The Medical Information Privacy Assurance Project
People:

Giuseppe Ateniese

Breno de Medeiros

Reza Curtmola


Project Goals

The MIPA project seeks to develop privacy technologies and privacy-protecting infra-structures that facilitate the development of a uniform health information standard, as mandated by HIPAA (The Health Insurance Portability and Accountability Act of 1996). When the problem of data protection and privacy is addressed at a technical level, prevention of privacy policy violations is achieved. Technical solutions are thus important components of an overall strategy for protecting the privacy of health data, as policy enforcement through non-technical means (legal prosecution of infractors) is very expensive in the long run and can only be applied after undesirable events (violations) have occurred.

The main goal of our research is to design and implement a system that allows users to interact anonymously with different organizations. A major feature of our system is the possibility to revoke the anonymity of individuals in emergency situations or under cases required by law.


Refereed project publications

  • Sanitizable Signatures (with D. Chou, B. de Medeiros, and G. Tsudik), in ESORICS 2005, September 12-14, 2005.
    • Abstract: "We introduce the notion of sanitizable signatures that offer many attractive security features for certain current and emerging applications. A sanitizable signature allows authorized semi-trusted censors to modify -- in a limited and controlled fashion -- parts of a signed message without interacting with the original signer. We present constructions for this new primitive, based on standard signature schemes and secure under common cryptographic assumptions. We also provide experimental measurements for the implementation of a sanitizable signature scheme and demonstrate its practicality."
  • On the Key Exposure Problem in Chameleon Hashes (with B. de Medeiros), Full version of the paper in the Proceedings of The Fourth Conference on Security in Communication Networks (SCN'04), LNCS of Springer-Verlag, Amalfi, 2004. In Cryptology ePrint Archive, Report 2004/243.
    • A key-exposure-free chameleon hash is a very useful primitive that allows censors, privacy officers, or any third parties to change parts of a signed message as long as they are authorized to do so. Secret information would not be leaked as result of these changes to the original message, as it would happen with previously-known constructions.
  • A Provably Secure Nyberg-Rueppel Signature Variant with Applications (with B. de Medeiros). Technical Report, 2004. In Cryptology ePrint Archive, Report 2004/93.
    • This variant of the Nyberg-Rueppel signature can be used to build complex privacy-protecting primitives such as group signatures. It can also be used to build ID-based self-certified public keys in order to provide simplified key management within an organization.
  • ID-based Chameleon Hash and Applications (with B. de Medeiros). In Financial Cryptography 2004. Also, in Cryptology ePrint Archive, Report 2003/167.
    • An ID-based Chameleon signature is a very efficient type of non-transferable signature, i.e., the signature can be verified only by the intended recipient. This type of signature is very useful in many privacy settings. For instance, a doctor may sign a prescription so that the pharmacist can verify its authenticity but he cannot prove to others (drug companies/employers) that the patient is taking certain medicines. The signature can be verified only by the pharmacist but has no legal value: Others have no means to establish whether the signature is authentic or not. However, non-repudiation is preserved by allowing a trusted third party (a judge, for instance) to inconfutably establish the authenticity of the signature and restore its legal value.
  • Efficient Group Signatures without Trapdoors (with B. de Medeiros), in the Proc. of ASIACRYPT 2003. Also, in Cryptology ePrint Archive, Report 2002/173.
    • A group signature scheme that does not employ any trapdoor functions (e.g., RSA is used as one-way function and no group member knows the trapdoor). The scheme is useful when building more complex anonymous systems where several organizations have to collaborate while keeping the information of their customers private.
  • Anonymous E-Prescriptions (with B. de Medeiros), in ACM Workshop on Privacy in the Electronic Society (WPES02), Washington, DC, USA - November 21, 2002 - Sponsored by ACM SIGSAC.
    • A design of an electronic prescription system along with a careful analysis of the prescription problem and medical information privacy in general.
  • Medical Information Privacy Assurance: Cryptographic and System Aspects (with R. Curtmola,B. de Medeiros, and D. Davis), in Third Conference on Security in Communication Networks 2002 (SCN02), September 12-13, 2002, Amalfi (Italy).
    • A collection of projects made by students involved with the project.

    Software

    Coming soon!