Advertisement

Anonymity and Application Privacy in Context of Mobile Computing in eHealth

  • Daniel Slamanig
  • Christian Stingl
  • Christian Menard
  • Martina Heiligenbrunner
  • Jürgen Thierry
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5424)

Abstract

In the area of health care and sports in recent years a variety of mobile applications have been established. Mobile devices are of emerging interest due to their high availability and increasing computing power in many different health scenarios. In this paper we present a scalable secure sensor monitoring platform (SSMP) which collects vital data of users. Vital parameters can be collected by just one single sensor or in a multi-sensor configuration. Nowadays a wide spectrum of sensors is available which provide wireless connectivity (e.g. Bluetooth). Vital data can then easily be transmitted to a mobile device which subsequently transmits these data to an eHealth portal. There are already solutions implementing these capabilities, however privacy aspects of users are very often neglected. Since health data may enable people to draw potentially compromising conclusions (e.g. insurance companies), it is absolutely necessary to design an enhanced security concept in this context. To complicate matters further, the trustworthiness of providers which are operating with user’s health data can not be determined by users a priori. This means that the security concept implemented by the provider may bear security flaws. Additionally there is no guarantee that the provider preserves the users privacy claims. In this work we propose a security concept incorporating privacy aspects using mobile devices for transferring and storing health data at a portal. In addition, the concept guarantees anonymity in the transfer process as well as for stored data at a service provider. Hence, insider attacks based on stored data can be prevented.

Keywords

Mobile Device Mobile Application Mobile Computing Application Layer Data Anonymity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Andersson, C., Lundin, R., Fischer-Hübner, S.: Privacy Enhanced WAP Browsing with mCrowds – Anonymity Properties and Performance Evaluation of the mCrowds System. In: Proceedings of the ISSA 2004 Enabling Tomorrow Conference, Gallagher Estate, Midrand, South Africa, June 30-July 2 (2004)Google Scholar
  2. 2.
    Andersson, C., Panchenko, A.: Practical Anonymous Communication on the Mobile Internet using Tor. In: Proceedings of the Third International Workshop on the Value of Security through Collaboration (IEEE SECOVAL 2007) part of IEEE SECURECOMM 2007, Nice, France (September 2007)Google Scholar
  3. 3.
    Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A Practical and Provably Secure Coalition-Resistant Group Signature Scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–270. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Franklin, M.: Anonymous Authentication with Subset Queries. In: Proc. of ACM Conference on Computer and Communications Security, pp. 113–119 (1999)Google Scholar
  5. 5.
    Camenisch, J., Lysyanskaya, A.: An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–90 (1981)CrossRefGoogle Scholar
  7. 7.
    Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)CrossRefGoogle Scholar
  8. 8.
    Computer Crime and Security Survey 2007, Computer Security Institute, http://www.gocsi.com/forms/csi_survey.jhtml
  9. 9.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-Generation Onion Router. In: Proc. of the 13th USENIX Security Symposium (August 2004)Google Scholar
  10. 10.
    Danezis, G., Diaz, C.: A survey of anonymous communication channels. Technical Report MSR-TR-2008-35, Microsoft Research (January 2008)Google Scholar
  11. 11.
    Lindell, A.: Anonymous Authenticaion. Whitepaper Aladdin Knowledge Systems (2007), http://www.aladdin.com/blog/pdf/AnonymousAuthentication.pdf
  12. 12.
    Pfitzmann, A., Köhntopp, M.: Anonymity, Unobservability, and Pseudonymity – A Proposal for Terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Pfitzmann, A., Pfitzmann, B., Waidner, M.: ISDN- Mixes: Untraceable Communication with Very Small Bandwidth Overhead. In: Proc. Kommunikation in verteilten Systemen (KiVS). IFB 267, pp. 451–463. Springer, Berlin (1991)Google Scholar
  14. 14.
    Reiter, M.K., Rubin, A.D.: Crowds: Anonymity for Web Transactions. Technical Report 97-15, Center for Discrete Mathematics & Theoretical Computer Science (1997)Google Scholar
  15. 15.
    Rivest, R., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Schechter, S., Parnell, T., Hartemink, A.: Anonymous Authentication of Membership in Dynamic Groups. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 184–195. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  17. 17.
    Slamanig, D., Stingl, C., Lackner, G., Payer, U.: Privacy Protection in web-based Multiuser-Systems (German). In: Horster, P. (ed.) DACH-Security 2007, pp. 98–110. IT-Verlag (2007)Google Scholar
  18. 18.
    Slamanig, D., Stingl, C.: Privacy Aspects of eHealth. In: Proceedings of the Third International Conference on Availability, Reliability and Security (ARES 2008), pp. 1226–1233. IEEE Computer Society Press, Los Alamitos (2008)CrossRefGoogle Scholar
  19. 19.
    Syverson, P.F., Stubblebine, S.G., Goldschlag, D.M.: Unlinkable Serial Transactions. In: Luby, M., Rolim, J.D.P., Serna, M. (eds.) FC 1997. LNCS, vol. 1318, pp. 39–55. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  20. 20.
    Tatli, E.I., Stegemann, D., Lucks, S.: Dynamic Mobile Anonymity with Mixing. Technical Report TR-2006-007, Department for Mathematics and Computer Science, University of Mannheim, March 27 (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Daniel Slamanig
    • 1
  • Christian Stingl
    • 1
  • Christian Menard
    • 1
  • Martina Heiligenbrunner
    • 1
  • Jürgen Thierry
    • 1
  1. 1.School of Medical Information TechnologyCarinthia University of Applied SciencesKlagenfurtAustria

Personalised recommendations