Arcangelo Castiglione

Cloud-based adaptive compression and secure management services for 3D healthcare data

Several studies show that the lack of access to resources and shared data is one of the main causes of errors in the healthcare sector. In particular, 3D medical images play a fundamental role in healthcare environment, but they are typically very large in size. Therefore, their management, which should be performed also by means of devices with limited characteristics, requires complex network protocols along with advanced compression and security techniques. This work concerns the secure management of 3D medical images, with the main aim that such management must take place in an almost completely transparent manner for the end-user, regardless of the computational and networking capabilities he may use. In particular, our contribution is twofold: first, we propose an engine for lossless dynamic and adaptive compression of 3D medical images, which also allows the embedding of security watermarks within them. Furthermore, in order to provide effective, secure and flexible access to healthcare resources that need to be managed by medical applications, we define the architecture of a SaaS Cloud system, which is based on the aforementioned engine. The resulting architecture allows devices with totally different and heterogeneous hardware and software characteristics to interact among them, so that these differences are almost completely transparent to the end-user. A Cloud-based solution for lossless dynamic and adaptive compression of 3D medical images.Management of such data may be considered as an atypical Big Data problem.It provides SaaS services based on an elastic and on-demand peer to peer overlay infrastructure.It also provides effective, secure and flexible access to healthcare resources that need to be managed by medical applications.Allows devices with totally different and heterogeneous hardware and software characteristics to interact among them.

Modeling energy-efficient secure communications in multi-mode wireless mobile devices

Mobile terminals support multiple and heterogeneous communication technologies.We study energy-related dynamics of secure communications among mobile terminals.We formulate an energy model which considers communication and security activities.The model is useful to minimize the overall energy consumption of involved terminals.The model has been validated through simulation. Despite the wide deployment of advanced wireless coverage infrastructures, finding the best way for achieving secure mobile communication in every-days life activities is still an open question. Indeed, a large number of mobile terminals, supporting multiple networking technologies, may be used to manage data from everywhere and at anytime. However, the effort required for achieving security, given the complexity of cryptographic algorithms, heavily affects the power consumption of terminals. Such energy demand, together with the one required to manage communication activities, makes energy-efficient secure communication among hardware-constrained handheld devices a challenging topic.In this work, we introduce an analytic energy model for secure communication among multi-mode terminals. This model describes the energy consumption of mobile terminals operating within a dynamic network scenario, considering both their interconnection and secure data exchange issues, in order to develop adaptive strategies for energy-efficient secure communications. Finally, the model has been validated through simulation.

Hierarchical and Shared Access Control

Access control ensures that only the authorized users of a system are allowed to access certain resources or tasks. Usually, according to their roles and responsibilities, users are organized in hierarchies formed by a certain number of disjoint classes. Such hierarchies are implemented by assigning a key to each class, so that the keys for descendant classes can be efficiently derived from classes higher in the hierarchy. However, pure hierarchical access may represent a limitation in many real-world cases. In fact, sometimes it is necessary to ensure access to a resource or task by considering both its directly responsible user and a group of users possessing certain credentials. In this paper, we first propose a novel model that generalizes the conventional hierarchical access control paradigm, by extending it to certain additional sets of qualified users. Afterward, we propose two constructions for hierarchical key assignment schemes in this new model, which are provably secure with respect to key indistinguishability. In particular, the former construction relies on both symmetric encryption and perfect secret sharing, whereas, the latter is based on public-key threshold broadcast encryption.

Cryptographic Hierarchical Access Control for Dynamic Structures

A hierarchical key assignment scheme is a method to assign some private information and encryption keys to a set of classes in a partially ordered hierarchy, in such a way that the private information of a higher class can be used to derive the keys of all classes lower down in the hierarchy. Sometimes, it is necessary to make dynamic updates to the hierarchy, in order to implement an access control policy which evolves with time. All security models for hierarchical key assignment schemes have been designed to cope with static hierarchies and do not consider the issue of performing dynamic updates to the hierarchy. In this paper, we define the concept of hierarchical key assignment schemes supporting dynamic updates, formalizing the relative security model. In particular, we provide the notion of security with respect to key indistinguishability, by considering the dynamic changes to the hierarchy. Moreover, we show how to construct a hierarchical key assignment scheme supporting dynamic updates, by using as a building block a symmetric encryption scheme. The proposed construction is provably secure with respect to key indistinguishability, and provides efficient key derivation and updating procedures, while requiring each user to store only a single private key.

Key Indistinguishability versus Strong Key Indistinguishability for Hierarchical Key Assignment Schemes

A hierarchical key assignment scheme is a method to assign some private information and encryption keys to a set of classes in a partially ordered hierarchy, in such a way that the private information of a higher class can be used to derive the keys of all classes lower down in the hierarchy. In this paper we analyze the security of hierarchical key assignment schemes according to different notions: security with respect to key indistinguishability and against key recovery, as well as the two recently proposed notions of security with respect to strong key indistinguishability and against strong key recovery . We first explore the relations between all security notions and, in particular, we prove that security with respect to strong key indistinguishability is not stronger than the one with respect to key indistinguishability. Afterwards, we propose a general construction yielding a hierarchical key assignment scheme offering security against strong key recovery, given any hierarchical key assignment scheme which guarantees security against key recovery.

Secure and distributed video surveillance via portable devices

In this work we present a system for distributed video surveillance based on the Client-Server model. The system we present can be accessed via portable devices. In many real-world scenarios is useful, or sometimes necessary, to have portable devices that can receive real-time data from a selected camera, to prevent or to manage anomalous activities. The system provides reliable, high speed, secure and real-time communication among all its components, which are the Repository, the Node and the Portable Device. Both Repository and Node can act as a server. The Repository can provide services to both Nodes and Portable Devices, while the Nodes provide services only to the Portable Device. The portable device can only act as a client, using the services offered by the other two parts. In our system, a portable device is assumed to know only the location of the Repository which permits to get the list of nodes connected with one or more camera(s). When a portable device gets the list, it can choose which node intends to connect to, to get the images of its connected camera(s). The security of the interaction among Node-Repository and Node-Portable Device is guaranteed by using the SSL/TLS protocol. The interaction among nodes and portable devices is secured by using an invisible digital watermarking algorithm on each image, before that image is sent from a node to a portable device. The latter extracts the watermark from the image and verifies the identity of the node.

A Secure Low Complexity Approach for Compression and Transmission of 3-D Medical Images

Digital images play an important role in a wide range of medical applications. Several widespread technologies for digital imaging, such as Computed Tomography (CT), Magnetic Resonance (MR), etc., produce three-dimensional images. Data compression, is thus essential to reduce the volume of such images, permitting their efficient storing along with the improvement of the relative transmission time through Internet or any other ad-hoc systems, like Picture Archiving and Communication System (PACS), Tele-radiology, etc.. Since these images are often stored in system particularly vulnerable from the point of view of security, especially because they contain sensitive data, it is necessary to provide such images with a mechanism which ensures at least security against message forgery. In fact, an attack can be made by altering a medical image, and consequently, may alter the relative diagnosis. The purpose of this work is twofold, first we propose a low complexity approach for the compression of 3-D medical images, then, in order to limit the above defined potential attack, we proposed en efficient method to insert within each image an invisible digital watermark, during the compression process. In this way, we define a hybrid approach that handles simultaneously and efficiently both the compression that the security of three-dimensional images. We validate the proposed approach by showing test results.

On the Protection of fMRI Images in Multi-domain Environments

Functional Magnetic Resonance Imaging provides researchers with an effective and non-invasive tool to understand cerebral functions and correlate them with brain activities. With the ever increasing diffusion of the Internet such images may be exchanged in several ways, thus allowing new research and medical services. On the other hand, ensuring the security of exchanged fMRI data becomes a main concern, due to the special characteristics arising from strict ethics, legislative and diagnostic implications. So it is very important to prevent unauthorized manipulation and misappropriation of such images. The risks are increased when dealing with open environments like the Internet. For this reason, security mechanisms which ensure protection of such data are required. In this paper we introduce a watermarking scheme explicitly designed for this kind of images. In particular, such a scheme belongs to the category of fragile reversible watermarking. The validity of this scheme has been demonstrated through testing. Finally, by using the proposed scheme, we show how to create a distributed security solution that models a multi-domain environment, for ensuring authenticity and integrity of such images.

On Secure Data Management in Health-Care Environment

Health-care management systems are of great relevance because they provide an easy and quick management of all aspects regarding a patient, not necessarily medical. Furthermore, there are more and more cases of pathologies in which diagnosis and treatment can be only carried out by using medical imaging techniques. With an ever-increasing prevalence, medical images are directly acquired in or converted into digital form, for their storage as well as subsequent retrieval and processing. Similarly, text interpreting medical image with other associated patient information, are included into or acquired directly in digital form and stored. It is easy to note that greater is the amount of clinical data available to the specialists, acquired for example on previously treated cases, and better is the quality and the rapidity of diagnosis and treatment. It is therefore important, if not essential, to share easily and quickly data and clinical experiences. However, such sharing among different entities, whether public or private, is a non-trivial task, since such information are always subjected to restrictions related to privacy laws and to health insurance regulations. To the best of our knowledge, in literature there are no systems which allows the rapid and secure sharing of clinical experiences among different entities. We propose a fully distributed system which allows secure sharing of all information (both medical and not) necessary for patients management. With our system, each node belonging to it, can access quickly, easily and in a secure way to a considerable amount of data, thereby improving the speed and quality of clinical evaluation performed by the physician.

Hierarchical and Shared Key Assignment

Access control ensures that only the authorized users of a system are allowed to access certain resources or tasks. Usually, according to their powers and responsibilities, users are organized in hierarchies formed by a certain number of disjoint classes. Such hierarchies are implemented by assigning a key to each class, so that the keys for descendant classes can be derived efficiently from classes higher in the hierarchy. However, in many cases the only hierarchical access represents a limitation. Indeed, sometimes it might be useful or even necessary to ensure the access to a resource or task to both his direct responsible (or owner) and a group of users possessing certain credentials. In this paper, we first propose a novel model that extends the conventional hierarchical access and allows such access even by certain sets of qualified users. Afterwards, we propose a construction for hierarchical key assignment schemes in this new model. The proposed construction is provably secure with respect to key indistinguishability and relies on both symmetric encryption and perfect secret sharing.