Thread: Re: Key encryption and relational integrity

Re: Key encryption and relational integrity

From

"Peter J. Holzer"

Date:

29 March 2019, 01:50:50

On 2019-03-28 15:29:50 +0100, Moreno Andreo wrote:
> here I'm trying to find a way so nobody can, without the use of the
> application, match a patient with their clinical records (i.e. someone
> breaking into the server -- data breach)

I think it is very optimistic to assume that an intruder would get
access to the database but not the application.

        hp

--
   _  | Peter J. Holzer    | we build much bigger, better disasters now
|_|_) |                    | because we have much more sophisticated
| |   | hjp@hjp.at         | management tools.
__/   | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>

Attachment

signature.asc

Re: Key encryption and relational integrity

From

Karsten Hilbert

Date:

29 March 2019, 12:50:57

What Andrea Moreno's client seems to think is required by
GDPR is clearly bogus -- it would render illegal any and all
DICOM images existing today, because they contain
programmatically easily processable personally identifying
data right inside the clinical data.

Karsten Hilbert
--
GPG  40BE 5B0E C98E 1713 AFA6  5BC0 3BEA AC80 7D4F C89B

Re: Key encryption and relational integrity

From

Moreno Andreo

Date:

29 March 2019, 19:05:41

Il 28/03/2019 23:50, Peter J. Holzer ha scritto:
> On 2019-03-28 15:29:50 +0100, Moreno Andreo wrote:
>> here I'm trying to find a way so nobody can, without the use of the
>> application, match a patient with their clinical records (i.e. someone
>> breaking into the server -- data breach)
> I think it is very optimistic to assume that an intruder would get
> access to the database but not the application.
>
>          hp
>
Well, application resides on another instance (server), but if the 
attacker has been able to take control of one server, he surely could 
try to break another one, but it takes time.....

Re: Key encryption and relational integrity

From

"Peter J. Holzer"

Date:

29 March 2019, 22:53:27

On 2019-03-29 17:05:41 +0100, Moreno Andreo wrote:
> Il 28/03/2019 23:50, Peter J. Holzer ha scritto:
> > On 2019-03-28 15:29:50 +0100, Moreno Andreo wrote:
> > > here I'm trying to find a way so nobody can, without the use of the
> > > application, match a patient with their clinical records (i.e. someone
> > > breaking into the server -- data breach)
> > I think it is very optimistic to assume that an intruder would get
> > access to the database but not the application.

> Well, application resides on another instance (server), but if the attacker
> has been able to take control of one server, he surely could try to break
> another one, but it takes time.....

I can't claim to be a security expert any more (I've drifted away from
that topic over the last decade or so), but most data breaches that were
publicised over the last few years started at some employees desktop.
As such your assumption "server A may be hacked, server B safer, and the
application is completely safe" seems unrealistic to me. I think that
the application will fall first (and whatever privileges it provides to
the user will therefore be in the hands of the attacker), and the
server(s) will come aftet that. So I would design such an application
with the assumption that the user's PC has been compromised and secure
the server(s) against that case.

        hp

--
   _  | Peter J. Holzer    | we build much bigger, better disasters now
|_|_) |                    | because we have much more sophisticated
| |   | hjp@hjp.at         | management tools.
__/   | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>

Attachment

signature.asc