December 10 - 12, 2003
DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ
- Organizers:
- Rakesh Agrawal, IBM Almaden, ragrawal@acm.org
- Larry Cox, CDC, lcox@cdc.gov
- Joe Fred Gonzalez, CDC, jfg2@cdc.gov, chair
- Harry Guess, University of North Carolina, harry_guess@unc.edu
- Tomas Sander, HP Labs, tosander@exch.hpl.hp.com
Presented under the auspices of the Special
Focus on Communication Security and Information Privacy and
Special Focus on Computational and Mathematical Epidemiology.
Some Health Data Privacy Challenges for Cryptography:
1). Identify different functionalities and specific challenges for cryptography.
a). Does transferring data between a hospital and testing lab or
other problems of transferring health data require any different
cryptographic tools than we need for financial transactions?
b). We should distinguish between problems of transferring data
and problems of computing with data, especially distributed
data? See 2) for challenges in this direction.
2). Privacy-preserving Data Mining and Privacy-preserving Data Sharing. There are many
challenges here. Some:
a). Identify specific functionalities needed for health data
applications.
b). Make secure multi-party computation more efficient for large
databases (a generic challenge)
c). Extend secure multi-party computation to clustering. Since
clustering is hard, we might have to settle for approximate
solutions. More generally, can we extend secure multi-party
approximation?
d). Is it possible to modify secure multi-party computation
protocols so one doesn't have to access all data elements?
e). What are the issues involved in privacy-preserving data
sharing in general and secure multiparty computation in
particular if we want to take into consideration what the output
itself might leak about the data?
3). Tracking Disclosed Information (a topic related to secure software and secure
computing environments as well as cryptography)
a). Can we "send" with disclosed information some restrictions on
its use, e.g., future disclosure?
b). Can we "send" with disclosed information restrictions on
length it can be saved/used?
c). Can we do this tracking if there are later changes in
disclosure limitations?
4). Can we develop good auditing technologies?
This question applies well beyond cryptography. In health
data, it is concerned with distinguishing between a transaction
(e.g., looking at a patient record) that is legitimate and one
that is not. A well-known method involves tracking
authorizations. However, are there smart methods to audit large
data sets of transactions to find illegitimate transactions?
5). "Customizable" Privacy
Software employed by different partners may differ in privacy
protections/policy and processing. This presents cryptography
with complex privacy management concerns and it would be
important to develop privacy protocols that are readily
"customizable" to different users.
6). Dynamic Query Authorization and Forbidden Question Combinations
a). It is an old topic to change authorization to make queries based
on previous queries to data sets and information disclosed, so
as to make it impossible to make forbidden inferences. But how
do we do this in the encryption situation and with widely
distributed data sets?
b). A simpler challenge arises if we have specific questions and
some combination of them that is forbidden in advance. Even here,
there are cryptographic challenges if we hide the questions from
the database owner.
7). Revealing Partial Information
It may not be known in advance which information will and will
not be sensitive. Traditionally, cryptography does not allow
information leakage unless it is explicitly defined as part of
the input. Dynamically-changing disclosure limitations pose
challenges for cryptography, e.g., in secure multiparty computation.
Reference Index
Working Group Index
DIMACS Homepage
Contacting the Center
Document last modified on January 26, 2004.