Redactable Blockchain for Enforcing GDPR Regulations on Mobile
Redactable Blockchain for Enforcing GDPR Regulations on Mobile Healthcare Systems Oral Qualifying Exam Arij Alfaidi
Outline • Introduction • Related works • Problem Statement • Proposed Dissertation Tasks 3/3/2021 Arij Alfaidi- Mhealthy. Rec 2
Introduction • Essential for health providers to integrate mobile applications into their health care delivery systems as a way of enhancing the quality of care. • Helps in sharing among providers, patients, practitioners, and other stakeholders involved in patient well-being. 3/3/2021 Arij Alfaidi- Mhealthy. Rec 3
General m. Health system Architecture 3/3/2021 Arij Alfaidi- Mhealthy. Rec 4
Electronic Medical Record (EMR) • PHR : Personal Health Record , user has access to this health information • EHR: Electronic Health Record, all PHR will be saved in EHR that’s can be shared among facility. • EMR: Electronic Medical Record providers only can see and edit this records 3/3/2021 Arij Alfaidi- Mhealthy. Rec Esposito, Christian, et al. "Blockchain: A panacea for healthcare cloud-based data security and privacy? . " IEEE Cloud Computing 5. 1 (2018): 31 -37. 5
EMR/EHR/PHR ecosystem 3/3/2021 Arij Alfaidi- Mhealthy. Rec 6
Security VS Privacy in m. Health • Privacy : health information privacy is an individual’s right to control the acquisition, uses, or disclosures of his or her identifiable health data. • Security: It refers to physical, technological, or administrative safeguards or tools used to protect identifiable health data from unwarranted access or disclosure. Iyengar, Arun, Ashish Kundu, and George Pallis. "Healthcare Informatics and Privacy. " IEEE Internet Computing 22. 2 (2018): 29 -31. Arij Alfaidi- Mhealthy. Rec 3/3/2021 7
Security and Privacy risks of EMR • Management of the EMRs is done by individual providers, which leaves all the private records in the databases of the providers. • Private information vulnerable to various security, control, and privacy challenges. • Due to the vulnerability of the policy enforcement mechanisms Arij Alfaidi- Mhealthy. Rec 3/3/2021 8
GDPR Application requirements • Explicit Consent (Article 7) Freely given, specific, informed and unambiguous. • Right to rectification (Article 16) The right to correct data the saved or used. • User right to be forgotten (Article 17). Users should be able to request that their entire data history is deleted and removed from all records. • Right to restrict processing( Article 18) Prevent the companies from doing something with user data without permission of the user or knowledge. Mangset, Peder Lind. Analysis of Mobile Application's Compliance with the General Data Protection Regulation (GDPR). MS thesis. NTNU, 2018. GDPR law documats 3/3/2021 Arij Alfaidi- Mhealthy. Rec 9
GDPR Application requirements • Data Breach Notifications (Article 33): within 72 hours of knowing that the breach happens. • Data Protection Officers (controller) (Article 39). inform , advise , monitor compliance with this Regulation and cooperate with the supervisory authority. Mangset, Peder Lind. Analysis of Mobile Application's Compliance with the General Data Protection Regulation (GDPR). MS thesis. NTNU, 2018. GDPR law documats Arij Alfaidi- Mhealthy. Rec 3/3/2021 10
GDPR violations € 3. 6 billion!! Kimberly A. Houser & W. Gregory Voss, GDPR: The End of Google and Facebook or a New Paradigm in Data Privacy? , 25 RICH. J. L. & TECH. no. 1 (2018). 3/3/2021 Arij Alfaidi- Mhealthy. Rec € 3. 9 billion!! 11
GDPR Conformance Testing • Kiyavitskaya, N. , Zeni, N. , Breaux, T. D. , Anto n, A. I. , Cordy, J. R. , Mich, L. , Mylopoulos, J. : Automating the extraction of rights and obligations for regulatory compliance. In: International Conference on Conceptual Modeling. pp. 154– 168. Springer (2008) • Conley, Ed, and Matthias Pocs. "GDPR Compliance Challenges for Interoperable Health InformaƟon Exchanges (HIEs) and Trustworthy Research Environments (TREs). " European Journal for Biomedical Informatics 14. 3 (2018): 48Ͳ 61. 3/3/2021 Arij Alfaidi- Privacy and Security In Mobile Healthcare Systems 12
Blockchain • • Peer to peer Network. Decentralized Architecture. The new block sent to everyone in the Network. Each node should valid the new block before adding it by calculating hash function called censuses protocol Proof Of Work. There are 3 types of Blockchain: • Public Blockchain • Private Blockchain • Consortium Blockchain • Blockchain with m. Health. • Storing EMR • Secure communication. • Health insurance payments. 3/3/2021 Zyskind, Guy, and Oz Nathan. "Decentralizing privacy: Using blockchain to protect personal data. " Security and Privacy Workshops (SPW), 2015 IEEE, 2015. Arij Alfaidi- Mhealthy. Rec 13
