Tag Archives: health data

New THaW Patent: Data System with Information Provenance

Posted on by
Reply

The THaW team is proud to announce the issuing of a patent for a secure, integrated data system and method that employs blockchain and Trusted Execution Environment (TEE) technologies. This method achieves information provenance for data, particularly, mobile health device data.

Using a blockchain to record and enforce data access policies removes the need to trust a single entity with gatekeeping the health data. Instead, participants form a consortium and collectively partake in verifying and enforcing access policies for data stored in private data silos. Data access and computation takes place inside of TEEs, which preserves data confidentiality and provides a verifiable attestation that can be stored on the blockchain for the purpose of information provenance.

This ensures that patients have confidence in the privacy of their original health data that may be managed by multiple entities, and provides security and information provenance for that data while it is aggregated or transformed during interactions between patient and healthcare professionals.

To learn more, check out the patent! Organizations interested in this patented work are encouraged to contact the authors.

Hardin, Taylor, and David Kotz. Data system with information provenance. US20210273812A1, issued September 2, 2021. https://patents.google.com/patent/US20210273812A1/en.

New THaW Paper on Recurring Device Verification

Posted on by
Reply

An IoT device user with a blood-pressure monitoring device should have the assurance that the device operates how a blood-pressure monitor should operate. If the monitor is connected to a measurement app that collects, stores, and reports data, but interacts in a way that is inconsistent with typical interactions for this type of device, there may be cause for concern. The reality of ubiquitous connectivity and frequent mobility gives rise to a myriad of opportunities for devices to be compromised. Thus, we argue that one-time, single-factor, device-to-device authentication (i.e., an initial pairing) is not enough, and that there must exist some mechanism to frequently (re-)verify the authenticity of devices and their connections.

In this paper we propose a device-to-device recurring authentication scheme – Verification of Interaction Authenticity (VIA) – that is based on evaluating characteristics of the communications (interactions) between devices. We adapt techniques from wireless traffic analysis and intrusion detection systems to develop behavioral models that capture typical, authentic device interactions (behavior); these models enable recurring verification of device behavior. 

To read more, check out the paper here.

Travis Peters, Timothy J. Pierson, Sougata Sen, José Camacho, and David Kotz. Recurring Verification of Interaction Authenticity Within Bluetooth Networks. Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2021), pages 192–203. ACM, June 2021. doi:10.1145/3448300.3468287. ©