The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Security Weakness and Threats in Personal Health Record Services

개인건강기록 서비스에서 보안취약성 및 위협요소에 관한 연구

  • 이명규 (가천대학교 IT대학 컴퓨터공학과) ;
  • 황희정 (가천대학교 IT대학 컴퓨터공학과)
  • Received : 2015.10.15
  • Accepted : 2015.12.11
  • Published : 2015.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Personal Health Records(PHR) service offers patients a convenient and easy-to-use solution for managing their personal health records, crucial medical files, and emergency contacts. In spite of the indispensable advantages, PHR service brings critical challenges that cannot be avoided from consumer side if the security of the data is concerned. The problem of user's privacy infringement and leaking user's sensitive medical information is increasing with the fusion of PHR technology and healthcare. In this paper, therefore, we analyze the various security aspects that are vulnerable to the PHR service and needed to be resolved. Moreover, we analyze the security requirements from the point of view of the PHR users and application service providers and provides the PHR security mechanism for addressing PHR security threats and satisfying PHR security requirements.

개인건강기록 서비스는 환자에게 건강기록 관리와 중요한 의료파일 관리 그리고 응급상황 연락과 같이 편리하고 사용하기 쉬운 해결책을 제시해준다. 이러한 중요한 장점에도 불구하고 개인건강기록 서비스는 데이터의 보안에 관련된 소비자 입장에서는 피할 수 없는 중요한 도전을 제기하고 있다. 개인건강기록 기술이 헬스케어와 융합되면서 사용자 개인정보 침해가 발생하고 사용자의 민감한 의료정보가 유출되는 문제가 증가되고 있다. 본 논문에서는 개인건강기록 서비스의 취약점과 반드시 해결해야할 다양한 보안 측면을 분석한다. 또한, 개인건강기록 사용자와 애플리케이션 서비스 제공자 관점에서 보안 요구사항을 기술하였으며, 개인건강기록 보안 요구사항을 만족하고 보안위협을 대응할 수 있는 보안 메커니즘에 대해 연구하였다.

Keywords

References

  1. Yuksel, M., Dogac, A."Interoperability of Medical Device Information and the Clinical Applications: An HL7 RMIM based on the ISO/IEEE 11073 DIM", , IEEE Transactions on Information Technology in Biomedicine, Volume 15, Issue 4, Pages: 557 - 566, 2011 https://doi.org/10.1109/TITB.2011.2151868
  2. https://developer.apple.com/healthkit/
  3. https://www.microsoft.com/microsoft-health
  4. http://www.microsoft.com/microsoft-band/
  5. https://www.healthvault.com/
  6. Personal Health Records and the HIPAA Privacy Rule.
  7. Deukjo Hong, Jaechul Sung, Seokhie Hong, Jongin Lim, Sangjin Lee, Bon-Seok Koo, Changhoon Lee, Donghoon Chang, Jesang Lee, Kitae Jeong, Hyun Kim, Jongsung Kim, Seongtaek CheeShow less, "HIGHT: A New Block Cipher Suitable for Low-Resource Device", Lecture Notes in Computer Science, Vol. 4249, pp 46-59, 2006.
  8. JeaHoon Park, JaeCheol Ha, "Improved Differential Fault Analysis on Block Cipher ARIA," Lecture Notes in Computer Science, Vol. 7690, pp 82-95, 2012.
  9. Hamid Mala , Mohammad Dakhilalian, Mohsen Shakiba, "Impossible Differential Attacks on 13-Round CLEFIA-128", Journal of Computer Science and Technology, Volume 26, Issue 4, pp 744-750, July 2011. https://doi.org/10.1007/s11390-011-1173-0
  10. Hong, Deukjo, Jung-Keun Lee, Dong-Chan Kim,Daesung Kwon, Kwon Ho Ryu, and Dong-Geon Lee. "LEA: A 128-bit block cipher for fast encryption on common processors." In Information Security Applications, pp. 3-27. Springer International Publishing, 2014.
  11. A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J. B. Robshaw, Y. Seurin, C. Vikkelsoe, "PRESENT: An Ultra-Lightweight Block Cipher", Lecture Notes in Computer Science, Volume 4727, pp 450-466, 2007.
  12. Elena Trichina, Domenico De Seta, and Lucia Germani, "Simplified Adaptive Multiplicative Masking for AES", Lecture Notes in Computer Science(LNCE), Vol.2523, pp.71-85, 2003.
  13. Wheeler, David J. and Needham, Roger M. "TEA Extensions". Computer Laboratory, Cambridge University, England. October, 1997.
  14. ENGELS, Daniel, et al. The Hummingbird-2 lightweight authenticated encryption algorithm. In: RFID. Security and Privacy. Springer Berlin Heidelberg, 2012. p. 19-31.
  15. Eunjong Hong, Jai-Hoon Chung, Chae Hoon Lim, "Hardware Design and Performance Estimation of the 128-bit Block Cipher Crypton", Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems, Pages 49-60, 1999.
  16. Myung-Kyu Yi, Hee-Joung Hwang, "A Low Power Lifelog Management Scheme Based on User Movement Behaviors in Wireless Networks" The Journal of The Institute of Internet, Broadcasting and Communication (IIBC), Vol. 15, No. 2, pp.157-165, Apr. 30, 2015. https://doi.org/10.7236/JIIBC.2015.15.2.157
  17. Yun-Jeong Lee, Hyung-Deok Shin, "Effects of Contents Narrativity on the Related Contents Preference: Surveying on Korean College Students", Journal of the Korea Academia- Industrial cooperation Society, Vol. 16, No. 1 pp. 62-69, 2015 https://doi.org/10.5762/KAIS.2015.16.1.62