INNBC DApp, a decentralized application to permanently store biomedical data on a modern, proof-of-stake (POS), blockchain such as BNB Smart Chain.

BACKGROUND: A blockchain can be described as a distributed ledger database where, under a consensus mechanism, data are permanently stored in records, called blocks, linked together with cryptography. Each block contains a cryptographic hash function of the previous block, a timestamp, and transaction data, which are permanently stored in thousands of nodes and never altered. This provides a potential real-world application for generating a permanent, decentralized record of scientific data, taking advantage of blockchain features such as timestamping and immutability. IMPLEMENTATION: Here, we propose INNBC DApp, a Web3 decentralized application providing a simple front-end user interface connected with a smart contract for recording scientific data on a modern, proof-of-stake (POS) blockchain such as BNB Smart Chain. Unlike previously proposed blockchain tools that only store a hash of the data on-chain, here the data are stored fully on-chain within the transaction itself as "transaction input data", with a true decentralized storage solution. In addition to plain text, the DApp can record various types of files, such as documents, images, audio, and video, by using Base64 encoding. In this study, we describe how to use the DApp and perform real-world transactions storing different kinds of data from previously published research articles, describing the advantages and limitations of using such a technology, analyzing the cost in terms of transaction fees, and discussing possible use cases. RESULTS: We have been able to store several different types of data on the BNB Smart Chain: raw text, documents, images, audio, and video. Notably, we stored several complete research articles at a reasonable cost. We found a limit of 95KB for each single file upload. Considering that Base64 encoding increases file size by approximately 33%, this provides us with a theoretical limit of 126KB. We successfully overcome this limitation by splitting larger files into smaller chunks and uploading them as multi-volume archives. Additionally, we propose AES encryption to protect sensitive data. Accordingly, we show that it is possible to include enough data to be useful for storing and sharing scientific documents and images on the blockchain at a reasonable cost for the users. CONCLUSION: INNBC DApp represents a real use case for blockchain technology in decentralizing biomedical data storage and sharing, providing us with features such as immutability, timestamp, and identity that can be used to ensure permanent availability of the data and to provide proof-of-existence as well as to protect authorship, a freely available decentralized science (DeSci) tool aiming to help bring mass adoption of blockchain technology among the scientific community.

An enhanced pairing-free certificateless directed signature scheme.

Directed signature is a special cryptographic technique in which only the verifier designated by the signer can verify the validity of the signature. Directed signature can effectively protect the privacy of the signer's identity, so it is very suitable for medical records, taxation, and other fields. To improve the security and performance of the directed signature scheme, Gayathri et al. proposed the first certificateless directed signature (CLDS) scheme without bilinear pairing and claimed that their CLDS scheme could withstand Type I and Type II attacks. In this article, we provide two attack methods to assess the security of their CLDS scheme. Unfortunately, our results indicate that their CLDS scheme is insecure against Type I and Type II attacks. That is, their CLDS scheme does not meet the unforgeability and cannot achieve the expected security goals. To resist these attacks, we present an improved CLDS scheme and give the security proof. Compared with similar schemes, our scheme has better performance and higher security.

Perceived Security Risk Based on Moderating Factors for Blockchain Technology Applications in Cloud Storage to Achieve Secure Healthcare Systems.

Due to the high amount of electronic health records, hospitals have prioritized data protection. Because it uses parallel computing and is distributed, the security of the cloud cannot be guaranteed. Because of the large number of e-health records, hospitals have made data security a major concern. The cloud's security cannot be guaranteed because it uses parallel processing and is distributed. The blockchain (BC) has been deployed in the cloud to preserve and secure medical data because it is particularly prone to security breaches and attacks such as forgery, manipulation, and privacy leaks. An overview of blockchain (BC) technology in cloud storage to improve healthcare system security can be obtained by reading this paper. First, we will look at the benefits and drawbacks of using a basic cloud storage system. After that, a brief overview of blockchain cloud storage technology will be offered. Many researches have focused on using blockchain technology in healthcare systems as a possible solution to the security concerns in healthcare, resulting in tighter and more advanced security requirements being provided. This survey could lead to a blockchain-based solution for the protection of cloud-outsourced healthcare data. Evaluation and comparison of the simulation tests of the offered blockchain technology-focused studies can demonstrate integrity verification with cloud storage and medical data, data interchange with reduced computational complexity, security, and privacy protection. Because of blockchain and IT, business warfare has emerged, and governments in the Middle East have embraced it. Thus, this research focused on the qualities that influence customers' interest in and approval of blockchain technology in cloud storage for healthcare system security and the aspects that increase people's knowledge of blockchain. One way to better understand how people feel about learning how to use blockchain technology in healthcare is through the United Theory of Acceptance and Use of Technology (UTAUT). A snowball sampling method was used to select respondents in an online poll to gather data about blockchain technology in Middle Eastern poor countries. A total of 443 randomly selected responses were tested using SPSS. Blockchain adoption has been shown to be influenced by anticipation, effort expectancy, social influence (SI), facilitation factors, personal innovativeness (PInn), and a perception of security risk (PSR). Blockchain adoption and acceptance were found to be influenced by anticipation, effort expectancy, social influence (SI), facilitating conditions, personal innovativeness (PInn), and perceived security risk (PSR) during the COVID-19 pandemic, as well as providing an overview of current trends in the field and issues pertaining to significance and compatibility.

