Electronic Health Record (EHR) Access Control Case Study

-


  
Case Discussion Questions

a.     List three benefits and three risks for using Smart Cards and PKI.
            PKI
           Smart Card
Benefits
·        PKI provides secure transactions
It makes sure that the exchange of confidential data is done via secure extranets and virtual private networks (VPN). When using VPN, there is easy access to business-critical data that is stored in internal networks.

·        PKI provides authentication
It can provides guarantee about the user. It can check the identity about the users and can check this come from legitimate user or not.

·         More secure than passwords
 A malicious user must obtain both the private key and the corresponding passphrase to pose as a legitimate user.
·        More Secure
Smart cards are use encryption methods to secure the this. The heart of smart card is microprocessor. It can contact with card reader.

·        Smart Cards are portable
Every card holders can access immediately. The have to freedom to access.

·        Prevents Fraud
Smart can easy to use  as a credit card and debit cards. It can identify the right user.
Risks
·         Theft CA signing private keys or root keys.
·         We need a thorough understanding of PKI and asymmetric encryption principles to set this up. It's not the simplest thing to do for a sys admin. For end-users it’s mostly transparent.
·         PKI can be easily lost data in encryption methods.
·        Smart card processing power are limited.
·        It can be a target of various attacks such as Trojan horse,  viruses .
·        Smart card can be easily lost or stolen.

         

b.    Explain how Smart Cards/PKI maintains data integrity.

Data integrity: Information and programs are changed only in a specified and authorized     manner. maintenance of, and the assurance of the accuracy and consistency of, data over its entire life-cycle, and is a critical aspect to the design, implementation and usage of any system which stores, processes, or retrieves data.

PKI provides data integrity, which protects the system against unauthorized data. Modification by assuring that the received data is accurate and complete, and has not been altered or modified.

c.     Explain how Smart Cards/PKI maintains data confidentiality.
Data confidentiality is a property of data, usually resulting from legislative measures, which prevents       it from unauthorized disclosure.

PKI protect the information from being seen unauthorized people. This happens because of encryption. The PKI confidentiality service is the framework through which such a common understanding can be reached in a way that is transparent to the actual entities involved. 


d.    Explain how Smart Cards/PKI maintains data authenticity.

In information security, message authentication or data origin authentication is a property that a message has not been modified while in transit (data integrity) and that the receiving party can verify the source of the message.


Entity identification, by itself, serves simply to identify the specific entity involved, essentially in isolation from any other activity that the entity might want to perform





































Comments

Post a Comment

Popular posts from this blog

How to hack windows 2000 using nessus.....

-
Image
What is nessus? Nessus  is a propriety vulnerability scanner developed by tenable network. It is free of charge for personal use in a non-enterprise environment. We use kali Os to hacking windows server, to testing vulnerabilities . ·          In Linux we have to search both Os are in the same network. And search the ip address of each systems.              ·          To windows :Open the terminal and type “ipconfig”                                     ·          To Linux : Open terminal and type      “ifconfig”                                   ·          Ten now we have both ip addresses. Using ping command can check the connection between        each        other.                                     Ex: ping 192.168.55.99 ·          Then both are connected we can start the nessus and can find the vulnerabilities. ·                                        Using “service ness
Read more

Crypt-analysis

-
Image
                                The goal of cryptanalysis is to find some weakness or insecurity in a cryptographic scheme, thus permitting its subversion or evasion.   It is a common misconception that every encryption method can be broken.   In connection with his WWII work at  Bell Labs proved that the  one-time pad  cipher is unbreakable, provided the key material is truly  random , never reused, kept secret from all possible attackers, and of equal or greater length than the message.    Most ciphers, apart from the one-time pad, can be broken with enough computational effort by  brute force attack , but the amount of effort needed may be  exponentially  dependent on the key size, as compared to the effort needed to make use of the cipher. In such cases, effective security could be achieved if it is proven that the effort required is beyond the ability of any adversary. This means it must be shown that no efficient method can be found to break the cipher.  
Read more

OpenID Connect Introduction

-
Image
What is OpenID Connect?? OpenID Connect is a simple identity layer built on top of the OAuth 2.0 protocol, which allows clients to verify the identity of an end user based on the authentication performed by an authorization server or identity provider (IdP), as well as to obtain basic profile information about the end user in an interoperable and REST-like manner. OpenID Connect specifies a RESTful HTTP API, using JSON as a data format.  OpenID Connect is an increasingly common authentication protocol: when an app prompts you to authenticate using your Facebook or Google+ credentials, the app is probably using OpenID Connect. OpenID Connect allows a range of clients, including web-based, mobile, and JavaScript clients, to request and receive information about authenticating  sessions and end-users. OIDC main purpose is to authenticate user one login and allow access to multiple services which is also known a s SSO (Single Sign-On). OneLogin provides a custom connector optio
Read more