Informe del Comité de Bioética de España sobre aspectos del uso secundario de los datos y el espacio europeo de protección de datos / [Report of the Spanish Bioethics Committee on aspects of secondary use of data and the European data protection space]

El presente informe da respuesta a la consulta de la Secretaría de Estado de Sanidad del Ministerio de Sanidad de 26 de mayo de 2023 sobre algunos aspectos del uso secundario de los datos y el espacio europeo de protección de datos. Recibida la consulta, el Comité aprobó el siguiente informe en su reunión plenaria del día 7 de noviembre de 2023, conforme a lo dispuesto en el artículo 78.1 a) de la Ley 14/2007, de 3 de julio, de Investigación Biomédica, que fija entre las funciones del Comité emitir informes, propuestas y recomendaciones para los poderes públicos de ámbito estatal y autonómico en asuntos con implicaciones bioéticas relevantes. (AU)

Protección de datos en investigación clínica: ¿pseudonimización o anonimización? / [Data protection in clinical research: pseudonymization or anonymization?]

Se pretende analizar la necesidad de codificar los datos de los participantes de un estudio de salud, así como las técnicas que se pueden emplear como medida de protección, analizando sus características, ventajas e inconvenientes y abordándose desde un punto de vista semi-práctico, al desarrollarse brevemente algunas técnicas de codificación. (AU)

Te aim is to analyse the need to code the data of the participants of a health study, as well as the techniques that can be used to do so, analysing their characteristics, advantages and disadvantages and approaching it from a semi-practical point of view, by briefly developing some coding techniques. (AU)

Medical image encryption algorithm based on a new five-dimensional three-leaf chaotic system and genetic operation.

Current image encryption methods have many shortcomings for the medical image encryption with high resolution, strong correlation and large storage space, and it is difficult to obtain reliable clinically applicable medical images. Therefore, this paper proposes a medical image encryption algorithm based on a new five-dimensional three-leaf chaotic system and genetic operation. And the dynamic analysis of the phase diagram and bifurcation diagram of the five-dimensional three-leaf chaotic system selected in this paper is carried out, and NIST is used to test the randomness of its chaotic sequence. This algorithm follows the diffusion-scrambling framework, especially using the principle of DNA recombination combined with the five-dimensional three-leaf chaotic system to generate a chaotic matrix that participates in the operation. The bit-level DNA mutation operation is introduced in the diffusion, and the scrambling and diffusion effects have been further improved. Algorithm security and randomness have been enhanced. This paper evaluates the efficiency of this algorithm for medical image encryption in terms of security analysis and time performance. Security analysis is carried out from key space, information entropy, histogram, similarity between decrypted image and original image, PSNR, correlation, sensitivity, noise attack, cropping attack and so on. Perform time efficiency analysis from the perspective of time performance. The comparison between this algorithm and the experimental results obtained by some of the latest medical image encryption algorithms shows that this algorithm is superior to the existing medical image encryption algorithms to a certain extent in terms of security and time efficiency.

Enhanced quantum signature scheme using quantum amplitude amplification operators.

Quantum signature is the use of the principles of quantum computing to establish a trusted communication between two parties. In this paper, a quantum signature scheme using amplitude amplification techniques will be proposed. To secure the signature, the proposed scheme uses a partial diffusion operator and a diffusion operator to hide/unhide certain quantum states during communication. The proposed scheme consists of three phases, preparation phase, signature phase and verification phase. To confuse the eavesdropper, the quantum states representing the signature might be hidden, not hidden or encoded in Bell states. It will be shown that the proposed scheme is more secure against eavesdropping when compared with relevant quantum signature schemes.

Preventing Medjacking.

ABSTRACT: Advances in medical device technology have led to greater connectivity with other devices, networks, and systems, raising concerns about associated security risks. Many clinicians, as well as the patients who rely on these lifesaving devices, are unaware of these risks and how they can be mitigated. This article describes several types of cyberattacks, including medjacking, hacking, and ransomware, and what nurses can do to guard against security threats and educate patients.

Pindex: Private multi-linked index for encrypted document retrieval.

Cryptographic cloud storage is used to make optimal use of the cloud storage infrastructure to outsource sensitive and mission-critical data. The continuous growth of encrypted data outsourced to cloud storage requires continuous updating. Attacks like file-injection are reported to compromise confidentiality of the user as a consequence of information leakage during update. It is required that dynamic schemes provide forward privacy guarantees. Updates should not leak information to the untrusted server regarding the previously issued queries. Therefore, the challenge is to design an efficient searchable encryption scheme with dynamic updates and forward privacy guarantees. In this paper, a novel private multi-linked dynamic index for encrypted document retrieval namely Pindex is proposed. The multi-linked dynamic index is constructed using probabilistic homomorphic encryption mechanism and secret orthogonal vectors. Full security proofs for correctness and forward privacy in the random oracle model is provided. Experiments on real world Enron dataset demonstrates that our construction is practical and efficient. The security and performance analysis of Pindex shows that the dynamic multi-linked index guarantees forward privacy without significant loss of efficiency.

