Telemedizin WS 08/09 Data Security 1 Worzyk FH Anhalt Data Security and Cryptography Legal data protection Risk analysis and IT Baseline Protection Data

Telemedizin WS 08/09Data Security 1Worzyk

FH Anhalt

Data Security and Cryptography

• Legal data protection• Risk analysis and IT Baseline

Protection• Data security• Cryptography• Smart card


FH Anhalt


Data protection, Privacy (legal)Protection of personal dataProtection of persons against not

authorized processing of data concerning that person

Data Security (technical)Protection against

Loss, dammageNot authorised reading, changing


FH Anhalt

Data protection

Legal data protectioninterdiction with conditionally allowanceGerman Data Protection Act Federal State Data Protection Act special Data Protection Act :

Gesundheitsstrukturgesetz (health structure act)

Personalvertretungsgesetz (staff / workers council Data Protection Act )


FH Anhalt


FH Anhalt


FH Anhalt


FH Anhalt

Privacy failure - an example The Hampshire hospital system provides a good example of the

failure to fully address privacy issues raised by information technology in the National Health Service (NHS). Because the then health minister held the constituency of Winchester (in Hampshire), new information technology systems were implemented more quickly there than elsewhere. These new systems had the feature that all laboratory tests ordered by general practitioners were entered into a hospital information system, which made them available to all staff on the wards and to consultants in the outpatient department. The stated goal was to cut down on duplicate testing; but the effect was that even highly sensitive matters such as HIV and pregnancy test results were no longer restricted to a handful of people (the general practitioner, practice secretary, the pathologist and the lab technician), but were widely available.

As with the London Ambulance Service, a timely warning of impending disaster was ignored, and the system duly went live on schedule. A nurse who had had a test done by her general practitioner complained to him after she found the result on the hospital system at Basingstoke where she worked; this caused outrage among local general practitioners and other medical staff, and may have contributed to the health minister's loss of his seat at the 1997 general election. The eventual outcome was that the relevant parts of the system were turned off at some hospitals.


FH Anhalt

Data Security safety requirements

Reproduction of destroyed datacomplete, fast, consistent

Substitution of destroyed processesBackup of destroyed hardwareBackup of programs

Protection of the communication Not authorised reading, changing


FH Anhalt

IT Baseline Protection Federal Office for

Information Security

http://www.bsi.de/

Consulting of Federal- State- and Local authorities

http://www.bsi.de/english/index.htmhttp://www.bsi.de/english/gstool/index.htm


FH Anhalt

Uninterruptable Power supply

(UPS)• Which devices shall be supplied?

– Server– Disks– Clients– Network

• How long ?– Only for shutdown– Continue the appliations


FH Anhalt

emergency power supply

http://www.evk-mettmann.de/index.php?section=21http://www.energiesparendes-krankenhaus.de/index.php?id=115

http://www.kabel-vereinigung.at/musterhaus/notstrom.htm

http://www.bas-aggregate.de/FrameProdukte.htm

Stationärer Stromerzeuger 800 kVAFür die Notstromversorgung eines Krankenhauses


FH Anhalt

Our UPS

Server + Monitor 1kW

Disks 3*1.5 kW

USV ca. 7 kW for 15 Minutes

At a power failure the UPS signals an interrupt to the CPU which shuts down

UPS must support the operating system!


FH Anhalt

Downtime

24 hours operation on 7 days means:

Time between two downtimes

Accepted downtime by system stability

99% 99,9% 99,99% 1 day 15 minutes 1,5 minutes 8 seconds 1 week 1 ½ hours 10 minutes 1 minutes 1 month 7 hours ¾ hours 4 minutes 1 year 3 ½ days 8 ½ hours 52 minutes


FH Anhalt

Causes of failure

Hardware and operating systeme

20 %

Faulty application programs

40%

Human failure 40%


FH Anhalt

attacks on the communication

Man-in-the-middlethe attacker makes independent connections with the victims and relays

messages between them, making them believe that they are talking directly to each other over a private connection when in fact the entire conversation is controlled by the attacker.