Webinar ética, seguridad y privacidad en tiempos de COVID-19

Conversatorio virtual organizado por la Red Centroamericana de Informática en Salud en colaboración con Central American Healthcare Initiative, el 7 de mayo de 2020.

Collaborative calculation and application of interreal and real interval relations to protect privacy.

The determination of the relation between a number and a numerical interval is one of the core problems in the scientific calculation of privacy protection. The calculation of the relationship between two numbers and a numerical interval to protect privacy is also the basic problem of collaborative computing. It is widely used in data queries, location search and other fields. At present, most of the solutions are still fundamentally limited to the integer level, and there are few solutions at the real number level. To solve these problems, this paper first uses Bernoulli inequality generalization and a monotonic function property to extend the solution to the real number level and designs two new protocols based on the homomorphic encryption scheme, which can not only protect the data privacy of both parties involved in the calculation, but also extend the number domain to real numbers. In addition, this paper designs a solution to the confidential cooperative determination problem between real numbers by using the sign function and homomorphism multiplication. Theoretical analysis shows that the proposed solution is safe and efficient. Finally, some extension applications based on this protocol are given.

Flimma: a federated and privacy-aware tool for differential gene expression analysis.

Aggregating transcriptomics data across hospitals can increase sensitivity and robustness of differential expression analyses, yielding deeper clinical insights. As data exchange is often restricted by privacy legislation, meta-analyses are frequently employed to pool local results. However, the accuracy might drop if class labels are inhomogeneously distributed among cohorts. Flimma ( https://exbio.wzw.tum.de/flimma/ ) addresses this issue by implementing the state-of-the-art workflow limma voom in a federated manner, i.e., patient data never leaves its source site. Flimma results are identical to those generated by limma voom on aggregated datasets even in imbalanced scenarios where meta-analysis approaches fail.

Workshop RNDS: segurança da informação - 11/12/2020

A secure remote user authentication scheme for 6LoWPAN-based Internet of Things.

One of the significant challenges in the Internet of Things (IoT) is the provisioning of guaranteed security and privacy, considering the fact that IoT devices are resource-limited. Oftentimes, in IoT applications, remote users need to obtain real-time data, with guaranteed security and privacy, from resource-limited network nodes through the public Internet. For this purpose, the users need to establish a secure link with the network nodes. Though the IPv6 over low-power wireless personal area networks (6LoWPAN) adaptation layer standard offers IPv6 compatibility for resource-limited wireless networks, the fundamental 6LoWPAN structure ignores security and privacy characteristics. Thus, there is a pressing need to design a resource-efficient authenticated key exchange (AKE) scheme for ensuring secure communication in 6LoWPAN-based resource-limited networks. This paper proposes a resource-efficient secure remote user authentication scheme for 6LoWPAN-based IoT networks, called SRUA-IoT. SRUA-IoT achieves the authentication of remote users and enables the users and network entities to establish private session keys between themselves for indecipherable communication. To this end, SRUA-IoT uses a secure hash algorithm, exclusive-OR operation, and symmetric encryption primitive. We prove through informal security analysis that SRUA-IoT is secured against a variety of malicious attacks. We also prove the security strength of SRUA-IoT through formal security analysis conducted by employing the random oracle model. Additionally, we prove through Scyther-based validation that SRUA-IoT is resilient against various attacks. Likewise, we demonstrate that SRUA-IoT reduces the computational cost of the nodes and communication overheads of the network.

Design and Application of Electronic Rehabilitation Medical Record (ERMR) Sharing Scheme Based on Blockchain Technology.

As the value of blockchain has been widely recognized, more and more industries are proposing their blockchain solutions, including the rehabilitation medical industry. Blockchain can play a powerful role in the field of rehabilitation medicine, bringing a new research idea to the management of rehabilitation medical data. The electronic rehabilitation medical record (ERMR) contains rich data dimensions, which can provide comprehensive and accurate information for assessing the health of patients, thereby enhancing the effect of rehabilitation treatment. This paper analyzed the data characteristics of ERMR and the application requirements of blockchain in rehabilitation medicine. Based on the basic principles of blockchain, the technical advantages of blockchain used in ERMR sharing have been studied. In addition, this paper designed a blockchain-based ERMR sharing scheme in detail, using the specific technologies of blockchain such as hybrid P2P network, block-chain data structure, asymmetric encryption algorithm, digital signature, and Raft consensus algorithm to achieve distributed storage, data security, privacy protection, data consistency, data traceability, and data ownership in the process of ERMR sharing. The research results of this paper have important practical significance for realizing the safe and efficient sharing of ERMR, and can provide important technical references for the management of rehabilitation medical data with broad application prospects.

