299-Article Text-492-1-10-20160203.pdf

4 conclusions and future work the motivation behind

Info icon This preview shows pages 12–14. Sign up to view the full content.

4 Conclusions and Future Work The motivation behind creating a threat model for telehealth systems is to help enhancing system security in terms of protecting healthcare information from security threats, such as patient data disclosure and/or unauthorized access or modification by attackers, among others. In this work, a threat model process for telehealth systems using Microsoft threat modeling tool 2014 was established. In order to prepare for threat mitigation, system assets, threat agents, adverse actions, threats and their effects as well as a list of countermeasures were identified and analyzed.
Image of page 12

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

This work will be used to develop security requirements [4] and to better design and implement system protection solutions against telehealth application threats. In the future, the system security will be further investigated at the Center for eHealth and Health Care Technology at the University of Agder. The plan is also to analyze the outsider threats in the telehealth trial system and verify whether implemented system protection solutions will perform effectively and efficiently on identified threats. Table 4: Threats and Countermeasures STRIDE Threat Countermeasures Spoofing T1.1, T1.2, T1.3, T1.5 T1.6, T1.7, T1.8 Strong authentication: User must be authenticated to the system using a strong password policy, biometrics or multi-factor authentication mechanisms. Encryption: All credentials must be encrypted, and it has to be ensured that credentials do not traverse the wire in clear text form. Cryptographic protocols: Cryptographic protocols such as TLS/SSL must be used to ensure a secure (encrypted) communication between system components. Tampering T2.4, T2.5, T4.3 Strong authorization: Appropriate access control mech- anisms such as role-based access control (RBAC) must be deployed with least privileges and separation of duties principles. Users must be assigned to access with mini- mum privileges. Data hashing and signing: All confidential data must be hashed and signed to ensure that the data is valid (untampered and came from the correct/expected source). Secure communication links: The communication links between system components must be ensured by using protocols that provide message integrity and confidential- ity. Repudiation T4.1, T4.2, T4.4 Secure audit trails: All activities (such as successful and unsuccessful authentication) and sensitive data (e.g. cookies and authentication credentials ) must be logged and recorded. Information disclosure T3.1, T3.2, T3.3, T3.4, T3.5 Strong authorization: Ensure that an appropriate access control mechanisms is deployed and only authorized users can access to data. Encryption: Ensure that all sensitive data is encrypted ( in storage or during transit) and only authorized users can read this data.
Image of page 13
Image of page 14
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern