Anonymity and Application Privacy in Context of Mobile Computing in eHealth
In the area of health care and sports in recent years a variety of mobile applications have been established. Mobile devices are of emerging interest due to their high availability and increasing computing power in many different health scenarios. In this paper we present a scalable secure sensor monitoring platform (SSMP) which collects vital data of users. Vital parameters can be collected by just one single sensor or in a multi-sensor configuration. Nowadays a wide spectrum of sensors is available which provide wireless connectivity (e.g. Bluetooth). Vital data can then easily be transmitted to a mobile device which subsequently transmits these data to an eHealth portal. There are already solutions implementing these capabilities, however privacy aspects of users are very often neglected. Since health data may enable people to draw potentially compromising conclusions (e.g. insurance companies), it is absolutely necessary to design an enhanced security concept in this context. To complicate matters further, the trustworthiness of providers which are operating with user’s health data can not be determined by users a priori. This means that the security concept implemented by the provider may bear security flaws. Additionally there is no guarantee that the provider preserves the users privacy claims. In this work we propose a security concept incorporating privacy aspects using mobile devices for transferring and storing health data at a portal. In addition, the concept guarantees anonymity in the transfer process as well as for stored data at a service provider. Hence, insider attacks based on stored data can be prevented.
KeywordsMobile Device Mobile Application Mobile Computing Application Layer Data Anonymity
Unable to display preview. Download preview PDF.
- 1.Andersson, C., Lundin, R., Fischer-Hübner, S.: Privacy Enhanced WAP Browsing with mCrowds – Anonymity Properties and Performance Evaluation of the mCrowds System. In: Proceedings of the ISSA 2004 Enabling Tomorrow Conference, Gallagher Estate, Midrand, South Africa, June 30-July 2 (2004)Google Scholar
- 2.Andersson, C., Panchenko, A.: Practical Anonymous Communication on the Mobile Internet using Tor. In: Proceedings of the Third International Workshop on the Value of Security through Collaboration (IEEE SECOVAL 2007) part of IEEE SECURECOMM 2007, Nice, France (September 2007)Google Scholar
- 4.Boneh, D., Franklin, M.: Anonymous Authentication with Subset Queries. In: Proc. of ACM Conference on Computer and Communications Security, pp. 113–119 (1999)Google Scholar
- 8.Computer Crime and Security Survey 2007, Computer Security Institute, http://www.gocsi.com/forms/csi_survey.jhtml
- 9.Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-Generation Onion Router. In: Proc. of the 13th USENIX Security Symposium (August 2004)Google Scholar
- 10.Danezis, G., Diaz, C.: A survey of anonymous communication channels. Technical Report MSR-TR-2008-35, Microsoft Research (January 2008)Google Scholar
- 11.Lindell, A.: Anonymous Authenticaion. Whitepaper Aladdin Knowledge Systems (2007), http://www.aladdin.com/blog/pdf/AnonymousAuthentication.pdf
- 13.Pfitzmann, A., Pfitzmann, B., Waidner, M.: ISDN- Mixes: Untraceable Communication with Very Small Bandwidth Overhead. In: Proc. Kommunikation in verteilten Systemen (KiVS). IFB 267, pp. 451–463. Springer, Berlin (1991)Google Scholar
- 14.Reiter, M.K., Rubin, A.D.: Crowds: Anonymity for Web Transactions. Technical Report 97-15, Center for Discrete Mathematics & Theoretical Computer Science (1997)Google Scholar
- 17.Slamanig, D., Stingl, C., Lackner, G., Payer, U.: Privacy Protection in web-based Multiuser-Systems (German). In: Horster, P. (ed.) DACH-Security 2007, pp. 98–110. IT-Verlag (2007)Google Scholar
- 20.Tatli, E.I., Stegemann, D., Lucks, S.: Dynamic Mobile Anonymity with Mixing. Technical Report TR-2006-007, Department for Mathematics and Computer Science, University of Mannheim, March 27 (2006)Google Scholar