Spoofing-Attackea situation in which one person or program successfully

masquerades as another by falsifying data and thereby gaining an illegitimate advantage

Denial-of-Servicemake a computer resource unavailable to its intended users

Replaydata transmission is maliciously or fraudulently repeated or delayed

Combination of attacks


FH Anhalt

Protection against attacks

Firewall

Encryption

Authentication

non-repudiation

Reception control


FH Anhalt

Firewall

Computer between the internet and

the local network. It analyses the

data stream and locks or opens the

passage depending on the

services, addressee and sender.


FH Anhalt

Firewall

Local network

firewall

local

Web

Server

Internet

e.g.library

All access allowed

e.g. departmentcertain access

allowed

e.g. departmentNo access allowed


FH Anhalt

encryptionCryptologyScience of coding messages

CryptographyMapping a message on an incomprehensible text

CryptoanalysisDecryption of an incomprehensible text

SteganographyHiding a message in a harmless text


FH Anhalt


FH Anhalt

Skytale

D IN

A ND

S DE

G ER

O TH

L SO

D IE

BCH

E HL

N I D D N A E D S R E G H T O O S L E I D H C B L H E E I F

F IE


FH Anhalt

Cäsar Chiffre

DERSCHATZLIEGTINEINEMEISENKASTEN

ABCDEFGHIJKLMNOPQRSTUVWXYZ

ABCDEFGHIJKLMNOPQRSTUVWXYZ

FGTUEJCVBNKGVKPGKGOGKUGPMCUVGP


FH Anhalt

Cäsar Chiffre

Decoding by counting the frequency of letters DERSCHATZLIEGTINEINEMEISENKASTEN

E 7 7 GN 4 4 PI 4 4 KS 3 3 UT 3 3 VR 1 1 TA 2 2 CD 1 1 F

FGTUEJCVBNKGVKPGKGOGKUGPMCUVGP


FH Anhalt

Frequency of letters

german ENISTRAD

english ETANORI

french ESIANTUR


FH Anhalt

Cipheringsymmetric key

plain textEncryption plain textCipher text

Decryption

Key

Key

Exchange of keys


FH Anhalt

Cipheringasymmetric key

Plain TextEncryption Plain TextCipher textDecryption

Pu

b B

ob

P B

ob

Pub Bob

Certificate AuthoritiesPublic keyAlice Bob

Pub AlicePub

Private keyP Alice

Private keyP Bob

%&G(=Plain Text

Pu

b A

lice


FH Anhalt

RSA-CIPHERRivest Shamir Aldemanrequired: two prime numbers p,q=> Public key (encrypt)

n = p*qe relatively prime with (p-1)*(q-1)

Private Keyd with d*e = 1 mod(p-1)*(q-1)

encrypt: c = me mod ndecrypt: m = cd mod n


FH Anhalt

RSA-Examplep = 47; q = 59; p*q = n = 2773(p-1) * (q-1) = 46*58 = 2668e*d = 1 mod 2668 <=> (e*d) / 2668 Rest 1n = 2773; e = 17; d = 157HALLO ... => 080112121500...080117 mod 2773 = 2480121217 mod 2773 = 23452480157 mod 2773 = 8012345157 mod 2773 = 1212


FH Anhalt

RSA-CIPHER time to decipher

Digits Bits Year Computer Duration

cpu

140 1999

200; 300MHz

1 Monat 9 Jahre

155 512 1999

300 3,7 Monate

37,5 Jahre

160 530 2002

100 20 Tage

200 663 2005

80; 2.2 GHz 3 Monate

55 Jahre

The RSA Factoring Challenge


FH Anhalt

Pretty Good Privacysending

messagechecksum

DigitalSignatur

Private keyof sender

Symmetric key

Public keyof receiver

Random number

EncryptedRandom number

Encryptedmessage


FH Anhalt

Pretty Good Privacyreceiving

message

checksum

DigitaleSignatur

Private keyof receiver

Symmetric key

Public keyof sender

Random number

EncryptedRandom number

Encryptedmessage

checksum

= ?


