Formal Analysis of Privacy in an eHealth Protocol

  • Naipeng Dong
  • Hugo Jonker
  • Jun Pang
Conference paper

DOI: 10.1007/978-3-642-33167-1_19

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7459)
Cite this paper as:
Dong N., Jonker H., Pang J. (2012) Formal Analysis of Privacy in an eHealth Protocol. In: Foresti S., Yung M., Martinelli F. (eds) Computer Security – ESORICS 2012. ESORICS 2012. Lecture Notes in Computer Science, vol 7459. Springer, Berlin, Heidelberg

Abstract

Given the nature of health data, privacy of eHealth systems is of prime importance. An eHealth system must enforce that users remain private, even if they are bribed or coerced to reveal themselves or others. Consider e.g. a pharmaceutical company that bribes a pharmacist to reveal information which breaks a doctor’s privacy. In this paper, we identify and formalise several new but important privacy notions on enforcing doctor privacy. Then we analyse privacy of a complicated and practical eHealth protocol. Our analysis shows to what extent these properties as well as properties such as anonymity and untraceability are satisfied by the protocol. Finally, we address the found ambiguities resulting in privacy flaws, and propose suggestions for fixing them.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Naipeng Dong
    • 1
  • Hugo Jonker
    • 1
  • Jun Pang
    • 1
  1. 1.Faculty of Sciences, Technology and CommunicationUniversity of LuxembourgLuxembourg

Personalised recommendations