곽진 김득훈 2021-08 31096 https://aurora.ajou.ac.kr/handle/2018.oak/20346 학위논문(박사)--아주대학교 일반대학원 :컴퓨터공학과,2021. 8 최근 ICT 기술의 발전으로 다양한 산업 분야에서 네트워크 통신에 기반한 서비스가 활발하게 제공되고 있다. 여러 산업 분야 중 의료 부문에서는 디지털 헬스케어에 대한 관심이 증가하고 있다. 이는 기존의 헬스케어 서비스의 일방향적 제공, 사후 대응 및 수동적인 성향을 갖던 한계점을 보완하여 양방향적 제공, 선제적 대응 및 능동적인 성향을 갖는 패러다임으로 변화하고 있음을 의미한다. 그러나, 의료 부문은 생명에 직결되는 특성이 타 산업 분야보다 상대적으로 높음에 따라 안전성이 중요시 되어, ICT 기술이 접목될 경우 기존 헬스케어 환경에 존재하지 않던 문제점까지 발생할 수 있으므로 디지털 헬스케어에 대한 발전에 어려움이 존재하였다. 그러나, 전 세계적으로 팬데믹적 유행성 질병에 따라 의료 대면 서비스를 대체하여 비대면 서비스가 일부 허용되고 있어 디지털 헬스케어 관련 서비스가 재조명 받고 있다. 이처럼 디지털 헬스케어의 지속적 발전 및 서비스 제공을 위해서 핵심적으로 보안 기술을 연구 및 적용해야 한다. 디지털 헬스케어에서 활용되는 의료정보에 대한 유출사고에 대응하기 위해 취약한 의료 부문 보안 환경에 대한 대응 방안이 필요한 시점이다. 본 논문에서는 디지털 헬스케어를 주도하는 다양한 서비스 중 정밀의료 및 전자처방전 서비스에 대하여, 각 서비스에서 활용되는 의료정보의 생성, 수집 및 처리 등에 영향을 주는 다양한 보안 위협을 분석하고 이를 방지하기 위한 보안 요구사항을 분석한다. 이후 분석된 정보를 기반으로 각 서비스에서의 인증 및 데이터 공유 스킴을 제안한다. 제안하는 스킴은 서비스에 참여하는 각 엔티티 간 상호 인증, 데이터 유출 방지, 데이터 위·변조 방지 및 프라이버시 침해 방지 등의 보안 기술을 통하여 안전하게 정밀의료 및 전자처방전 시스템이 운영될 수 있도록 제공한다. 이와 같이 선제적인 보안 기술 연구 및 적용을 수행하여, 향후 안전하고 신뢰된 디지털 헬스케어 환경을 구축하고자 한다. Ⅰ. Introduction 1 A. Background and Purpose of Study 1 B. Structure of Study 2 Ⅱ. Related Works 4 A. Digital Healthcare 4 B. Precision Medicine System 6 C. e-Prescription System 9 D. Authentication and Data Sharing-related Technologies 10 1. Fast IDentity Online 10 2. Keyless Signatures Infrastructure 12 Ⅲ. Authentication and Data Sharing in Precision Medicine System 17 A. Analysis of Sensitive Data in Precision MedicineSystem 17 B. Redefinition of Sensitive Data in the Precision Medicine System 28 1. Healthcare Data 29 2. Genetic Data 31 3. Lifelog Data 31 4. Privacy Data 32 C. Whole Life-Cycle Data Flow and Establishment ofPrecision Medicine System 37 1. Cloud-based Precision Medicine Data Center 37 2. Healthcare Data Domain 37 3. Genetic Data Domain 39 4. Lifelog Data Domain 40 5. Data Management, Processing and Security Technologies 41 D. Security Threats and Requirements of Precision Medicine System 43 1. Security Threats 43 2. Security Requirements 44 E. Application Plan for Keyless Signature Infrastructure 46 F. Proposal of Authentication and Data Sharing Scheme for Precision Medicine System 47 1. Registration Phase 48 2. Authentication Phase 53 3. Data Transfer Phase 60 G. Security Verification for Authentication and DataSharing Scheme for Precision Medicine System 64 1. Data Exposure (Security Threat) - Assurance of DataConfidentiality (Security Requirement) 64 2. Data Forgery and Modulation (Security Threat) - Verification of Data Integrity (Security Requirement) 64 3. Unauthorized Entity (Security Threat) - Mutual Authentication(Security Requirement) 65 4. Replay Attack (Security Threat) - Verification of DataValidity(Security Requirement) 66 5. Repudiation (Security Threat) - Non-repudiation (Security Requirement) 67 Ⅳ. Authentication and Data Sharing in e-Prescription System 68 A. Whole Life-Cycle Data Flow and Establishment of e-Prescription System 68 1. Entities in e-Prescription System 68 2. Entire Process of Issuing e-Prescriptions 70 3. Process between Patient and Hospital for Issuing e-Prescription 73 4. Process between Patient and Pharmacy for Issuing e-Prescription 75 5. Process between Patient and ePMC for Issuing e-Prescription 76 B. Security Threats and Security Requirements in e-Prescription System 78 1. Security Threats 78 2. Analysis of Detailed Security Threats on the Entire Cycle of the e-Prescription