FH Anhalt

Digital Signaturprocedure

Document

Checksum

Hashfunktion

Signatur

Private key

Document

Signatur

StorageDocument

Checksum

Signatur

Public key

Checksum ?=

Hashfunktion


FH Anhalt

Roles of a Signature

• Closing• Identity• Authenticity• Evidence• Inhibition threshold


FH Anhalt

Regulation concerning Digital Signatur

(Signaturverordnung - SigV)§ 16 Anforderungen an die technischen Komponenten

(1) Die zur Erzeugung von Signaturschlüsseln erforderlichen technischen Komponenten müssen so beschaffen sein, daß ein Schlüssel mit an Sicherheit grenzender Wahrscheinlichkeit nur einmal vorkommt und aus dem öffentlichen Schlüssel nicht der private Schlüssel errechnet werden kann. Die Geheimhaltung des privaten Schlüssels muß gewährleistet sein und er darf nicht dupliziert werden können. Sicherheitstechnische Veränderungen an den technischen Komponenten müssen für den Nutzer erkennbar werden.


FH Anhalt

Regulation concerning Digital Signatur

The technical components which are necessary for the production of signature keys must be in a condition that a key will appear only once and that a private key can not be calculated from the public key. The privacy of the private key must be ensured and it should be not possible to dublicate the key. Safety-relevant changes in the technical components must become recognizable for the user.


FH Anhalt

Realisation of SigG, SigV und SigRL

• Linking the public key to its owner• Safe storage of the private key• Building of the digital signature in

a safe environment• uniqueness of the key http://www.bsi.bund.de/esig/index.htm


FH Anhalt

certificate• A certificate links a public key to a specific person• A reliable third party (Certification Authority - CA) signs these data

• The public key of the CA is known

Serial number

Name of the owner

Public key of the owner

...

Signatur of CA


FH Anhalt

Certification Authority

Die Erteilung von Genehmigungen und die Ausstellung von Zertifikaten, die zum Signieren von Zertifikaten eingesetzt werden, sowie die Überwachung der Einhaltung dieses Gesetzes und der Rechtsverordnung nach § 16 obliegen der Behörde nach § 66 des Telekommunikationsgesetzes

Bundesnetzagenturhttp://www.nrca-ds.de/


FH Anhalt

Kinds of digital signaturesSimple Signature

• Sign under the document • scanned signature• elektronic business card

Uncontrolled use, no authenticity


FH Anhalt

Kinds of digital signatures

advanced Signature• exclusively related to the key owner• Permits the identification of the key

owner• Is generated under the exclusive control

of the key owner• Is related to the signed data in that kind

that subsequent change of the data can be detected

• examples: PGP, Verisign, Sphinx• May be used inhouse


FH Anhalt

Kinds of digital signatures Qualified Signature

without accreditation of provider

• advanced Signature with:– A certificate which is valide at the time of

signature– Created with a safe program to create

signature keys

• The provider registers at Bundesnetzagentur, but will not be reviewed periodicallyhttp://www.bundesnetzagentur.de/enid/2.html


FH Anhalt

Kinds of digital signatures Qualified Signature

without accreditation of provider

• Qualified Signature• The provider will be checked by

Bundesnetzagentur • Longterm reliability is ensured• The signature is equivalent to a

signature by hand and the opponent must prove that it is forged


FH Anhalt

Smart card for the Digital Signatur

• tamper-proof and confidential storage

• security relevant operations are executed on the smart card

• Simple transport and high availability

• Highly accepted


FH Anhalt

Smart card Mikrocontroller

• CPU + Co-Prozessor (Crypto-Unit)• RAM (~2k), ROM (~32k) und

EEPROM (~32k .. 64k)• I/O Crypto

Unit

CPU

I/OSystem

RAM

ROM

EEPROM


FH Anhalt


• Legal data protection• IT Baseline Protection • attacks on the communication• Symmetric - asymmetric

encryption • Digital signature• Smart cards

Documents

Telemedizin WS 08/09 Data Security 1 Worzyk FH Anhalt Data Security and Cryptography Legal data protection Risk analysis and IT Baseline Protection Data