Developing Filtering Techniques for Securing Vector Graphics Images Applied to Ubiquitous Patient Records
Total Page:16
File Type:pdf, Size:1020Kb
Proceedings of the 5th WSEAS International Conference on Telecommunications and Informatics, Istanbul, Turkey, May 27-29, 2006 (pp139-144) Developing Filtering Techniques for Securing Vector Graphics Images Applied to Ubiquitous Patient Records Dr. Sabah MOHAMMED, Dr. Jinan FIAIDHI and Ahmed Sabbir ARIF Department of Computer Science, Lakehead University, 955 Oliver Road, Thunder Bay, Ontario P7B 5E1, Canada http://flash.lakeheadu.ca/~mohammed http://flash.lakeheadu.ca/~jfiaidhi Abstract- In this article we are describing the security challenges with the use of SVG Vector Graphics for ubiquitous patient records. Moreover, we are presenting an architecture that incorporates security mediators in the form of SVG filers to provide a highly flexible approach for accessing Electronic Patient Records. The SVG filters are based on the SAX primitives to pushes pieces of the SVG to the encryption/decryption handlers. The SAX handlers can filter, skip tags, or encrypt tags partially or universally at any time from the stream of the SVG. The SVG encryption/decryption techniques used by the SAX filters implements the standard specification of the W3C XML Encryption. Key-Words- Vector Graphics Images, SVG, Ubiquitous Patient Records, SAX Filters, XML Encryption. 1. INTRODUCTION (http://www.patienttracker.com/products.htm), Healthcare today is moving away from the tethered DICOMX (http://142.104.48.20/Benjamin.Jung/), domain and becoming diffused into an environment Wireless MediCenter rich with ubiquitous and portable digital devices. In this (http://www.wirelessmedicenter.com/mc/glance.cfm) evolving environment, the need to deliver information the m-care (http://www.m-care.co.uk/tech.html) such as Electronic Patient Records (EPR) at the point – PatientKeeper of – care is a prime factor in managing the healthcare (http://www.patientkeeper.com/products.html) and system efficiently. This however presents serious PocketMD (http://www.pocketmd.com). Furthermore, security challenges in ubiquitous environments where motivations such as patient privacy protection and protecting the confidentiality of the information, while recent laws like the US Health Insurance Portability and at the same time allowing authorized user to access it Accountability Act (HIPAA), the US President conveniently is the core issue in the paradigm. Executive Order (13335 of April 2004) on the However, ubiquitous computing based on XML has the migration to EPR, and the Canada Health Act make potential to improve many workflows in Health Care. security a fundamental concern within the healthcare In particular, XML promises a means of providing industry. flexible, incremental employment of electronic systems, and also provides a means for easy communication Indeed, the use of XML is not limited for the between disparate binary electronic systems. Ultimately representation of textual documents, but it can also be and ideally the whole healthcare record system will be used to represent each document in the processing of based on a non-proprietary mark-up language (XML), medical tests and imaging. Once an application is built but till that day comes we need to develop effective on XML such as a patient record standard, then a wide XML security that can work within variety of range of other XML standards can be brought to bear environments. In this direction, several organizations such as using XML parsing based on DOM or SAX have produced standards for XML security and XML models, or even as to represent and process graphical patient records. The most visible of these are the Health images/multimedia using the W3C SVG vector Level 7 (http://www.hl7.org/), the W3C XML graphics standard. Our objective in this article is to Encryption and Signature (www.w3c.org), EHRcom achieve secure sharing and accessing of (http://www.centc251.org/), OpenEHR image/multimedia medical information on the Internet (http://www.openehr.org/), MedBiquitous or on ubiquitous devices while avoiding violations of (http://www.medbiq.org/), HandHeldMed security or privacy. In this direction we are Proceedings of the 5th WSEAS International Conference on Telecommunications and Informatics, Istanbul, Turkey, May 27-29, 2006 (pp139-144) investigating, developing, and testing filtering “blocked” effect and colors are too much different from capabilities to complement other means of controlling the original image [5]. Triangulation on the other hand release of SVG medical documents to individuals and requires a highly expensive iterative algorithm that organizations outside of the direct health-care delivery segments the vector image according to complicated setting. Our specific focus is on the use of effective wavelet