Consortium Blockchain in m. Health Rose Hospital PHR 1 -2 - Rose Labs Rose Hospital PHR 2 -13/3/2021 Rose Research center Arij Alfaidi- Mhealthy. Rec -4 -3 - -5 - 14
Proof Of Stake (POS) The validator is choosen based on how much coins (stake) they have Who will give the coins in m. Health for validators ? Validator take transaction fees after validating. More Decentralize and more Effective. King, Sunny, and Scott Nadal. "Ppcoin: Peer-to-peer crypto-currency with proof-of-stake. " self 3/3/2021 published paper, Arij Alfaidi- Mhealthy. Rec August 19 (2012). 15
Redactable Blockchain Bi-1 Bi Bi+1 B’i Bi+1 • Adding a lock to each link of the hash chain. • Without the lock key it’s hard to find collision and the chain remain immutable. • With the knowledge of the key any redaction is possible: deletion, modification and insertion. • If the lock key is lost the redactable blockchain will reverse to immutable. Ateniese, Giuseppe, et al. "Redactable blockchain–or–rewriting history in bitcoin and 3/3/2021 IEEE European Symposium on Security and Privacy (Euro. S&P). IEEE, friends. " 2017 Arij Alfaidi- Mhealthy. Rec 16
Chameleon hash function • Provides a trapdoor key to allow the system to make modification insides blocks in Blockchain • Traditional hash function does not allow such operation. S = H(ctr, G (s, x, r)) S’ = H(ctr’, G (s’, x’, r’)) Hash s Hash previous n Transaction x Nonce ctr Randomness R … 3/3/2021 … S”= H(ctr”, G (s”, x”, r”)) S’ Hash S” Hash Previous S Hash previous S’ Transactions X” Nonce Ctr’ Nonce Ctr” Randomness R’ Randomness R” … … Arij Alfaidi- Mhealthy. Rec … … 17
Redactable Blockchain performance. Ateniese, Giuseppe, et al. "Redactable blockchain–or–rewriting history in bitcoin and friends. " 2017 IEEE European Symposium on Security and Privacy (Euro. S&P). IEEE, 2017 3/3/2021 Arij Alfaidi- Mhealthy. Rec 18
Mhealthy. Rec Demo system 4. Responding Doctor Website 2. Create wallet (Codeigniter) 6. Send Health Data Mheakthy. Rec Website W 3 Node Server 3. Get wallet address 9 - save/Get data in DB 5. Get Health Data 7. Add/Delete Diagnosis Database (My. SQL) Blockchain 8. Share/Unshare or Accept/Deny to delete Diagnosis 3/3/2021 Arij Alfaidi- Mhealthy. Rec 19
Demo Arij Alfaidi- Mhealthy. Rec 3/3/2021 20
3/3/2021 Arij Alfaidi- Mhealthy. Rec 21
Problem • How Can we save EMR in a Redactable Blockchain to follow the GDPR requirements with enhanced censuses protocol to give Patient full control of their EMR data ? Arij Alfaidi- Mhealthy. Rec 3/3/2021 22
Research Tasks 3/3/2021 Arij Alfaidi- Mhealthy. Rec 23
Task 1: Develop efficient Po. S-based blockchain With mobile application we need the performance to be fast with the importance of secure of the communication. Investigate and enhance the use of the Ouroboros Genesis OG technology is a Po. S-based blockchain that’s used in Ethereum blockchain for m. Health system. Analyze the use of the OG technology that can allow m. Health users to access care both online and offline with minimal risk exposure by implementing some enhanced protocols. 3/3/2021 Arij Alfaidi- Mhealthy. Rec 24
Task 2. Design and Develop Redactable Blockchain • Design efficient Po. S consensus protocol for redactable blockchain • Propose to modify (Ethereum) software by Implementing chameleon hash function on Ethereum blockchain function to make the Editing available when needed. 3/3/2021 trap-door key will be held by Data protection Officer to make the modification available when needed. Arij Alfaidi- Mhealthy. Rec Investigating a solution to the problem that’s accrue in the block shrinking algorithm. (block holes) 25
Task 3. Develop m. Health system with the efficient redactable blockchain 3/3/2021 26
Task 3. Develop m. Health system with the efficient redactable blockchain Design Mhealthy. Rec General Architecture using redactable blockchain. Develop an enhanced prototype i. Phone application for the patients to access and manage their patient data in m. Health system. Develop an enhanced prototype website with related web pages and server side scripts for the doctors to access and manage medical data in m. Health. Develop a web app that interacts with the backend redactable blockchain server system for the General data protection officer to add/delete and edit data on redactable blockchain. Analyze using redactable blockchain to implement an enhanced a m. Health system following GDPR 3/3/2021 Arij Alfaidi- Mhealthy. Rec 27
Questions Arij Alfaidi- Privacy and Security In Mobile Healthcare Systems 3/3/2021 2 8
- Slides: 28