Validation of Architecture Effectiveness for the Continuous Monitoring of File Integrity Stored in the Cloud Using Blockchain and Smart Contracts.

The management practicality and economy offered by the various technological solutions based on cloud computing have attracted many organizations, which have chosen to migrate services to the cloud, despite the numerous challenges arising from this migration. Cloud storage services are emerging as a relevant solution to meet the legal requirements of maintaining custody of electronic documents for long periods. However, the possibility of losses and the consequent financial damage require the permanent monitoring of this information. In a previous work named "Monitoring File Integrity Using Blockchain and Smart Contracts", the authors proposed an architecture based on blockchain, smart contract, and computational trust technologies that allows the periodic monitoring of the integrity of files stored in the cloud. However, the experiments carried out in the initial studies that validated the architecture included only small- and medium-sized files. As such, this paper presents a validation of the architecture to determine its effectiveness and efficiency when storing large files for long periods. The article provides an improved and detailed description of the proposed processes, followed by a security analysis of the architecture. The results of both the validation experiments and the implemented defense mechanism analysis confirm the security and the efficiency of the architecture in identifying corrupted files, regardless of file size and storage time.

Mobile Health Systems for Community-Based Primary Care: Identifying Controls and Mitigating Privacy Threats.

BACKGROUND: Community-based primary care focuses on health promotion, awareness raising, and illnesses treatment and prevention in individuals, groups, and communities. Community Health Workers (CHWs) are the leading actors in such programs, helping to bridge the gap between the population and the health system. Many mobile health (mHealth) initiatives have been undertaken to empower CHWs and improve the data collection process in the primary care, replacing archaic paper-based approaches. A special category of mHealth apps, known as mHealth Data Collection Systems (MDCSs), is often used for such tasks. These systems process highly sensitive personal health data of entire communities so that a careful consideration about privacy is paramount for any successful deployment. However, the mHealth literature still lacks methodologically rigorous analyses for privacy and data protection. OBJECTIVE: In this paper, a Privacy Impact Assessment (PIA) for MDCSs is presented, providing a systematic identification and evaluation of potential privacy risks, particularly emphasizing controls and mitigation strategies to handle negative privacy impacts. METHODS: The privacy analysis follows a systematic methodology for PIAs. As a case study, we adopt the GeoHealth system, a large-scale MDCS used by CHWs in the Family Health Strategy, the Brazilian program for delivering community-based primary care. All the PIA steps were taken on the basis of discussions among the researchers (privacy and security experts). The identification of threats and controls was decided particularly on the basis of literature reviews and working group meetings among the group. Moreover, we also received feedback from specialists in primary care and software developers of other similar MDCSs in Brazil. RESULTS: The GeoHealth PIA is based on 8 Privacy Principles and 26 Privacy Targets derived from the European General Data Protection Regulation. Associated with that, 22 threat groups with a total of 97 subthreats and 41 recommended controls were identified. Among the main findings, we observed that privacy principles can be enhanced on existing MDCSs with controls for managing consent, transparency, intervenability, and data minimization. CONCLUSIONS: Although there has been significant research that deals with data security issues, attention to privacy in its multiple dimensions is still lacking for MDCSs in general. New systems have the opportunity to incorporate privacy and data protection by design. Existing systems will have to address their privacy issues to comply with new and upcoming data protection regulations. However, further research is still needed to identify feasible and cost-effective solutions.

Modelo de evaluación de requerimientos de privacidad, seguridad y calidad de servicio para aplicaciones médicas móviles / Model of assessment of requirements of privacy, security and quality of service for mobile medical applications

Resumen Introducción: El desarrollo de tecnologías móviles ha facilitado la creación de aplicaciones mHealth, las cuales son consideradas herramientas clave para la atención segura y de calidad a los pacientes de poblaciones apartadas y con carencia de infraestructura para la prestación de servicios de salud. El artículo considera una propuesta de un modelo de evaluación que permite determinar las debilidades y vulnerabilidades a nivel de seguridad y calidad de servicio (QoS) en aplicaciones mHealth. Objetivo: Realizar una aproximación de un modelo de análisis que apoye la toma de decisiones referentes al uso y producción de aplicaciones seguras, minimizando el impacto y la probabilidad de ocurrencia de los riesgos de seguridad informática. Materiales y métodos: El tipo de investigación aplicada es de tipo descriptivo, debido a que se detallan cada una las características que deben tener las aplicaciones móviles de salud para alcanzar un nivel de seguridad óptimo. La metodología utiliza las normas que regulan las aplicaciones y las mezcla con técnicas de análisis de seguridad, empleando la caracterización de riesgos planteadas por Open Web Application Security Project -OWASP y las exigencias de QoS de la Unión Internacional de Telecomunicaciones -UIT. Resultados: Se obtuvo un análisis efectivo en aplicaciones reales actuales, lo que muestra sus debilidades y los aspectos a corregir para cumplir con parámetros de seguridad adecuados. Conclusiones: El modelo permite evaluar los requerimientos de seguridad y calidad de servicio (QoS) de aplicaciones móviles para la salud que puede ser empleado para valorar aplicaciones actuales o generar los criterios antes de su despliegue.

Abstract Introduction: The development of mobile technologies has facilitated the creation of mHealth applications, which are considered key tools for safe and quality care for patients from remote populations and with lack of infrastructure for the provision of health services. The article considers a proposal for an evaluation model that allows to determine weaknesses and vulnerabilities at the security level and quality of service (QoS) in mHealth applications. Objective: To carry out an approximation of a model of analysis that supports the decision making, concerning the use and production of safe applications, minimizing the impact and the probability of occurrence of the risks of computer security. Materials and methods: The type of applied research is of a descriptive type, because each one details the characteristics that the mobile health applications must have to achieve an optimum level of safety. The methodology uses the rules that regulate applications and mixes them with techniques of security analysis, using the characterization of risks posed by Open Web Application Security Project-OWASP and the QoS requirements of the International Telecommunication Union-ITU. Results: An effective analysis was obtained in actual current applications, which shows their weaknesses and the aspects to be corrected to comply with appropriate security parameters. Conclusions: The model allows to evaluate the safety and quality of service (QoS) requirements of mobile health applications that can be used to evaluate current applications or to generate the criteria before deployment.

An Efficient Watermarking Scheme for Medical Data Security With the Aid of Neural Network

ABSTRACT Digital watermarking has emerged as major technique for ensuring security for various types of data like medical data, digital copyright protection, transaction tracing and so on. With the advancement in digital data distribution over the network there has been increase in the need for protection of such data from unauthorized copying or usages. Watermarking helps in providing the security to some extent. Robustness against any sort of unauthenticated attack is the major requirement of watermarking. In this paper we proposed an efficient watermarking technique for medical data security with the aid of neural network. Usage of neural network is generally used to create and control watermarking strength automatically. This method provides better watermarked data which can be highly secured to unauthorized usage. It is observed that the proposed method provides better security for the multimedia data when compared with other data security methods.