Telemedizin WS 08/09 Data Security 1 Worzyk FH Anhalt Data Security and Cryptography Legal data...
-
Upload
alex-carroll -
Category
Documents
-
view
214 -
download
0
Transcript of Telemedizin WS 08/09 Data Security 1 Worzyk FH Anhalt Data Security and Cryptography Legal data...
Telemedizin WS 08/09Data Security 1Worzyk
FH Anhalt
Data Security and Cryptography
• Legal data protection• Risk analysis and IT Baseline
Protection• Data security• Cryptography• Smart card
Telemedizin WS 08/09Data Security 2Worzyk
FH Anhalt
Data Security and Cryptography
Data protection, Privacy (legal)Protection of personal dataProtection of persons against not
authorized processing of data concerning that person
Data Security (technical)Protection against
Loss, dammageNot authorised reading, changing
Telemedizin WS 08/09Data Security 3Worzyk
FH Anhalt
Data protection
Legal data protectioninterdiction with conditionally allowanceGerman Data Protection Act Federal State Data Protection Act special Data Protection Act :
Gesundheitsstrukturgesetz (health structure act)
Personalvertretungsgesetz (staff / workers council Data Protection Act )
Telemedizin WS 08/09Data Security 4Worzyk
FH Anhalt
Telemedizin WS 08/09Data Security 5Worzyk
FH Anhalt
Telemedizin WS 08/09Data Security 6Worzyk
FH Anhalt
Telemedizin WS 08/09Data Security 7Worzyk
FH Anhalt
Privacy failure - an example The Hampshire hospital system provides a good example of the
failure to fully address privacy issues raised by information technology in the National Health Service (NHS). Because the then health minister held the constituency of Winchester (in Hampshire), new information technology systems were implemented more quickly there than elsewhere. These new systems had the feature that all laboratory tests ordered by general practitioners were entered into a hospital information system, which made them available to all staff on the wards and to consultants in the outpatient department. The stated goal was to cut down on duplicate testing; but the effect was that even highly sensitive matters such as HIV and pregnancy test results were no longer restricted to a handful of people (the general practitioner, practice secretary, the pathologist and the lab technician), but were widely available.
As with the London Ambulance Service, a timely warning of impending disaster was ignored, and the system duly went live on schedule. A nurse who had had a test done by her general practitioner complained to him after she found the result on the hospital system at Basingstoke where she worked; this caused outrage among local general practitioners and other medical staff, and may have contributed to the health minister's loss of his seat at the 1997 general election. The eventual outcome was that the relevant parts of the system were turned off at some hospitals.
Telemedizin WS 08/09Data Security 8Worzyk
FH Anhalt
Data Security safety requirements
Reproduction of destroyed datacomplete, fast, consistent
Substitution of destroyed processesBackup of destroyed hardwareBackup of programs
Protection of the communication Not authorised reading, changing
Telemedizin WS 08/09Data Security 9Worzyk
FH Anhalt
IT Baseline Protection Federal Office for
Information Security
http://www.bsi.de/
Consulting of Federal- State- and Local authorities
http://www.bsi.de/english/index.htmhttp://www.bsi.de/english/gstool/index.htm
Telemedizin WS 08/09Data Security 10Worzyk
FH Anhalt
Uninterruptable Power supply
(UPS)• Which devices shall be supplied?
– Server– Disks– Clients– Network
• How long ?– Only for shutdown– Continue the appliations
Telemedizin WS 08/09Data Security 11Worzyk
FH Anhalt
emergency power supply
http://www.evk-mettmann.de/index.php?section=21http://www.energiesparendes-krankenhaus.de/index.php?id=115
http://www.kabel-vereinigung.at/musterhaus/notstrom.htm
http://www.bas-aggregate.de/FrameProdukte.htm
Stationärer Stromerzeuger 800 kVAFür die Notstromversorgung eines Krankenhauses
Telemedizin WS 08/09Data Security 12Worzyk
FH Anhalt
Our UPS
Server + Monitor 1kW
Disks 3*1.5 kW
USV ca. 7 kW for 15 Minutes
At a power failure the UPS signals an interrupt to the CPU which shuts down
UPS must support the operating system!
Telemedizin WS 08/09Data Security 13Worzyk
FH Anhalt
Downtime
24 hours operation on 7 days means:
Time between two downtimes
Accepted downtime by system stability
99% 99,9% 99,99% 1 day 15 minutes 1,5 minutes 8 seconds 1 week 1 ½ hours 10 minutes 1 minutes 1 month 7 hours ¾ hours 4 minutes 1 year 3 ½ days 8 ½ hours 52 minutes
Telemedizin WS 08/09Data Security 14Worzyk
FH Anhalt
Causes of failure
Hardware and operating systeme
20 %
Faulty application programs
40%
Human failure 40%
Telemedizin WS 08/09Data Security 15Worzyk
FH Anhalt
attacks on the communication
Man-in-the-middlethe attacker makes independent connections with the victims and relays
messages between them, making them believe that they are talking directly to each other over a private connection when in fact the entire conversation is controlled by the attacker.
