Hans Löhr

Securing the e-health cloud

Modern information technology is increasingly used in healthcare with the goal to improve and enhance medical services and to reduce costs. In this context, the outsourcing of computation and storage resources to general IT providers (cloud computing) has become very appealing. E-health clouds offer new possibilities, such as easy and ubiquitous access to medical data, and opportunities for new business models. However, they also bear new risks and raise challenges with respect to security and privacy aspects. In this paper, we point out several shortcomings of current e-health solutions and standards, particularly they do not address the client platform security, which is a crucial aspect for the overall security of e-health systems. To fill this gap, we present a security architecture for establishing privacy domains in e-health infrastructures. Our solution provides client platform security and appropriately combines this with network security concepts. Moreover, we discuss further open problems and research challenges on security, privacy and usability of e-health cloud systems.

Enhancing grid security using trusted virtualization

Grid applications increasingly have sophisticated functional and security requirements. Current techniques mostly protect the grid resource provider from attacks by the grid user, while leaving the user comparatively dependent on the well-behavior of the provider. We present the key components for a trustworthy grid architecture and address this trust asymmetry by using a combination of trusted computing and virtualization technologies. We propose a scalable offline attestation protocol, which allows the selection of trustworthy partners in the grid with low overhead. By providing multilateral security, i.e., security for both the grid user and the grid provider, our protocol increases the confidence that can be placed on the correctness of a grid computation and on the protection of user-provided assets.

Property-Based Attestation without a Trusted Third Party

The Trusted Computing Group (TCG) has proposed the binary attestation mechanism that enables a computing platform with a dedicated security chip, the Trusted Platform Module (TPM), to report its state to remote parties. The concept of property-based attestation (PBA) improves the binary attestation and compensates for some of its main deficiencies. In particular, PBA enhances user privacy by allowing the trusted platform to prove to a remote entity that it has certain properties without revealing its own configuration. The existing PBA solutions, however, require a Trusted Third Party (TTP) to provide a reliable link of configurations to properties, e.g., by means of certificates. We present a new privacy-preserving PBA approach that avoids such a TTP. We define a formal model, propose an efficient protocol based on the ideas of ring signatures, and prove its security. The cryptographic technique deployed in our protocol is of independent interest, as it shows how ring signatures can be used to efficiently prove the knowledge of an element in a list without disclosing it.

Lightweight anonymous authentication with TLS and DAA for embedded mobile devices

Although anonymous authentication has been extensively studied, so far no scheme has been widely adopted in practice. A particular issue with fully anonymous authentication schemes is that users cannot easily be prevented from copying and sharing credentials. In this paper, we propose an anonymous authentication scheme for mobile devices that prevents copying and sharing of credentials based on hardware security features. Our system is an optimized adaptation of an existing direct anonymous attestation (DAA) scheme, specifically designed for resource-constrained mobile devices. Our solution provides (i) anonymity and untraceability of mobile embedded devices against service providers, (ii) secure device authentication even against collusions of malicious service providers, and (iii) allows for revocation of authentication credentials. We present a new cryptographic scheme with a proof of security, as well as an implementation on ARM TrustZone. Moreover, we evaluate the efficiency of our approach and demonstrate its suitability for mobile devices.

Anonymous authentication with TLS and DAA

Anonymous credential systems provide privacy-preserving authentication solutions for accessing services and resources. In these systems, copying and sharing credentials can be a serious issue. As this cannot be prevented in software alone, these problems form a major obstacle for the use of fully anonymous authentication systems in practice. In this paper, we propose a solution for anonymous authentication that is based on a hardware security module to prevent sharing of credentials. Our protocols are based on the standard protocols Transport Layer Security (TLS) and Direct Anonymous Attestation (DAA). We present a detailed description and a reference implementation of our approach based on a Trusted Platform Module (TPM) as hardware security module. Moreover, we discuss drawbacks and alternatives, and provide a pure software implementation to compare with our TPM-based approach.