transformation which is applied to a Fourier- SVG filtering of the information contained in images transformed representation of the image [6]. that are part of an electronic medical record. In this article we are concerned with SVG However, since SVG graphics is in the end image filters which transform securely an SVG image just text (excluding the cases of embedded raster in a predictable fashion by recognizing the SVG graphics), the source is "open." This raises potential structure. For this purpose, our image filters replies on security-related concerns in form of copyright utilizing a SAX parsing algorithm along with an infringement and misuse. Although these issues already implementation to the W3C XML Encryption policy. exist with other text-based formats on the Web (e.g. HTML, CSS, XML and JavaScript), there is a dire need for a different solution; that take into account the nature 2. The W3C SVG Visual Filters: of the vector graphics. A possible direct solution can be Visual filters are a familiar concept if you've ever used based on the use a compression mechanism that graphics programs: You take a raw image and tell your converts vector graphics into binary with an program to put a little blur on it, or you might reverse "encryption" to increase its security. The problem with some of the image itself. In this direction W3C [7] this approach is that it is contrary to the advantage of recommended certain SVG filters which consist of a including metadata information in SVG, if the markup series of graphics operations that are applied to a given is "scrambled" in any way. Even if the metadata source graphic to produce a modified graphical result. information can be extracted, the authoring and The result of the filter effect is rendered to the target rendering (not to mention searching) software are device instead of the original source graphic. Filter imposed with the additional burden of supporting that effects are defined by 'filter' elements. To apply a filter compression mechanism. Even the use of a effect to a graphics element or a container element, you compression scheme like XMLZip or XMill which set the value of the 'filter' property on the given element leaves the metadata information intact has very little such that it references the filter effect. Each 'filter' success [1]. The other fine solution is to keep the SVG element contains a set of filter primitives as its children. structure intact and try to filter in and out information Each filter primitive performs a single fundamental that need to be secured only. In this direction there are graphical operation (e.g. blur) on one or more inputs, two main approaches. One approach which uses an producing a graphical result. Because most of the filter access control map to allow only authorized accesses to primitives represent some form of image processing, in particular parts of the vector graphics [2]. most cases the output from a filter primitive is a single Unfortunately, controlling access requires a perfect RGBA image. When applied to container elements such organization of the internal data in an enterprise. In as 'g', the 'filter' property applies to the contents of the many practical cases this requirement cannot be group as a whole. Typically, the graphics commands fulfilled, since it implies a radical restructuring of all are executed as part of the processing of the referenced internal information services. The cost of aligning all 'filter' element via use of the keywords SourceGraphic internal data to deal with external access privileges is or SourceAlpha. Filter effects can be applied to not only costly from the systems point-of-view, but also container elements with no content (e.g., an empty 'g' for all internal users of information systems, who now element), in which case the SourceGraphic or must file all data according to external requirements SourceAlpha consist of a transparent black rectangle that are normally none of their concern. The second that is the size of the filter effects region.SVG Filter approach is more comprehensive and relies on filtering primitives such as 'feGaussianBlur', 'feOffset', the graphical features of the vector graphic which are in 'feSpecularLighting', 'feComposite', 'feMerge', ' the form of contours (i.e. SVG paths) and try to feTurbulence ', 'feConvolveMatrix', 'feDiffuseLighting', approximate it for compression and security purposes. 'feDisplacementMap', 'feFlood', 'feImage', In this direction, researchers either use direct 'feMorphology', and 'feTile' takes input SourceAlpha, approximations based on and cubic bezier, and elliptical which is the alpha channel of the source graphic. The curves [3] for compression purposes only or use result is stored in a temporary buffer which then can be triangulation techniques based on filtering in the used by another SVG filter primitive