Spoofing-Attackea situation in which one person or program successfully
masquerades as another by falsifying data and thereby gaining an illegitimate advantage
Denial-of-Servicemake a computer resource unavailable to its intended users
Replaydata transmission is maliciously or fraudulently repeated or delayed
Combination of attacks
Telemedizin WS 08/09Data Security 16Worzyk
FH Anhalt
Protection against attacks
Firewall
Encryption
Authentication
non-repudiation
Reception control
Telemedizin WS 08/09Data Security 17Worzyk
FH Anhalt
Firewall
Computer between the internet and
the local network. It analyses the
data stream and locks or opens the
passage depending on the
services, addressee and sender.
Telemedizin WS 08/09Data Security 18Worzyk
FH Anhalt
Firewall
Local network
firewall
local
Web
Server
Internet
e.g.library
All access allowed
e.g. departmentcertain access
allowed
e.g. departmentNo access allowed
Telemedizin WS 08/09Data Security 19Worzyk
FH Anhalt
encryptionCryptologyScience of coding messages
CryptographyMapping a message on an incomprehensible text
CryptoanalysisDecryption of an incomprehensible text
SteganographyHiding a message in a harmless text
Telemedizin WS 08/09Data Security 20Worzyk
FH Anhalt
Telemedizin WS 08/09Data Security 21Worzyk
FH Anhalt
Skytale
D IN
A ND
S DE
G ER
O TH
L SO
D IE
BCH
E HL
N I D D N A E D S R E G H T O O S L E I D H C B L H E E I F
F IE
Telemedizin WS 08/09Data Security 22Worzyk
FH Anhalt
Cäsar Chiffre
DERSCHATZLIEGTINEINEMEISENKASTEN
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ABCDEFGHIJKLMNOPQRSTUVWXYZ
FGTUEJCVBNKGVKPGKGOGKUGPMCUVGP
Telemedizin WS 08/09Data Security 23Worzyk
FH Anhalt
Cäsar Chiffre
Decoding by counting the frequency of letters DERSCHATZLIEGTINEINEMEISENKASTEN
E 7 7 GN 4 4 PI 4 4 KS 3 3 UT 3 3 VR 1 1 TA 2 2 CD 1 1 F
FGTUEJCVBNKGVKPGKGOGKUGPMCUVGP
Telemedizin WS 08/09Data Security 24Worzyk
FH Anhalt
Frequency of letters
german ENISTRAD
english ETANORI
french ESIANTUR
Telemedizin WS 08/09Data Security 25Worzyk
FH Anhalt
Cipheringsymmetric key
plain textEncryption plain textCipher text
Decryption
Key
Key
Exchange of keys
Telemedizin WS 08/09Data Security 26Worzyk
FH Anhalt
Cipheringasymmetric key
Plain TextEncryption Plain TextCipher textDecryption
Pu
b B
ob
P B
ob
Pub Bob
Certificate AuthoritiesPublic keyAlice Bob
Pub AlicePub
Private keyP Alice
Private keyP Bob
%&G(=Plain Text
Pu
b A
lice
Telemedizin WS 08/09Data Security 27Worzyk
FH Anhalt
RSA-CIPHERRivest Shamir Aldemanrequired: two prime numbers p,q=> Public key (encrypt)
n = p*qe relatively prime with (p-1)*(q-1)
Private Keyd with d*e = 1 mod(p-1)*(q-1)
encrypt: c = me mod ndecrypt: m = cd mod n
Telemedizin WS 08/09Data Security 28Worzyk
FH Anhalt
RSA-Examplep = 47; q = 59; p*q = n = 2773(p-1) * (q-1) = 46*58 = 2668e*d = 1 mod 2668 <=> (e*d) / 2668 Rest 1n = 2773; e = 17; d = 157HALLO ... => 080112121500...080117 mod 2773 = 2480121217 mod 2773 = 23452480157 mod 2773 = 8012345157 mod 2773 = 1212
Telemedizin WS 08/09Data Security 29Worzyk
FH Anhalt
RSA-CIPHER time to decipher
Digits Bits Year Computer Duration
cpu
140 1999
200; 300MHz
1 Monat 9 Jahre
155 512 1999
300 3,7 Monate
37,5 Jahre
160 530 2002
100 20 Tage
200 663 2005
80; 2.2 GHz 3 Monate
55 Jahre
The RSA Factoring Challenge
Telemedizin WS 08/09Data Security 30Worzyk
FH Anhalt
Pretty Good Privacysending
messagechecksum
DigitalSignatur
Private keyof sender
Symmetric key
Public keyof receiver
Random number
EncryptedRandom number
Encryptedmessage
Telemedizin WS 08/09Data Security 31Worzyk
FH Anhalt
Pretty Good Privacyreceiving
message
checksum
DigitaleSignatur
Private keyof receiver
Symmetric key
Public keyof sender
Random number
EncryptedRandom number
Encryptedmessage
checksum
= ?
