IT security and privacy

300566
Introduction to Health Informatics

Lecture 09
Objectives

¡ IT Security and Privacy

¡Certification Authorities and NASH
Healthcare Identifier for IT
companies. Why?
IT security
¡ Authentication- Who sent (or uploaded) the
information

¡ Integrity- That the information content has not been

altered in any way between sending (or uploading)
and receiving (or downloading)

¡ Non-repudiation- That the sender (or uploader)

cannot at some later stage dispute they created
and sent (or uploaded) the information
¡ Confidentiality - That only the person the information
is directed to can open it

Is having a username and password enough to achieve above?

What is Cryptography?
¡Collection of mathematical technique to
protect information is called cryptography
¡The process of using cryptography to
scramble a message using a mathematical
key is called “Encryption”
¡Unscrambling the message by use of
appropriate key is called “Decryption”
¡Encryption and Decryption provides
confidentiality of data
Simple Cryptography Example
¡ Clear text: message in readable form

¡ Cipher text: encrypted message

¡ Key + Encryption/decryption Algorithm: mathematical function used to

transform the data

¡ Encryption : creating cipher text from clear text using the key

¡ Decryption : creating back the clear text form cipher text using the
appropriate key
Encryption

PID-123456
PID-123456 Key
Diagnosis –
Diagnosis – HIV positive +
HIV positive
Algorithm

Clear text Decryption Cipher text

Cryptography Strength
What determines the cryptography strength:

¡Security application and platform quality

¡The cryptographic algorithm
¡The length of the key (direct relationship to
strength of security: longer is better)
¡Private key storage (secrecy of the keys)
¡The protocol used to generate/manage the
keys
¡Non-existence of back doors for encryption.
(additional ways to decrypt a message
without knowing the encryption key)
Types of Cryptographies

Symmetric key algorithms

¡Same key is used to encrypt and decrypt
messages
¡Also known as secret key algorithms

Asymmetric key algorithms

¡Use one key to encrypt and another to
decrypt
¡Normally the the keys are called public and
private keys
Symmetric Encryption
Single Symmetric Encryption Method example

identical keys

GP
IT System MyHR

PID- PID-
123456 encrypt PID-123456 123456
Diagnosis
Diagnosis –
HIV positive
decrypt Diagnosis
HIV positive HIV positive
Symmetric encryption
¡Common secret key: so how do you
share it?
¡Fast speed and difficult to crack.
¡Based on stream and/or block
methods.
¡Useful for bulk encryption of data or
data streams
Symmetric key algorithms in use
¡ Triple DES
¡ Triple DES uses three individual keys with 56 bits
each. The total key length adds up to 168 bits
¡ Blowfish
¡ Splits messages into blocks of 64 bits and encrypts
them individually.
¡ Twofish
¡ 256 bits in length and as a symmetric technique
¡ Advanced Encryption Standard (AES)
¡ the standard by the U.S. Government and
numerous organizations
¡ efficient in 128-bit form, AES also uses keys of 192
and 256 bits for heavy duty encryption purposes
Attacks on Symmetric Encryption algorithms
¡ Cryptanalysis
¡ Ciphertext-only: has access only to a collection of ciphertexts
¡ Known-plaintext: has access to a set of ciphertexts to which he
knows the corresponding plaintext
¡ Chosen-plaintext (chosen-ciphertext): has access to ciphertexts
(plaintexts) corresponding to an arbitrary set of plaintexts
(ciphertexts).

¡ Key Search (brute force) attacks

¡ Attempting to decrypt the message with every possible keyà Most
attempt will fail but eventually will succeed

¡ System-based attacks
¡ Attacking the cryptographic system that uses the cryptography
algorithm (not the algorithm)
¡ Example: closely watch the random number generation by a
particular system and once the pattern is identified the key can be
worked out
Asymmetric encryption
¡Synonym for public key cryptography

¡more computationally intensive than purely

symmetric algorithms à Slow

¡History
¡Based on the concept found by Whithfield
Diffie and Martin Hellman (1976 Stanford
University)
¡This was further developed in to popular RSA
algorithm by Rivest, Shamir and Adleman
(1978 MIT) (discussed later)
Asymmetric Encryption
¡Uses two keys:
¡ One is used to encrypt messages (the public key).
¡ Other is used do decrypt messages (the private key).

