Whats a suitable crypto system for this app? 509/PGP?

Discussion in 'NZ Computing' started by Kurt Häusler, Jul 3, 2007.

  1. Hi,
    I am developing part of an application that handles sets of medical data
    that need to be encrypted when they are being saved to a disk or sent over
    a network to protect patient privacy. Basically whenever they exist as a
    file outside the the database.

    Authentication or digital signatures are not considered that important but
    could be a nice feature to add on.

    At the moment we are thinking of 2 levels of security, the stronger option
    is using a public key system, so it can be encrypted specifically for the
    intended recipient and only them. The disadvantages are that there might
    be no internet connection available to search for and download public keys.

    So we are thinking of also offering a password based symmetric key option.
    Where the password can be either generated or chosen at export time. That
    can be printed out and posted or spoken to the recipient over the phone or
    something, it would have to be less than 10 characters so people can
    be bothered to type in.

    I am a fan of OpenPGP and initially thought of using the PGP SDK, but the
    MS Crypto API should also be considered. X.509 solutions seem to be taken
    more seriously in the commercial world than web of trust systems, and
    perhaps we could buy keys in bulk from a CA and provide them with the
    software, if it works that way, it seems as though users need to present
    id or personally visit the CA to get a trusted key, but I could be wrong
    on that, X.509 does seem to focus more on digital signatures than
    encryption.

    Anyway what do you gurus think?

    Any other out of the box solutions are most welcome.
    Kurt Häusler, Jul 3, 2007
    #1
    1. Advertising

  2. Re: Whats a suitable crypto system for this app?

    In message <>, Kurt Häusler wrote:

    > I am developing part of an application that handles sets of medical data
    > that need to be encrypted when they are being saved to a disk or sent over
    > a network to protect patient privacy.


    Encryption technology is about keeping secrets, not about maintaining
    people's privacy. Privacy is maintained by policy, not by encryption
    technology.

    Before you design your security system, have you asked yourself what threat
    scenarios you envisage? Who is likely to want to violate patients' privacy,
    and how might they try to do it?

    It seems to me people's medical records are of little or no interest to
    anybody except those patients.
    Lawrence D'Oliveiro, Jul 4, 2007
    #2
    1. Advertising

  3. Hello!
    You wrote on Tue, 03 Jul 2007 15:25:08 -0500:

    KH> So we are thinking of also offering a password based symmetric key
    KH> option. Where the password can be either generated or chosen at export
    KH> time. That can be printed out and posted or spoken to the recipient
    KH> over the phone or something, it would have to be less than 10
    KH> characters so people can be bothered to type in.

    Passphrase (i.e. a long meaningful sentence) can be used instead of a short
    password.

    The question "what to use" depends on how you will receive the public key
    and how you will confirm it's identity (in order not to encrypt the data
    with some false key which will be used for information theft). If you can
    ensure that the key has come from the intended recipient, then OpenPGP is a
    good choice. If you need to verify the key itself, then you are stuck with
    X.509 and public CAs. Your assumption that X.509 is mainly for signing is
    probably biased, cause the backend technologies (public key cryptography)
    are the same in OpenPGP and X.509 (PKCS#7, to be precise).

    Our product, SecureBlackbox (see signature) provides support for both X.509
    and OpenPGP technologies.

    With best regards,
    Eugene Mayevski
    http://www.SecureBlackbox.com - the comprehensive component suite for
    network security
    Eugene Mayevski, Jul 4, 2007
    #3
  4. On Wed, 04 Jul 2007 11:21:20 +0300, Eugene Mayevski wrote:

    > Passphrase (i.e. a long meaningful sentence) can be used instead of a short
    > password.


    I am leaning more and more away from the idea of allowing the user to
    choose a password and more towards the idea of a pki based thing, running
    our own simple CA. The key management seems to be the tricky aspect,
    particularly for users with no internet. I am looking at a number of off
    the shelf CA solutions now.

    > Our product, SecureBlackbox (see signature) provides support for both X.509
    > and OpenPGP technologies.


    Thanks I will have a look.
    Kurt Häusler, Jul 4, 2007
    #4
  5. Re: Whats a suitable crypto system for this app?

    On Wed, 04 Jul 2007 19:36:17 +1200, Lawrence D'Oliveiro wrote:

    > Encryption technology is about keeping secrets, not about maintaining
    > people's privacy. Privacy is maintained by policy, not by encryption
    > technology.


    You are right, as far as policy goes most jurisdictions, especially in our
    target markets America and Europe have (or soon will have) laws that make
    it an offence to "allow unauthorised third parties access to confidential
    medical information".

    There have apparently been lawsuits already where a patients secret
    medical information has been released without their consent.

    Our goal is to implement a system that allows doctors to treat such
    confidential information as a secret to be shared between a small number
    of participants. So in this way privacy is enabled by a
    system that allows secret-keeping.

    > Before you design your security system, have you

    asked yourself what
    > threat scenarios you envisage? Who is likely to want to violate
    > patients' privacy, and how might they try to do it?


    Some of the scenarios include selling information on famous people to the
    media, potentially blackmailing people by threatening to reveal medical
    conditions that the patient considers secret or private, also people have
    in the past released medical pictures of breasts and genitals on
    pornography sites which the patients found somewhat traumatic.

    > It seems

    to me people's medical records are of little or no interest to
    > anybody except those patients.


    Generally yes, but surveys on privacy indicate people are mostly worried
    about their medical information being released. Anyway the need for the
    software is established, so I am only really concerned with making the
    general case (that of allowing unauthorised third parties access to
    confidential/private/secret medical information) as difficult as possible.
    Kurt Häusler, Jul 4, 2007
    #5
  6. Re: Whats a suitable crypto system for this app?