Privacy-Oriented Technique for COVID-19 Contact Tracing (PROTECT) Using Homomorphic Encryption: Design and Development Study.

BACKGROUND: Various techniques are used to support contact tracing, which has been shown to be highly effective against the COVID-19 pandemic. To apply the technology, either quarantine authorities should provide the location history of patients with COVID-19, or all users should provide their own location history. This inevitably exposes either the patient's location history or the personal location history of other users. Thus, a privacy issue arises where the public good (via information release) comes in conflict with privacy exposure risks. OBJECTIVE: The objective of this study is to develop an effective contact tracing system that does not expose the location information of the patient with COVID-19 to other users of the system, or the location information of the users to the quarantine authorities. METHODS: We propose a new protocol called PRivacy Oriented Technique for Epidemic Contact Tracing (PROTECT) that securely shares location information of patients with users by using the Brakerski/Fan-Vercauteren homomorphic encryption scheme, along with a new, secure proximity computation method. RESULTS: We developed a mobile app for the end-user and a web service for the quarantine authorities by applying the proposed method, and we verified their effectiveness. The proposed app and web service compute the existence of intersections between the encrypted location history of patients with COVID-19 released by the quarantine authorities and that of the user saved on the user's local device. We also found that this contact tracing smartphone app can identify whether the user has been in contact with such patients within a reasonable time. CONCLUSIONS: This newly developed method for contact tracing shares location information by using homomorphic encryption, without exposing the location information of patients with COVID-19 and other users. Homomorphic encryption is challenging to apply to practical issues despite its high security value. In this study, however, we have designed a system using the Brakerski/Fan-Vercauteren scheme that is applicable to a reasonable size and developed it to an operable format. The developed app and web service can help contact tracing for not only the COVID-19 pandemic but also other epidemics.

An efficient and provably secure key agreement scheme for satellite communication systems.

Satellite communication has played an important part in many different industries because of its advantages of wide coverage, strong disaster tolerance and high flexibility. The security of satellite communication systems has always been the concern of many scholars. Without authentication, user should not obtain his/her required services. Beyond that, the anonymity also needs to be protected during communications. In this study, we design an efficient and provably secure key agreement scheme for satellite communication systems. In each session, we replace user's true identity by a temporary identity, which will be updated for each session, to guarantee the anonymity. Because the only use of lightweight algorithms, our proposed scheme has high performance. Furthermore, the security of the proposed scheme is proved in the real-or-random model and the performance analysis shows that the proposed scheme is more efficient than some other schemes for satellite communication systems.

Physician, Protect Thyself: Why Psychiatrists Should Be Aware of Their Internet Presence and How to Protect Themselves.

ABSTRACT: Modern psychiatric practice requires the use of the Internet, and the current pandemic has accelerated the adoption of technology in clinics. Psychiatrists receive significant education on protecting patient privacy and medical information when using these tools. However, they receive little training regarding protecting their own personal privacy in the Internet era. Private information, often without one's knowledge, is frequently available online and accessible by patients. The work of physicians and psychiatrists creates additional unique vulnerabilities to privacy. Given the essential nature of the Internet in modern clinical practice, physicians should understand how to monitor and protect personal privacy and safety online. We provide advice to minimize vulnerability to a privacy breach, with a focus on areas unique to psychiatrists and psychiatric practice. We review the literature on physician safety online and offer guidance to get started.

Um Mapeamento Sistemático da Literatura no uso da IEC 62304 / A Systematic Literature Mapping in the use of IEC 62304 / Un Mapeo Sistemático de la Literatura en el uso de IEC 62304

A IEC 62304 fornece requisitos para os fabricantes de sistemas de saúde demonstrarem sua capacidade de fornecer softwares desenvolvidos com processos, atividades e tarefas, associadas aos riscos de segurança, que devem ser demonstrados para atendimento de fins regulatórios em diversos países. Este trabalho apresenta um mapeamento sistemático da literatura envolvendo os trabalhos que reportam utilizações, vantagens e dificuldades no uso da IEC 62304 em seus quase 15 anos de existência.