A message encrypted with one key can only be decrypted with the
other key!
Public Key Cryptography
ALICE BOB

Determine Secret Value a Determine Secret Value b

Calculate Public value A Calculate Public value B
Make Public value A available Make Public value B available

Retrieve Public B Retrieve Public A

Compute shared secret key Compute shared secret key

Four pieces
ALICE’s private key – a (accessible only by ALICE)
ALICE’s public key – A (accessible by ALICE, BOB and anyone else)
BOB’s private key – b (accessible only by BOB)
BOB’s public key - B (accessible by BOB, ALICE and anyone else)

Rules
Message encrypted with a can be only decrypted using A
Message encrypted with A can only be decrypted using a
Message encrypted with b can be only decrypted using B
Message encrypted with B can only be decrypted using b
Public Key Cryptography- confidentiality
Alice wants to send a message securely to Bob.
Alice knows – a, A, B
What key should she use to encrypt? Bob knows – b, B, A

ALICE A,a,B or b BOB

B Transmitted b
Message
Cleartext Cleartext
encrypt decrypt Message
Message Encoded
Message

Rule
Message encrypted with B can only be decrypted using b

Problem– How does BOB know for sure that it is Alice who sent the message?
Public Key Cryptography- Authentication + Confidentiality

Alice wants to send a message securely to Bob and

Bob wants to make sure it is Alice who sent it
Alice knows – a, A, B
Bob knows – b, B, A
ALICE BOB

a,B Transmitted b,A

Message
Cleartext Cleartext
encrypt decrypt Message
Message Encoded
Message

• Alice first encrypts the message using her private key = a(m) = m’
• Then encrypts again using Bob’s public key = B(m’) = m’’
• Bob first decrypt using his private key = b(m’’)=m’
• Bob then decrypt using Alice’s public key = A(m’)=m
Attacks on Public Key algorithms
¡ Key Search (brute force) attacks
¡ Attempting to factor the large number that is associated with the public
key and derive the private key from that

¡ Analytic attack
¡ Trying to find a fundamental flaw or weakness in the mathematical
function on which the system is based on
¡ Side channel attack: any attack based on information gained from the
physical implementation of a cryptosystem (not theoretical weaknesses
in algorithms) – (based on time taken, power consumption, electric
pulses)

¡ Known versus published methods

¡ There might be methods that are not published for the future usage
¡ Example: Through a major mathematical break through if new methods were developed
by a government agency, it might be kept secret to be used against encrypted messages
sent by officials of other countries

DRAWBACK – Public Key Algorithms can be slow compared

symmetric key algorithms
Double key pairs used to provide confidentiality and
authentication of sender
GP Oncologist
Oncologist’s Oncologist’s
Public Private
Key Key
GP’s GP’s
Private Public
Key Key Oncologist
GP Double reading
sending encrypt encrypt encoded decrypt decrypt GP’s
diagnosis message diagnosis

Origin authentication and confidentiality

but way too slow
Symmetric and Asymmetric key cryptography for
confidentiality and faster processing
Bob Alice
symmetric
key Alice’s
Alice’s encrypted
Public Key Private Key
with
public
Random key
Symmetric Random
Key encrypt decrypt Symmetric
Key (DES)

Symmetric
Clear encrypt decrypt Clear
key
Text Text
Encoded
Message

Fast and confidential but lost the origin

Authentication and not Integrity checking
Symmetric and Asymmetric key cryptography for
confidentiality and faster processing

Bob Message Alice

transmitted
• SymKey{m}=m • Alicepri{SymKey }=Sy
• Alicepub{SymKey}= mKey
SymKey +
SymKey m • SymKey{m }= m

m – clear text message

Bob Alice m´ - Message transmitted
Alice’s
symmetric
key Alice’s
DES – Symmetric key
DES´ - Encoded Symmetric Key
encrypted
Public Key Private Key
with
public
Random
Symmetric
encrypt
key

decrypt
Random
Symmetric
Alicepub– Alice s Public key
Alicepri – Alice s Private key
Key
Key (DES)

Symmetric
Clear
Text
encrypt key
Encoded
decrypt Clear
Text Fast and confidential but lost the origin
Message
Authentication and not Integrity
checking
Hash Function
Takes a variable length input and returns a shorter output
of fixed length.
¡ Function characteristics
¡ One-way function
¡ easy to compute but difficult to reverse
¡ Hence public
¡ Collision free
¡ If x ≠ y then H(x) ≠ H(y)
¡ In other words… if H(x)=H(y)è implies x=y
¡ Efficient

¡ Two popular Hash Functions are

¡ MD5
¡ designed by Ronald Rivest in 1991, Was widely used. Serious flaws were
identified in 2004
¡ SHA-1
¡ Designed by National Security Agency (NSA) in 1993. Popularly used in
(SSL, PGP, SSH, S/MIME, etc.)
Message Digest
¡ Fixed length value created after running through a
Hash function

¡ Synonym to Digital Fingerprint of the message, Integrity

Check Value

Message Hash
(Variable length) Function Digest
Using Message Digest to check Integrity
Bob HASH FUNCTION Alice

Transmitted
Message &
integrity check
value Compute Expected
Compute
Cleartext integrity Integrity
integrity
Message check check
check Cleartext
value value
value Message

Integrity Compare Alice can

check expected Confirm
value with the
transmitted message
integrity integrity
check value

