Mobile phones are increasingly used in the e-health domain.In this context, enabling secure access to health records from mobile de-vices is of particular importance because of the high security and privacy requirements for sensitive medical data. Standard operating systems and software, as they are deployed on current smartphones, cannot protect sensitive data appropriately, even though modern mobile hardware plat-forms often provide dedicated security features. Current mobile phones are prone to attacks by malicious software, which might gain unauthorized access to sensitive medical data.In this paper, we present a security architecture for the protection of electronic health records and authentication credentials that are used to access e-health services. Our architecture is derived from a generic solution and tailored specifically to current mobile platforms with hardware security extensions. Authentication data are protected by a trusted wallet (TruWallet), which leverages trusted hardware features of the phone and isolated application environments provided by a secure operating system. A separate application environment is used to provide runtime protection of medical data. Furthermore, we present a prototype implementation of TruWallet on the Nokia N900 mobile phone. In contrast to commodity systems, our architecture enables healthcare professionals to securely access medical data on their mobile devices without the risk of disclosing sensitive information.
%0 Conference Paper
%1 DLSW2011b
%A Dmitrienko, Alexandra
%A Hadzic, Zecir
%A Löhr, Hans
%A Sadeghi, Ahmad-Reza
%A Winandy, Marcel
%B Biomedical Engineering Systems and Technologies (BIOSTEC)
%D 2011
%K International-Conference-Workshop-Papers-Book-Chapters myown
%T Securing the Access to Electronic Health Records on Mobile Phones
%X Mobile phones are increasingly used in the e-health domain.In this context, enabling secure access to health records from mobile de-vices is of particular importance because of the high security and privacy requirements for sensitive medical data. Standard operating systems and software, as they are deployed on current smartphones, cannot protect sensitive data appropriately, even though modern mobile hardware plat-forms often provide dedicated security features. Current mobile phones are prone to attacks by malicious software, which might gain unauthorized access to sensitive medical data.In this paper, we present a security architecture for the protection of electronic health records and authentication credentials that are used to access e-health services. Our architecture is derived from a generic solution and tailored specifically to current mobile platforms with hardware security extensions. Authentication data are protected by a trusted wallet (TruWallet), which leverages trusted hardware features of the phone and isolated application environments provided by a secure operating system. A separate application environment is used to provide runtime protection of medical data. Furthermore, we present a prototype implementation of TruWallet on the Nokia N900 mobile phone. In contrast to commodity systems, our architecture enables healthcare professionals to securely access medical data on their mobile devices without the risk of disclosing sensitive information.
@inproceedings{DLSW2011b,
abstract = {Mobile phones are increasingly used in the e-health domain.In this context, enabling secure access to health records from mobile de-vices is of particular importance because of the high security and privacy requirements for sensitive medical data. Standard operating systems and software, as they are deployed on current smartphones, cannot protect sensitive data appropriately, even though modern mobile hardware plat-forms often provide dedicated security features. Current mobile phones are prone to attacks by malicious software, which might gain unauthorized access to sensitive medical data.In this paper, we present a security architecture for the protection of electronic health records and authentication credentials that are used to access e-health services. Our architecture is derived from a generic solution and tailored specifically to current mobile platforms with hardware security extensions. Authentication data are protected by a trusted wallet (TruWallet), which leverages trusted hardware features of the phone and isolated application environments provided by a secure operating system. A separate application environment is used to provide runtime protection of medical data. Furthermore, we present a prototype implementation of TruWallet on the Nokia N900 mobile phone. In contrast to commodity systems, our architecture enables healthcare professionals to securely access medical data on their mobile devices without the risk of disclosing sensitive information.},
added-at = {2020-05-03T20:09:10.000+0200},
author = {Dmitrienko, Alexandra and Hadzic, Zecir and Löhr, Hans and Sadeghi, Ahmad-Reza and Winandy, Marcel},
biburl = {https://www.bibsonomy.org/bibtex/28f02e615d4ce5c6ee27b42adf5642da4/sssgroup},
booktitle = {Biomedical Engineering Systems and Technologies (BIOSTEC)},
interhash = {e633d2d01728e0b82bd9b3f0dd25ddec},
intrahash = {8f02e615d4ce5c6ee27b42adf5642da4},
keywords = {International-Conference-Workshop-Papers-Book-Chapters myown},
pdf = {https://se2.informatik.uni-wuerzburg.de/publications/download/paper/1524.pdf},
timestamp = {2022-12-19T23:33:09.000+0100},
title = {Securing the Access to Electronic Health Records on Mobile Phones},
venue = {BIOSTEC},
year = 2011
}