A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing
Table 2
Threats to medical contents.
Threats
Contents
Repudiation
(i) Cannot receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary. (ii) Device claims: cannot write data received from an entity on the other side of the trust boundary.
Tampering
(i) Subject to a persistent cross-site scripting attack because it does not sanitize data storage “device” inputs/outputs and to cross-site scripting attacks. (ii) Reading or modifying data transmitted over an authenticated dataflow. (iii) Tampering by an attacker and leading to corruption of device. (iv) Attack via log files.
Spoofing
(i) Be spoofed by an attacker, leading to information disclosure. Consider using a standard authentication mechanism to identify the destination process. (ii) Be spoofed by an attacker, leading to incorrect data delivered to web server. (iii) Be spoofed by an attacker, leading to data being written to the attacker’s target instead of the device.
DDoS
(i) A DDoS attack to a server, which connects to a user device, a biosensor, will be a potential threat that makes a service impossible. (ii) Resource consumption can be hard to deal with, and there are times that it makes sense to let the OS do the job.
Information disclosure
(i) Data flowing across generic dataflow may be sniffed by an attacker. It can be used to attack other parts of the system or simply be a disclosure of information leading to compliance violations. (ii) When u#.profile, i#.info, and d#.info are required to be shared for patient movement, they have to share them with weak security.
Eavesdropping/forgery
(i) Attack to personal information and medical records which transfers between a biosensor and a server, a medical system and a server, or a user device and a server.