Checks integrity by no confidentiality or origin

authentication
What are Digital Signatures?
¡ Analogous to ordinary physical signatures on paper
¡ Bind the message origin to the exact contents of the
message

¡ Establish sender authentication and message integrity

(2/3 of non-repudiation)

¡ In cryptography
¡ digital signatures are message digests (hashes) that
are encrypted with the sender’s private key
¡ In most countries there are still concerns about the
legal validity of digital signatures
Digital Signature
Bob Alice

Clear DES
Encoded Clear
Text encrypt decrypt
Message Text

Bob’s Bob’s
Private Public
Key Key R-calculate
Calculate Encoded and
digest encrypt Digest decrypt Verify
Digital digest
Signature
Achieving message integrity, origin authentication
and confidentiality (with fast processing)

Bob Symmet
Alice
ric key Alice’s
encrypt Private Key
ed
with
Alice’s public
Public Key key

Random
Symmetric
Random decrypt key
Symmetric
key encrypt
Clear
decrypt Text
Clear Symmetric
Text key
encrypt
Encoded
Message Bob’s
Bob’s
Public Key Recalculate
Private Key
Calculate decrypt and
digest Encoded Verify
Digest digest
encrypt
Achieving message integrity, origin authentication and
confidentiality (with fast processing)
Bob Message Alice
transmitted
PBKalice{SymKey}= PVKalice {SymKey }=SymKey
SymKey (Symmetric Key)

SymKey{M} = M SymKey{M }=M (Clear text Message –

SymKey Ensures the confidentiality)
+
[Hash{M}] = md M 1. PBKbob{md } = md-1 (non reversible
PVKbob{md}=md message digest received and the
+ authentication of the proof of origin)
(Digital Signature)
md
2. Hash {M} = md-2 (non reversible

• M – Clear Text Message

message digest calculated based on
• M´ - Message encrypted with symmetric key the message received)
• SMK – Symmetric Key 3. Compare md-1 and md-2 (If similar
• SMK ´ - Symmetric key encrypted
• PBK alice – Public Key of the Alice
message integrity is achieved)
• PVK alice – Private Key of the Alice
• PBK bob – Public Key of the Bob
• PVK bob – Private Key of the Bob
• Hash – Message digest algorithm
• md – Message digest or Hash value
• md´ - Encrypted message digest
What cryptographies can’t do
¡Cannot protect unencrypted documents
¡Cannot protect against stolen encryption
keys
¡Cannot protect against most denial-of-service
attacks
¡Cannot protect against message traffic or the
fact that a message was sent (proof of
delivery)
¡Cannot protect against a booby-trapped
encryption program
¡ For example modifying the encryption programs
¡Cannot protect against traitor or a mistake
What are some good encryption
practices?
¡ Key management policies
¡ Keep keys password protected
¡ Password length, complexity, and maintenance
¡ Key length: at least 64 bits
¡ Compressed files: compress, then encrypt
¡ Message contents: if message might be guessed,
add meaningless characters (Padding)
Public Key Infrastructure (PKI)
¡ PKIs are third party systems that;
¡ Verify Key holders authentication
¡ Issue public keys and software to generate private keys
¡ Public Keys are generated from centrally located software
and Private keys are generated form distributed software
(with the key holder)
¡ Public keys are issued as digital certificates
¡ Attest that the public key contained in the certificate belongs
to holder (person, company, server, etc.)
¡ Maintain and publish certificate revocation list (CRL)
¡ Certificates that are no longer valid

¡ Usually known as ‘Certificate Authorities’ (CA)

¡ Institutions and governments may have their own Cas

¡ Hierarchy or mesh of CAs and CA certificates

¡ In larger scale deployment Alice does not trust Bob’s CA
¡ But Bob’s CA is certified by CA2, whom Alice trust
Public Key Infrastructure (PKI)
¡ PKIs are systems that manage key pairs, verify key
holders/users and issues digital certificates.

¡ Certification Authority (CA)

¡ Issues/Revokes key certificates
¡ Publishes certificate revocation lists (CRLs)

¡ Registration authority (RA)

¡ Registers and attests to CAs on the identity of
CA users

¡ Certificate Repository (CR)

¡ Public database holding certificates and CRLs.
Certificates in the Browser
National Authentication Service for Health - NASH

¡ Certificate Authority (CA) for health related

government services
¡ Issue public keys and software to generate private
keys for the following uses
¡ Individual to access MyHR
¡ securely share data between MyHR and health
information software at clinician end
¡ access the NASH PKI directory

¡ Eligibility - registered in the Healthcare Identifiers (HI)

Service as:
¡ a healthcare provider,
¡ a contracted service provider, or
¡ a general supporting organisation that assists in the
delivery of Digital Health (IT company)
https://www.humanservices.gov.au/organisations/health-professionals/services/medicare/national-authentication-service-health