Sharing security weaknesses that methods revealed bkliniim

In patients ScienceDaily (17 February 2011) to participate in clinical expect their personal information will remain confidential, but recent research led by Dr. Khaled El Emam, Canada Research Chair of the information a Health Research Institute, CHEO found that security practices is used to transmit and share sensitive files is not sufficient.

Study into two parts, titled "how strong are the passwords used to protect personal health information bklini tests?," was published on 16 February Journal of medical Internet research, showed that most of the passwords used to protect files designed in easily snapped my weak password recovery utility to commercial. Research Coordinator interviews indicates that information shared in the context of the clinical studies could compromise your medical information.

"The hospital attempts these viewers that their personal information will be protected," said Dr. El Emam. "It is critical for maintaining the trust of clinical trial participants, and the public in General."

During the research, passwords for sensitive 14/15 files transmitted by e-mail were decoded successfully. Of these, 13 contained sensitive information that can identify health and other research site name, birth dates, acronyms, and gender. File sharing were also found with unsecured, unencrypted patient information shared via email and best practices posted on shared drives with common passwords.

"Decrypt passwords proved to be trivial," said Dr. El Emam. "Choices include simple passwords such as a car (for example," Nissan "), and common sequences (e.g.," 123 "). It was easier to guess the password recovery tool. "

Poor security practices can damage in patients participating in clinical, risk identified, and perhaps even stigmatized by the disclosure of medical information. You also have the option of both medical and medical identity theft. In the context of international clinical studies, the disclosure of medical information absently is considered a violation of data in countries like the United States, can lead to penalties in some countries.

Dr. El Emam believes that with effort sharing file bkliniim can be made secure: "there are protocols and tools that secure file sharing. It may take more effort on the part of those who manage clinical, but the alternative is not acceptable. "

Dr. El Emam makes several recommendations, including the enforcement of strong passwords and algorithms of encryption, encrypt all information sent via e-mail including site queries and minimize sharing password.

The research was funded by the natural sciences and Engineering Research Council of Canada (NSERC) Canada Research Chair program.

Email or share this story:

---

Story source:

The story above printed (with adapting to editing by a team of the day-to-day science) materials provided by the Institute of children's Hospital of Eastern Ontario Research.

---

a journal:

1. Khaled El Emam, Catherine Moreau, Elizabeth Jonker. How to use strong passwords to protect your personal information to a health clinical? Journal of medical Internet research, 2011; 13 (1) 10.2196/jmir doai: .1335

Note: you mentioned if not counting, the source is when instead.

Disclaimer: this article is not intended to provide medical advice, diagnosis or treatment. Opinions here do not reflect necessarily the ScienceDaily or its employees in these.

CeBIT 2011: cloud computing management

ScienceDaily (February 11, 2011) up field of cloud computing is an interesting one, and then, not only for businesses. The field of public administration from the technology. Fraunhofer institutes are developing solutions to create such systems, and to effectively implement the concepts of security.

Researchers to be at these other solutions in computing "cloud" in CeBIT Hanover from 1-5 March 2011.

Cloud computing is the evolution is tempting for IT administrators: with cloud computing, companies and organizations no longer need to purchase a server and software solutions themselves and instead capacities they need data, computing power and professional providers. You pay only for the purpose. In Germany, especially companies are turning cloud computing, data transfer, applications and networks their farm in the Amazon, Google, IBM, Microsoft or other it service providers. In the space of a few years, cloud computing, appeared as a market worth billions of, with a high level of importance for the German economy business location policy.

In the autumn 2010, researchers Fraunhofer Institute FOKUS open communication system in Berlin, together with the release of the Hertie School of governance, publish research, "eGovernment Kooperatives-cloud computing ldncig Die Öffentliche Verwaltung" ["eGovernment: cloud computing for the cooperative Administration: public"]. The research was already inviting ISPRAT, an organization dedicated to the interdisciplinary studies politics, law, management, and technology. The research addresses the security aspects, identify risks and uses different scenarios of application in order to describe the benefits of this new technology and for public administrators, with a particular focus on federal requirements in Germany.

"A lot of reservations about cloud computing in the public administration. First, because of the need to protect the basic personal data of citizens responsible for public administrators; But also the potential of outsourcing frightened by the authorities. Thanks for fear of loss of expertise, and another one because the law requires a kernel tasks remain in the hands of administrators. "this is how to learn maiozmim strick Linda of FOKUS sums is seated.