A privacy-protecting multi-coupon scheme with stronger protection against splitting

A multi-coupon (MC) represents a collection of k coupons that a user can redeem to a vendor in exchange for some goods or services. Nguyen (FC 2006), deepening the ideas of Chen et al. (FC 2005), introduced an unforgeable privacy-protecting MC system with constant complexity for issuing and redemption of MCs, that discourages sharing of coupons through a property called weak unsplittability, where sharing of a single coupon implies sharing of the whole multi-coupon (all-or-nothing sharing). Both schemes still lack some features required by many applications in practice, and also stronger forms of unsplittability are desirable. In this paper, we propose a new security model for MC systems with stronger definitions, followed by a concrete realization where single coupons within a MC may represent different goods or services, have independent validity periods, and must be redeemed sequentially ensuring a stronger version of unsplittability compared to all-or-nothing sharing. The complexity of the proposed scheme is linear in k for the generation of multi-coupons and constant for each redeemed single coupon.

Flexible patient-controlled security for electronic health records

Electronic health records (EHR) are a convenient method to exchange medical information of patients between different healthcare providers. In many countries privacy laws require to protect the confidentiality of these data records and let the patient control the access to them. Existing approaches to protect the privacy of EHRs are either insufficient for these strict laws or they are too restrictive in their usage. For example, smartcard-based encryption systems require the patient to be always present to authorize access to medical records. However, this does not allow a physician to access an EHR of a patient who is unable to show up in person. In this paper, we propose a security architecture for EHR infrastructures that provides more flexibility but retains the security of patient-controlled encryption. In our proposal patients are able to authorize access to their records remotely (e.g. via phone) and time-independent for later processing by the physician. The security of our approach relies on modern cryptographic schemes and their incorporation into an EHR infrastructure. The adoption of our security architecture would allow to fulfill strict privacy laws while relaxing usage restrictions of existing security protections.

Patterns for Secure Boot and Secure Storage in Computer Systems

Trusted Computing aims at enhancing the security of IT systems by using a combination of trusted hardware and software components to provide security guarantees. This includes system state integrity and the secure link between the software and hardware of a computing platform. Although security patterns exist for operating system security, access control, and authentication, there is still none of Trusted Computing aspects. In this paper, we introduce security patterns for secure boot and for secure storage, which are important basic Trusted Computing concepts. Secure boot is at the heart of most security solutions and secure storage is fundamental for application-level security: it ensures that the integrity of software is verified before accessing stored data. Our paper aims at complementing existing system security patterns by presenting the common patterns underlying the different realizations of secure boot and secure storage.

A trusted versioning file system for passive mobile storage devices

Versioning file systems are useful in applications like post-intrusion file system analysis, or reliable file retention and retrievability as required by legal regulations for sensitive data management. Secure versioning file systems provide essential security functionalities such as data integrity, data confidentiality, access control, and verifiable audit trails. However, these tools build on top of centralized data repositories operating within a trusted infrastructure. They often fail to offer the same security properties when applied to repositories lying on decentralized, portable storage devices like USB flash drives and memory chip cards. The reason is that portable storage devices are usually passive, i.e., they cannot enforce any security policy on their own. Instead, they can be plugged in any (untrusted) platform which may not correctly maintain or intentionally corrupt the versioning information on the device. However, we point out that analogous concerns are also raised in those scenarios in which data repositories are hosted by outsourced cloud-based storage services whose providers might not satisfy certain security requirements. In this paper we present TVFS: a Trusted Versioning File System which stores data on untrusted storage devices. TVFS has the following features: (1) file integrity and confidentiality; (2) trustworthy data retention and retrievability; and (3) verifiable history of changes in a seamless interval of time. With TVFS any unauthorized data change or corruption (possibly resulting from being connected to an untrusted platform) can be detected when it is connected to a legitimate trusted platform again. We present a prototype implementation and discuss its performance and security properties. We highlight that TVFS could fit those scenarios where different stakeholders concurrently access and updates shared data, such as financial and e-health multiparty services as well as civil protection application systems such as hazardous waste tracement systems, where the ability to reliably keep track of documents history is a strong (or legally enforced) requirement.

Securing the Access to Electronic Health Records on Mobile Phones

Mobile phones are increasingly used in the e-health domain. In this context, enabling secure access to health records from mobile devices is of particular importance because of the high security and privacy requirements for sensitive medical data. Standard operating systems and software, as they are deployed on current smartphones, cannot protect sensitive data appropriately, even though modern mobile hardware platforms often provide dedicated security features. Current mobile phones are prone to attacks by malicious software, which might gain unauthorized access to sensitive medical data.