    In message <>, Kurt Häusler
    wrote:

    > Some of the scenarios include selling information on famous people to the
    > media, potentially blackmailing people by threatening to reveal medical
    > conditions that the patient considers secret or private...


    And how would you guard against that? Who among the categories of people who
    might be given access to this information can be completely relied on not
    to release it? Are the doctors absolutely trustworthy? If not, who?
    Lawrence D'Oliveiro, Jul 4, 2007
    #6
  7. Re: Whats a suitable crypto system for this app?

    On Wed, 04 Jul 2007 22:42:53 +1200, Lawrence D'Oliveiro wrote:

    > In message <>, Kurt Häusler
    > wrote:
    >
    >> Some of the scenarios include selling information on famous people to the
    >> media, potentially blackmailing people by threatening to reveal medical
    >> conditions that the patient considers secret or private...

    >
    > And how would you guard against that? Who among the categories of people who
    > might be given access to this information can be completely relied on not
    > to release it? Are the doctors absolutely trustworthy? If not, who?


    Problems can't be prevented 100% of course, but risk can be managed, blame
    allocated, chances of problems occurring minimized.

    At some point doctors have to be trusted to a certain extent, they are
    trained and paid to respect peoples privacy and accept that
    responsibility as part of their job. But there's no reason to burden all
    the trainees, secretaries, nurses, and couriers etc who might come into
    possession of a DVD containing confidential information with that degree
    of responsibility too. The business case for encrypting medical
    information in transit is already established and medical professionals
    are waiting on software to give them the confidence to perform their
    duties in an increasingly hostile litigative environment.
    Kurt Häusler, Jul 4, 2007
    #7
  8. Re: Whats a suitable crypto system for this app?

    In message <>, Kurt Häusler
    wrote:

    > On Wed, 04 Jul 2007 22:42:53 +1200, Lawrence D'Oliveiro wrote:
    >
    >> In message <>, Kurt Häusler
    >> wrote:
    >>
    >>> Some of the scenarios include selling information on famous people to
    >>> the media, potentially blackmailing people by threatening to reveal
    >>> medical conditions that the patient considers secret or private...

    >>
    >> And how would you guard against that? Who among the categories of people
    >> who might be given access to this information can be completely relied on
    >> not to release it? Are the doctors absolutely trustworthy? If not, who?

    >
    > At some point doctors have to be trusted to a certain extent, they are
    > trained and paid to respect peoples privacy and accept that
    > responsibility as part of their job. But there's no reason to burden all
    > the trainees, secretaries, nurses, and couriers etc who might come into
    > possession of a DVD containing confidential information with that degree
    > of responsibility too.


    Why not? That already happens with paper files. They could be trusted not to
    leak information from those, why should DVDs be any different?
    Lawrence D'Oliveiro, Jul 4, 2007
    #8
  9. Re: Whats a suitable crypto system for this app?

    On Wed, 04 Jul 2007 23:13:23 +1200, Lawrence D'Oliveiro wrote:


    >> At some point doctors have to be trusted to a certain extent, they are
    >> trained and paid to respect peoples privacy and accept that
    >> responsibility as part of their job. But there's no reason to burden all
    >> the trainees, secretaries, nurses, and couriers etc who might come into
    >> possession of a DVD containing confidential information with that degree
    >> of responsibility too.

    >
    > Why not? That already happens with paper files. They could be trusted not to
    > leak information from those, why should DVDs be any different?


    Well that's a good question really. I don't know actually know the answer.
    People do seem to worry more about their privacy and security more as it
    relates to the electronic domain than in more traditional forms of
    information. For example everyone is worried about pictures of naked
    children and bomb making instructions online but no one seems to be worried
    about it in art or libraries. Same with credit card fraud, it seems to me
    that its easier to be a victim of it by handing your card to the waiter in
    a restaurant than by buying a book from amazon but I only ever hear about
    it being an issue online.

    Maybe it is just a case of people fearing what they don't know or perhaps
    find harder to understand, perhaps as a programmer I only hear about these
    issues as they refer to the digital domain and they are in fact just as
    relevant to paper based records. Perhaps there are certain aspects of the
    nature of electronic information that makes problems easier or more
    serious than in the equivalent non-electronic form. Maybe the fact that
    non-electronic systems are older than electronic ones means that the
    issues there have long been resolved and the electronic world is catching
    up. Probably on a case by case basis any number of these issues may or may
    not be relevant.

    Actually I would like to think that sensitive paper based records are in
    fact treated as seriously as electronic ones and have been for a long
    time, and that every effort is made to protect privacy and confidentiality
    regardless of what form the information finds itself in.

    As a programmer though I am primarily interested in the implementation of
    security as it pertains to digital records regardless of the perceived
    need or otherwise for it.

    Interesting discussion but I think the questions you have regarding the
    degree of necessity are, although interesting, beyond what I know about
    the subject. I appreciate the need for security but I don't feel
    particularly obliged, compelled, or prepared to convincingly
    persuade others that they need it. In many cases people probably don't care
    less but the people paying me seem to so that's good enough for me.
    Kurt Häusler, Jul 4, 2007
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mathias Herberts
    Replies:
    0
    Views:
    691
    Mathias Herberts
    Feb 28, 2004
  2. bb3

    AVG Update 509 Available

    bb3, Aug 12, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    366
    bob\(mc\)
    Aug 12, 2003
  3. Vincent Kirsch

    X 509 certificates and PFX files

    Vincent Kirsch, Nov 17, 2003, in forum: Computer Security
    Replies:
    1
    Views:
    3,217
  4. philbo30
    Replies:
    0
    Views:
    356
    philbo30
    Jan 17, 2008
  5. Giuen
    Replies:
    0
    Views:
    865
    Giuen
    Sep 12, 2008
Loading...

Share This Page