An efficient and provably secure key agreement scheme for satellite communication systems.

Satellite communication has played an important part in many different industries because of its advantages of wide coverage, strong disaster tolerance and high flexibility. The security of satellite communication systems has always been the concern of many scholars. Without authentication, user should not obtain his/her required services. Beyond that, the anonymity also needs to be protected during communications. In this study, we design an efficient and provably secure key agreement scheme for satellite communication systems. In each session, we replace user's true identity by a temporary identity, which will be updated for each session, to guarantee the anonymity. Because the only use of lightweight algorithms, our proposed scheme has high performance. Furthermore, the security of the proposed scheme is proved in the real-or-random model and the performance analysis shows that the proposed scheme is more efficient than some other schemes for satellite communication systems.

The influence of random number generation in dissipative particle dynamics simulations using a cryptographic hash function.

The tiny encryption algorithm (TEA) is widely used when performing dissipative particle dynamics (DPD) calculations in parallel, usually on distributed memory systems. In this research, we reduced the computational cost of the TEA hash function and investigated the influence of the quality of the random numbers generated on the results of DPD calculations. It has already been established that the randomness, or quality, of the random numbers depend on the number of processes from internal functions such as SHIFT, XOR and ADD, which are commonly referred to as "rounds". Surprisingly, if we choose seed numbers from high entropy sources, with a minimum number of rounds, the quality of the random numbers generated is sufficient to successfully perform accurate DPD simulations. Although it is well known that using a minimal number of rounds is insufficient for generating high-quality random numbers, the combination of selecting good seed numbers and the robustness of DPD simulations means that we can reduce the random number generation cost without reducing the accuracy of the simulation results.

A retrospective look at the predictions and recommendations from the 2009 AMIA policy meeting: did we see EHR-related clinician burnout coming?

Clinicians often attribute much of their burnout experience to use of the electronic health record, the adoption of which was greatly accelerated by the Health Information Technology for Economic and Clinical Health Act of 2009. That same year, AMIA's Policy Meeting focused on possible unintended consequences associated with rapid implementation of electronic health records, generating 17 potential consequences and 15 recommendations to address them. At the 2020 annual meeting of the American College of Medical Informatics (ACMI), ACMI fellows participated in a modified Delphi process to assess the accuracy of the 2009 predictions and the response to the recommendations. Among the findings, the fellows concluded that the degree of clinician burnout and its contributing factors, such as increased documentation requirements, were significantly underestimated. Conversely, problems related to identify theft and fraud were overestimated. Only 3 of the 15 recommendations were adjudged more than half-addressed.

[Current Status and the Future of Protection and Utilization of Personal Information at Medical Facilities Based on the Understanding of Related Regulations].

In September 2015, "the Act on the Protection of Personal Information" was amended. Accordingly, "the Ethical Guidelines for Medical Research Involving Human Subjects" were also amended. "The Act on Anonymized Medical Data That Are Meant to Contribute to Research and Development in the Medical Field," which came into effect in May 2018, aims to collect and utilize medical information of each patient from medical institutions for the purpose of research and development in the medical field. Thus, the rules of personal information that need to be followed are changing considerably in the balance between importance of protection and utilization for medical development. Therefore, health care professionals and researchers are required to fully understand the current situation and the future.

Data Sharing Under the General Data Protection Regulation: Time to Harmonize Law and Research Ethics?

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

Addressless: A new internet server model to prevent network scanning.

Eliminating unnecessary exposure is a principle of server security. The huge IPv6 address space enhances security by making scanning infeasible, however, with recent advances of IPv6 scanning technologies, network scanning is again threatening server security. In this paper, we propose a new model named addressless server, which separates the server into an entrance module and a main service module, and assigns an IPv6 prefix instead of an IPv6 address to the main service module. The entrance module generates a legitimate IPv6 address under this prefix by encrypting the client address, so that the client can access the main server on a destination address that is different in each connection. In this way, the model provides isolation to the main server, prevents network scanning, and minimizes exposure. Moreover it provides a novel framework that supports flexible load balancing, high-availability, and other desirable features. The model is simple and does not require any modification to the client or the network. We implement a prototype and experiments show that our model can prevent the main server from being scanned at a slight performance cost.

Cyberattacks Cripple Dozens of U.S. Hospitals.

Hackers demand ransoms to restore access to computer files.

Cyber-attacks in the next-generation cars, mitigation techniques, anticipated readiness and future directions.

