D ESARROLLO DEL S ECTOR A SEGURADOR

An important aspect in the design and development of health data related tools and systems is the challenges that such a system needs to face and the requirements it would have to meet, in order for it to be considered mature enough to be a final market product.

References [2] and [12] provide an extended list of requirements for related systems and tools. Among these challenges and requirements, one of the most considerable ones is the secure transmission of the patient’s health data, which are regarded to be sensitive and private. In fact, there is a big number of people disinclined to the use of such systems, as they do not feel that their private and sensitive information will be transmitted to and be available only to the competent institution, e.g. their medical doctor. Potential communication problems should also be addressed to ensure the fast and reliable transmission of data.

Security and privacy are two major issues in information exchange and, therefore, they attract considerable attention by researchers and developers. The most common security threats in information exchange include attempts to access valuable information, cause damage to system resources, modify parts of the system and insert false data [13]. In

18

this context, security methods need to be applied in the data, the network, the databases and other resources of the system [13].

In health information exchange, ensuring the security and privacy of the data that are exchanged by the involved parties is even more significant, due to the nature of the transmitted data. Whether the data that are being transmitted are medical records, health data, such as the patients’ pathological symptoms, patients’ medical history or other personal information, it is crucial to secure these data and protect the patients’ privacy.

Besides, these data include private and sensitive information that should not be available to non-qualified parties under any circumstances. In fact, the possibility that the patients’

sensitive and private data will become available to ineligible parties causes the patients to be concerned about such systems and, sometimes, reluctant to use them.

In order to protect the privacy of the patients and their sensitive and personal information, four basic principles have been discussed in related projects and are taken into consideration for the VDr general system; anonymity, pseudonymity, unlinkability and unobservability. More specifically, the transmitted data are considered anonymous if they cannot be associated with a particular individual [14], while they are regarded to be pseudonymous when a pseudonym is used as the identification of the data set [15].

Additionally, unlinkability is the state where two sets of data are not related from the attacker’s point of view more than they were related before the attack [15]. Finally, data are considered unobservable when they cannot be distinguished from other sets of data [15].

19

With respect to the general VDr system, there are two main types of information exchange during the interaction between the human subject and the VDr; between the human subject node and the medical center and between the medical center and the VDr.

Thus, there are two schemes presented below to ensure the secure exchange of health information between the nodes of the system.

2.6.1 Compression-Hiding-Encryption

The compression-hiding-encryption scheme, which is presented in detail in [13], is performed on the human subject node of the architecture scheme of the general VDr system and it can be used in wearable health monitoring systems for the transmission of biosignals.

It is based on the SCAN methodology, which is a 2-dimensional spatial accessing method that can represent and easily generate a large number of scanning paths [16]. The SCAN methodology has proven to be a very useful method for compression, data hiding and encryption, as it can be applied to images, videos, or any other kind of files, since all kinds of files could be represented as 2-dimensional arrays. Thus, applying the SCAN methodology offers lossless compression, robust data hiding and strong encryption [17], [18], [19].

More specifically, when SCAN-based compression is applied to a 2-dimensional file, which can be seen as an image that is comprised of pixels, the file is first partitioned in blocks. Then, each block is scanned with various scan paths and its pixel values are predicted. After this, the algorithm computes the number of bits that are needed to encode each scan path and, finally, it chooses the scan path that minimizes the number of prediction errors and the number of encoding bits [13], [16]. As for the SCAN-based data hiding, the

20

first step involves the identification of complex regions of the original file, which are then rearranged by using the SCAN methodology. Afterwards, the secret data that need to be transmitted along with the original file are embedded in the complex regions and a random order is determined by a secret SCAN key [13], [16]. Lastly, the SCAN-based encryption permutes the pixels of the image, which are the contents of the original file, replaces the pixel values and produces an iterated product cipher [13], [16].

As a whole, the overview of the SCAN-based compression, data hiding and encryption is illustrated in Figure 2-5.

Compression

The compression of data is really important when transmitting and/or storing these data. The fact that lossless compression can be achieved by this method is not only desirable, but critical and required, too, due to the importance of the transmitted medical data. Information hiding is an important technique since it provides the capability of embedding secret data to another file, in a way that they are unobservable by anyone without the embedding key. Lastly, the encryption of the transmitted data ensures that the data will not be readable to non-qualified parties that do not have the encryption key.

21

One of the advantages of this methodology is its capability to transmit text, audio and video combined in one medium, by treating text and audio signals as 2D arrays [16].

In the same way, it is possible to use the presented methodology in order to transmit the pathological symptoms that are obtained by the human subject node of the system. Starting from the original file, whether it is a video, image, audio, text file or the patient’s symptoms, lossless compression is performed on it. Then, the data hiding technique incorporates a message to the compressed file; this message could be the patients’ personal information or medical history. Finally, the original file including the hidden message is encrypted and transmitted to the medical center and then to the VDr.

Conclusively, this methodology provides a robust solution to the problem of sending sensitive and private information from the human subject node of the system to the medical center. Various types of files can be supported and the sensitive information can be embedded in these files. The encryption of the compressed file that includes the hidden message before transmitting it to the medical center makes it unreadable to unauthorized parties and, hence, increases the security levels of the system. Lastly, it should be mentioned that the reverse procedure is followed after the transmitted data is received, in order to access the original transmitted files.

2.6.2 Biometrics Authentication-Authorization

An authentication and authorization methodology [13] is performed on the VDr node of the proposed system, in order for the authorized party, meaning the medical doctor, to gain access to the system and decrypt the received information. This methodology uses the medical doctor’s biometrics and performs fingerprint, iris [20], and voice recognition.

22

By taking into consideration three different biometrics, the security of the system is dramatically increased, as it would be too difficult, if not impossible, for a malicious user to acquire all these three biometrics.

The biometrics recognition and matching algorithms, which will be incorporated in our system, are presented in detail in [13]. An illustration of the biometrics authentication and authorization scheme is provided in Figure 2-6.

Combined biometrics

 Digital Signal Processing

 Pattern Recognition

 Features Extraction

Matching Stored

biometrics Authorized

user Encrypted

health data

Decryption

Patient’s

health data No match

Figure 2-6: The biometrics authentication and authorization scheme.

As it is depicted in Figure 2-6, the medical doctor, or any other authorized party, uses his/her biometrics in order to gain access to the VDr node of the system. After the biometrics are received from the system, they are digitally processed and their features are extracted, using pattern recognition algorithms. The combined biometrics are then tested against the authorized party’s stored biometrics. After a successful matching, the authorized user receives the encrypted health data, which have been transmitted by the

23

human subject node. These data are decrypted and the patient’s health data become available to the medical doctor.