System 80 3. Security Requirements 85 C. Proposal of Authentication and Data SharingScheme for e-Prescription System 86 1. Registration Phase 88 2. Authentication Phase 93 3. Data Transfer Phase 98 D. Security Verification for Authentication and Data Sharing Scheme for e-Prescription System 103 1. Data Exposure (Security Threat) - Assurance of Data Confidentiality (Security Requirement) 103 2. Data Forgery and Modulation (Security Threat) - Verification of Data Integrity (Security Requirement)) 104 3. Unauthorized Entity (Security Threat) - Mutual Authentication(Security Requirement) 105 4. Reuse Attack (Security Threat) - Verification of Data Validity(Security Requirement) 105 5. Repudiation (Security Threat) - Non-repudiation (Security Requirement) 106 6. Privacy Invasion (Security Threat) - Anonymity (Security Requirement) 107 Ⅴ. Conclusion 108 Reference 110 List of Acronyms 113 초록 115 eng The Graduate School, Ajou University 아주대학교 논문은 저작권에 의해 보호받습니다. Design of Secure Authentication and Data Sharing Schemes in Precision Medicine and Electronic Prescription Systems Thesis 아주대학교 일반대학원 Deuk-Hun Kim 일반대학원 컴퓨터공학과 2021. 8 Doctoral I804:41038-000000031096 https://dcoll.ajou.ac.kr/dcollection/common/orgView/000000031096 Authentication Data Sharing Electronic Prescription Precision Medicine With the recent development of ICT technology, services based on network communications have been actively provided in various industries. Among many industrial sectors, interest in digital healthcare is increasing in the mdical sector. This implies that it is transforming into a paradigm with bidirectional provide, preemptive response, and proactive tendencies by supplementing the limitaions of existing healthcare services, reactive and passive tendencies. However, security is important in the healthcare sector due to its relatively higher life-threatening characteristics than in oher industries, and there were difficulties in developing digital healthcare as ICT technology could lead to problems that did not exist in existing healthcare envirionments. But, digital healthcare-related services are being re-illuminated as some non-face-to-face services are allowed to replace medical face-to-face services due to pandemic diseases worldwide. Threrfore, security technologies must be studied and applied to sustain the development of digital healthcare and to provide services. It is time to respond to vulnerable medical sector security environments in order to respond to leaks of medical information used in digital healthcare. In this thesis, for precision medicine and e-prescription services among the various services leading digital healthcare, we analyze various security threats affecting the generation, collection, and processing of medical information utilized by each service and analyze security requirements to prevent them. Then, based on the analyzed information, we propose an authentication and data sharing scheme for each service. The proposed scheme provides for the secure operation of precision medicine and e-prescription systems through security technologies such as mutual authentication between each entity participating in the service, data leakage prevention, data forgery prevention, and privacy violation prevention. Hence, we intend to conduct preemptive security technology research and application to establish a secure and trusted digital healthcare environment in the future.