long period of time, for instance in the implementation of Industry 4.0 which is crucial to Germany as an industrial nation. Policymakers are called upon to ensure the guaranteed long-term protection of our data”, appeals Buchmann.
About CROSSING
More than 65 scientists from cryptography, quantum physics, system security and software engineering jointly work in the Collaborative Research Center CROSSING and perform both basic and application-oriented research. The goal is to develop security solutions that enable secure and trustworthy IT systems in the future. CROSSING is funded by the Deutsche Forschungsgemeinschaft since 2014.
Suggested Items
Altus Partners with G&B Electronic Designs to Enhance Inspection Capabilities
10/23/2024 | Altus GroupAltus Group, a leading distributor of electronics assembly equipment in the UK and Ireland, has supported G&B Electronic Designs Ltd., a prominent EMS in the UK, in enhancing its inspection processes through the installation of the Koh Young Zenith Alpha HS+.
Keysight Collaborates with Siemens EDA to Enable the Next Generation of Wireless Design
10/23/2024 | Keysight TechnologiesKeysight Technologies, Inc. and Siemens EDA have teamed up to accelerate the efficiency of wireless and defense system design.
Automotive Electronics Control Management Market Size Expected to Reach $48B by 2031
10/23/2024 | Globe NewswireThe automotive electronics control management market was estimated at US$ 29.2 billion in 2022. A CAGR of 5.7% is expected from 2023 to 2031, and the market is expected to reach US$ 48.0 billion by 2031.
Yamaha Robotics Appoints Roberto Ferraretto New Area Manager for Italy
10/23/2024 | Yamaha RoboticsYamaha Robotics SMT Section has announced that Roberto Ferraretto has joined the team as Area Manager for Italy, to support the Company’s range of printers, mounters, inspection systems, and software for high-speed surface-mount and hybrid assembly.
Teledyne FLIR Defense Wins $91 Million Contract from U.S. Army for Black Hornet 4 Nano-Drones
10/22/2024 | BUSINESS WIRETeledyne FLIR Defense, part of Teledyne Technologies Incorporated (NYSE:TDY), has won a five-year contract worth up to $91 million to provide its Black Hornet® 4 Personal Reconnaissance Systems to the United States Army.