Telemedizin WS 08/09Data Security 32Worzyk
FH Anhalt
Digital Signaturprocedure
Document
Checksum
Hashfunktion
Signatur
Private key
Document
Signatur
StorageDocument
Checksum
Signatur
Public key
Checksum ?=
Hashfunktion
Telemedizin WS 08/09Data Security 33Worzyk
FH Anhalt
Roles of a Signature
• Closing• Identity• Authenticity• Evidence• Inhibition threshold
Telemedizin WS 08/09Data Security 34Worzyk
FH Anhalt
Regulation concerning Digital Signatur
(Signaturverordnung - SigV)§ 16 Anforderungen an die technischen Komponenten
(1) Die zur Erzeugung von Signaturschlüsseln erforderlichen technischen Komponenten müssen so beschaffen sein, daß ein Schlüssel mit an Sicherheit grenzender Wahrscheinlichkeit nur einmal vorkommt und aus dem öffentlichen Schlüssel nicht der private Schlüssel errechnet werden kann. Die Geheimhaltung des privaten Schlüssels muß gewährleistet sein und er darf nicht dupliziert werden können. Sicherheitstechnische Veränderungen an den technischen Komponenten müssen für den Nutzer erkennbar werden.
Telemedizin WS 08/09Data Security 35Worzyk
FH Anhalt
Regulation concerning Digital Signatur
The technical components which are necessary for the production of signature keys must be in a condition that a key will appear only once and that a private key can not be calculated from the public key. The privacy of the private key must be ensured and it should be not possible to dublicate the key. Safety-relevant changes in the technical components must become recognizable for the user.
Telemedizin WS 08/09Data Security 36Worzyk
FH Anhalt
Realisation of SigG, SigV und SigRL
• Linking the public key to its owner• Safe storage of the private key• Building of the digital signature in
a safe environment• uniqueness of the key http://www.bsi.bund.de/esig/index.htm
Telemedizin WS 08/09Data Security 37Worzyk
FH Anhalt
certificate• A certificate links a public key to a specific person• A reliable third party (Certification Authority - CA) signs these data
• The public key of the CA is known
Serial number
Name of the owner
Public key of the owner
...
Signatur of CA
Telemedizin WS 08/09Data Security 38Worzyk
FH Anhalt
Certification Authority
Die Erteilung von Genehmigungen und die Ausstellung von Zertifikaten, die zum Signieren von Zertifikaten eingesetzt werden, sowie die Überwachung der Einhaltung dieses Gesetzes und der Rechtsverordnung nach § 16 obliegen der Behörde nach § 66 des Telekommunikationsgesetzes
Bundesnetzagenturhttp://www.nrca-ds.de/
Telemedizin WS 08/09Data Security 39Worzyk
FH Anhalt
Kinds of digital signaturesSimple Signature
• Sign under the document • scanned signature• elektronic business card
Uncontrolled use, no authenticity
Telemedizin WS 08/09Data Security 40Worzyk
FH Anhalt
Kinds of digital signatures
advanced Signature• exclusively related to the key owner• Permits the identification of the key
owner• Is generated under the exclusive control
of the key owner• Is related to the signed data in that kind
that subsequent change of the data can be detected
• examples: PGP, Verisign, Sphinx• May be used inhouse
Telemedizin WS 08/09Data Security 41Worzyk
FH Anhalt
Kinds of digital signatures Qualified Signature
without accreditation of provider
• advanced Signature with:– A certificate which is valide at the time of
signature– Created with a safe program to create
signature keys
• The provider registers at Bundesnetzagentur, but will not be reviewed periodicallyhttp://www.bundesnetzagentur.de/enid/2.html
Telemedizin WS 08/09Data Security 42Worzyk
FH Anhalt
Kinds of digital signatures Qualified Signature
without accreditation of provider
• Qualified Signature• The provider will be checked by
Bundesnetzagentur • Longterm reliability is ensured• The signature is equivalent to a
signature by hand and the opponent must prove that it is forged
Telemedizin WS 08/09Data Security 43Worzyk
FH Anhalt
Smart card for the Digital Signatur
• tamper-proof and confidential storage
• security relevant operations are executed on the smart card
• Simple transport and high availability
• Highly accepted
Telemedizin WS 08/09Data Security 44Worzyk
FH Anhalt
Smart card Mikrocontroller
• CPU + Co-Prozessor (Crypto-Unit)• RAM (~2k), ROM (~32k) und
EEPROM (~32k .. 64k)• I/O Crypto
Unit
CPU
I/OSystem
RAM
ROM
EEPROM
Telemedizin WS 08/09Data Security 45Worzyk
FH Anhalt
Data Security and Cryptography
• Legal data protection• IT Baseline Protection • attacks on the communication• Symmetric - asymmetric
encryption • Digital signature• Smart cards