Modern-day Connected and Autonomous Vehicles (CAVs) with more than 100 million code lines, running up-to a hundred Electronic Control Units (ECUs) will create and exchange digital information with other vehicles and intelligent transport networks. Consequently, ubiquitous internal and external communication (controls, commands, and data) within all CAV-related nodes is inevitably the gatekeeper for the smooth operation. Therefore, it is a primary vulnerable area for cyber-attacks that entails stringent and efficient measures in the form of "cybersecurity". There is a lack of systematic and comprehensive review of the literature on cyber-attacks on the CAVs, respective mitigation strategies, anticipated readiness, and research directions for the future. This study aims to analyse, synthesise, and interpret critical areas for the roll-out and progression of CAVs in combating cyber-attacks. Specifically, we described in a structured way a holistic view of potentially critical avenues, which lies at the heart of CAV cybersecurity research. We synthesise their scope with a particular focus on ensuring effective CAVs deployment and reducing the probability of cyber-attack failures. We present the CAVs communication framework in an integrated form, i.e., from In-Vehicle (IV) communication to Vehicle-to-Vehicle (V2X) communication with a visual flowchart to provide a transparent picture of all the interfaces for potential cyber-attacks. The vulnerability of CAVs by proximity (or physical) access to cyber-attacks is outlined with future recommendations. There is a detailed description of why the orthodox cybersecurity approaches in Cyber-Physical System (CPS) are not adequate to counter cyber-attacks on the CAVs. Further, we synthesised a table with consolidated details of the cyber-attacks on the CAVs, the respective CAV communication system, its impact, and the corresponding mitigation strategies. It is believed that the literature discussed, and the findings reached in this paper are of great value to CAV researchers, technology developers, and decision-makers in shaping and developing a robust CAV-cybersecurity framework.

La evaluación de impacto en protección de datos en los proyectos de investigación / Impact assessment on data protection in research projects

Los recientes cambios en la normativa europea de protección de datos de carácter personal siguen permitiendo el uso de los datos sanitarios con fines de investigación, pero establecen la evaluación de impacto en protección de datos como instrumento de reflexión y análisis de riesgos en el proceso de tratamiento de datos. La publicación de una guía facilita la realización de esta evaluación de impacto, aunque no es de aplicación directa para los proyectos de investigación. Se detalla la experiencia en un proyecto concreto, y se muestra cómo el contexto del tratamiento toma relevancia respecto a las características de los datos. La realización de una evaluación de impacto es una oportunidad para asegurar el cumplimiento de los principios de la protección de datos en un entorno cada vez más complejo y con mayores desafíos éticos

Recent changes in European regulations for personal data protection still allow the use of health data for research purposes, but they have set the Impact Assessment on Data Protection as an instrument for reflection and risk analysis in the process of data processing. The publication of a guide for facilitates this impact assessment, although it is not directly applicable to research projects. Experience in a specific project is detailed, showing how the context of the treatment becomes relevant with respect to the data characteristics. Carrying out an impact assessment is an opportunity to ensure compliance with the principles of data protection in an increasingly complex environment with greater ethical challenges

Zero-knowledge identity authentication for internet of vehicles: Improvement and application.

The popularity of Internet of Vehicles (IoV) has made people's driving environment more comfortable and convenient. However, with the integration of external networks and the vehicle networks, the vulnerabilities of the Controller Area Network (CAN) are exposed, allowing attackers to remotely invade vehicle networks through external devices. Based on the remote attack model for vulnerabilities of the in-vehicle CAN, we designed an efficient and safe identity authentication scheme based on Feige-Fiat-Shamir (FFS) zero-knowledge identification scheme with extremely high soundness. We used the method of zero-one reversal and two-to-one verification to solve the problem that FFS cannot effectively resist guessing attacks. Then, we carried out a theoretical analysis of the scheme's security and evaluated it on the software and hardware platform. Finally, regarding time overhead, under the same parameters, compared with the existing scheme, the scheme can complete the authentication within 6.1ms without having to go through multiple rounds of interaction, which reduces the additional authentication delay and enables all private keys to participate in one round of authentication, thereby eliminating the possibility that a private key may not be involved in the original protocol. Regarding security and soundness, as long as private keys are not cracked, the scheme can resist guessing attacks, which is more secure than the existing scheme.

A generic construction for revocable identity-based encryption with subset difference methods.

To deal with dynamically changing user's credentials in identity-based encryption (IBE), providing an efficient key revocation method is a very important issue. Recently, Ma and Lin proposed a generic method of designing a revocable IBE (RIBE) scheme that uses the complete subtree (CS) method by combining IBE and hierarchical IBE (HIBE) schemes. In this paper, we propose a new generic method for designing an RIBE scheme that uses the subset difference (SD) method instead of using the CS method. In order to use the SD method, we generically design an RIBE scheme by combining IBE, identity-based revocation (IBR), and two-level HIBE schemes. If the underlying IBE, IBR, and HIBE schemes are adaptively (or selectively) secure, then our RIBE scheme is also adaptively (or selectively) secure. In addition, we show that the layered SD (LSD) method can be applied to our RIBE scheme and a chosen-ciphertext secure RIBE scheme also can be designed generically.