IEC 62304 provides requirements for manufacturers of healthcare systems to demonstrate their ability to provide software developed with processes, activities, and tasks, associated with safety risks, which must be demonstrated to meet regulatory purposes in several countries. This work presents a systematic literature mapping involving works that report uses, advantages and difficulties in the use of IEC 62304 in its almost 15 years of existence.

IEC 62304 proporciona requisitos para que los fabricantes de sistemas de atención médica demuestren su capacidad para proporcionar software desarrollado con procesos, actividades y tareas, asociadas con riesgos de seguridad, que deben demostrarse para cumplir con los propósitos regulatorios en varios países. Este trabajo presenta un mapeo sistemático de literatura que involucran trabajos que reportan usos, ventajas y dificultades en el uso de IEC 62304 en sus casi 15 años de existencia.

Lightweight user authentication scheme for roaming service in GLOMONET with privacy preserving.

With the development of information technology and the Internet, users can conveniently use roaming services without time and space restrictions. This roaming service is initiated by establishing a session key between a home node, which exists in a home network, and a mobile node, which exists in a foreign network. However, in the process of verifying a legitimate user and establishing a session key, various security threats and privacy exposure issues can arise. This study demonstrates that the authentication scheme for the roaming service proposed in the existing Global Mobility Network (GLOMONET) environment has several vulnerabilities and, hence, is impractical. In addition, the scheme does not satisfy the privacy of the session key or user's identity or password. Accordingly, we propose a new lightweight authentication scheme to compensate for these vulnerabilities and secure a high level of privacy, such as non-traceability. In addition, formal and informal analyses are conducted to examine the safety of the proposed scheme. Based on the results of our analyses, we prove that the proposed scheme is highly secure and applicable to the actual GLOMONET environment.

Building an adaptive interface via unsupervised tracking of latent manifolds.

In human-machine interfaces, decoder calibration is critical to enable an effective and seamless interaction with the machine. However, recalibration is often necessary as the decoder off-line predictive power does not generally imply ease-of-use, due to closed loop dynamics and user adaptation that cannot be accounted for during the calibration procedure. Here, we propose an adaptive interface that makes use of a non-linear autoencoder trained iteratively to perform online manifold identification and tracking, with the dual goal of reducing the need for interface recalibration and enhancing human-machine joint performance. Importantly, the proposed approach avoids interrupting the operation of the device and it neither relies on information about the state of the task, nor on the existence of a stable neural or movement manifold, allowing it to be applied in the earliest stages of interface operation, when the formation of new neural strategies is still on-going. In order to more directly test the performance of our algorithm, we defined the autoencoder latent space as the control space of a body-machine interface. After an initial offline parameter tuning, we evaluated the performance of the adaptive interface versus that of a static decoder in approximating the evolving low-dimensional manifold of users simultaneously learning to perform reaching movements within the latent space. Results show that the adaptive approach increased the representational efficiency of the interface decoder. Concurrently, it significantly improved users' task-related performance, indicating that the development of a more accurate internal model is encouraged by the online co-adaptation process.

The Epidemiology of Patients' Email Addresses in a French University Hospital: Case-Control Study.

BACKGROUND: Health care professionals are caught between the wish of patients to speed up health-related communication via emails and the need for protecting health information. OBJECTIVE: We aimed to analyze the demographic characteristics of patients providing an email, and study the distribution of emails' domain names. METHODS: We used the information system of the European Hospital Georges Pompidou (HEGP) to identify patients who provided an email address. We used a 1:1 matching strategy to study the demographic characteristics of the patients associated with the presence of an email, and described the characteristics of the emails used (in terms of types of emails-free, business, and personal). RESULTS: Overall, 4.22% (41,004/971,822) of the total population of patients provided an email address. The year of last contact with the patient is the strongest driver of the presence of an email address (odds ratio [OR] 20.8, 95% CI 18.9-22.9). Patients more likely to provide an email address were treated for chronic conditions and were more likely born between 1950 and 1969 (taking patients born before 1950 as reference [OR 1.60, 95% CI 1.54-1.67], and compared to those born after 1990 [OR 0.56, 95% CI 0.53-0.59]). Of the 41,004 email addresses collected, 37,779 were associated with known email providers, 31,005 email addresses were associated with Google, Microsoft, Orange, and Yahoo!, 2878 with business emails addresses, and 347 email addresses with personalized domain names. CONCLUSIONS: Emails have been collected only recently in our institution. The importance of the year of last contact probably reflects this recent change in contact information collection policy. The demographic characteristics and especially the age distribution are likely the result of a population bias in the hospital: patients providing email are more likely to be treated for chronic diseases. A risk analysis of the use of email revealed several situations that could constitute a breach of privacy that is both likely and with major consequences. Patients treated for chronic diseases are more likely to provide an email address, and are also more at risk in case of privacy breach. Several common situations could expose their private information. We recommend a very restrictive use of the emails for health communication.