Research points to security risks specific to the cloud actually exist, but that these can be completely understand, analyze. "There is reason to even put a cloud-based security standards can actually fill out than the classic solutions," explains strick. To help administrators with the introduction of new technology, FOKUS eGovernment laboratory researchers are developing an application to use scenarios of media-split-free and hence interoperable cloud computing technologies.

Cockpit for security

Public authorities to allow companies to acquire hands-on experience with new technology and test the security concepts, experts from the Fraunhofer Institute for secure information technology sit in Munich have created a cloud computing test lab. Along with the security concepts and technologies for cloud computing providers, researchers are also developing and learn strategies for integrating a secure IT infrastructure and cloud services.

"Our test lab, a function, reliability and interoperability, along with individual security, penetration testing analyses can be made, each is considered a developmental steps in administration of individual services, fathers-a comprehensive systems testing teams up a fully functional," notes Angelika Ruppel of SIT in Munich.

Working with the German Federal office for information security [ldncig Bundesamt Sicherheit der Informationstechnik] BSI, her Division has drafted minimum requirements for providers of cloud and cockpit. With this solution, companies to securely transfer data between different systems within cloud monitoring information relevant to security and data protection. Even the application of the hybrid cloud infrastructure, which companies use internal and external computing power, you can securely control through the cockpit of the cloud.

Email or share this story:

---

Story source:

The story above printed (with adapting to editing by a team of the day-to-day science) materials provided by the Fraunhofer Institute Gesellschaft, via AlphaGalileo.

---

Note: you mentioned if not counting, the source is when instead.

Disclaimer: opinions in this article do not necessarily reflect those of its employees or ScienceDaily.

The fingerprint is the proof of counterfeit computer chips

ScienceDaily (February 8, 2011) product that increasingly target electronic chips and components, with attacks on hardware modules becoming commonplace. Custom security technology takes advantage of the features at the individual element to create a digital key. This provides the elements with the same--because you cannot copy the their unique structure.

Fraunhofer Institute researchers have display prototype worldwide embedded at Nuremberg Exhibition & Conference from March 1 to 3.

Product piracy is a long time ago is limited exclusively to a consumer goods sector. Too, the industry, there are more and more to fight this problem. Cheap mkosmim: Dear business cost the German mechanical and plant engineering alone lost 6.4 billion of revenue in 2010, according to a survey by the German engineering Federation (VDMA). Sales losses aside, low-quality counterfeits can break even the image of the company's brand. Worse, they can even compromise the life of the people if they are used in areas where safety, such as the production cars or airplanes. Patent rights or organizational instructions such as confidentiality agreements will not be enough to prevent product piracy. Anti-piracy technology that exists in today's marketplace provides a measure of protection, but it is an obstacle to the product and more for you: criminals are using the electron microscope, laser focused ion beams or bolts to intercept security keys-and baimotz more and more sophisticated methods.

Two chips are not

Embedded world, researchers at the Fraunhofer Institute sit secure information technology electronic components be ricot or chips can do counterfeit-proof using physical unclonable functions (PUFs). "Each element has a single fingerprint since small differences inevitably arise among during production," explains Dominik mrli, scientist at the Fraunhofer Institute sit in Garching near Munich. Printed circuits, for example, at a minimum weight or length variations during the manufacturing process. While these variations do not affect functionality, they can be used to create a unique code.

Destroying the structure polshni attacks

PUF module, integrated directly into chip-Setup is applicable not only in a large number of half-molichim programmable called FPGAs (field programmable gate arrays) but equally hardware components, such as ??????? and smartcards. "The heart is a circle measure, e.g. a ring oscillator. This creates a clock oscillator characteristic that allows precise material features of the chip set. Special electronic circuits to read these and generate measurement data from the data, developing a specific ???"????? mrli. Unlike the standard encryption, secret key is not stored in hardware but this threshold as and when required. Since the code relates directly to a given system properties at any point in time, it is almost impossible to extract and to replicate it. Polshni chip you target, and physical change parameters or distort the unique structure.

Garching-based researchers have developed already two fathers are: butterfly, PUF PUF ring vmd. At present, these modules are optimized for practical applications. The experts will be at embedded world at Nuremberg (Hall 11, stand 207) from 1-3 March example example FPGA boards can generate a single encryption key by using ring oscillator PUF. These allow security solutions-embedded systems rolled out attack.

Email or share this story:

---

Story source:

The story above printed (with adapting to editing by a team of the day-to-day science) materials provided by Fraunhofer Gesellschaft.

---

Note: you mentioned if not counting, the source is when instead.

Disclaimer: opinions in this article do not necessarily reflect those of its employees or ScienceDaily.