SecHealth

Healthcare 4.0 services and infrastructures are more critical, sophisticated and interconnected than ever before, placing healthcare among the top sectors of major security risks. More complexity is brought by distributed and coordinated services delivery, resource constraint facing demographic stress, and various human factors, which require a new mind set and innovative solutions to cybersecurity. The situation is exacerbated by the Cyber-Physical Systems (CPS)/Internet of Things (IoT) enabled healthcare services and infrastructures, which are vulnerable to a variety of emerging cyber-attacks, and which pose rife with challenges. Since the CPS/IoT systems are classified as safety and security critical systems there is a need for understanding the cybersecurity, privacy and safety challenges facing a future healthcare system, and innovating the cybersecurity and privacy protection mechanisms to address these challenges.

Integrating safety and security requirements represent a major challenge due to CPS/IoT systems’ characteristics of fragmentation, interconnectedness, heterogeneity, cross-organizational nature and high interference between safety and security requirements. As technology continues to evolve, cybersecurity threats do as well. Healthcare 4.0 will therefore present expanded attack surface making the public safety risks higher for healthcare services and critical infrastructure through their interfaces and more flexible access to services and information. Such attacks can potentially lead to a violation of users’ privacy, physical damages, financial loses and threats to human life and preventing them is critical.

The rise of cyber-physical attacks shows us that the current, security solutions are unable to tackle the dynamicity, complexity, uncertainty, and high connectivity of Healthcare 4.0 services and critical infrastructures. These threats present us with a growing need for research and development in intelligent methods and techniques for cybersecurity, safety, forensic, adaptive privacy in Healthcare 4.0, and need for cybersecurity to become an integral part of patient safety.

The workshop on cybersecurity in Healthcare 4.0 will provide a discussion platform for researchers in the field and to share novel research on the topic.

Supported by the Center for Research-based Innovation (SFI) Norwegian Center for Cybersecurity in Critical Sectors (NORCICS)

Keynote: Where federated learning meets homomorphic encryption: challenges and potential pathways for secure data sharing in AI applications

To ensure data consistency and control, data centralization is a preferred solution for training machine learning models. However, data protection regulations, e.g. GDPR, as well as industrial competition, impose restrictions on information sharing among different organizations and individuals. Furthermore, this approach is technically challenging since the cost of collecting, storing, and processing all data in one centralized location is often prohibitively high. Google proposed federated learning for the collaborative training of machine learning models, aiming to handle the exchange of privacy-sensitive information in distributed environments and to reduce data transmission costs. In contrast to traditional machine learning, federated learning does not require local data to be collected, stored, and processed on a central server. Instead, this method enables on-device model training using client-specific data, with the obtained local model updates further aggregated on a central server. However, federated learning is not without its own privacy concerns, including risks of data leakage and inference attacks. To address these challenges, research is being conducted into various strategies, such as homomorphic encryption. By combining federated learning and homomorphic encryption, we can train machine learning models on encrypted data from different sources, thereby ensuring better data protection. The model never sees the raw data, only the encrypted version, and yet it can still learn from it. However, homomorphic encryption is computationally intensive and can significantly slow down the training process. In this talk, I take a look at the issues and prospects arising from the intersection of federated learning and multi-key homomorphic encryption, two advanced techniques in the field of secure and collaborative machine learning.

About the speaker:
Dr. Svetlana Boudko is a Senior Research Scientist at the Norwegian Computing Center, Oslo, Norway. She defended her PhD in computer science at the University of Oslo in 2014. She has over 20 years of experience working on R&D projects. She has served as a program committee member for several scientific journals and conferences. These include, among others, MDPI Sensors, MDPI Information, MDPI Electronics, MoMM (International Conference on Advances in Mobile Computing & Multimedia), and GameSec (Conference on Decision and Game Theory for Security). She also served as a peer reviewer for the book: "Artificial Intelligence For Security: Enhancing Protection in a Changing World". Additionally, she serves as a chair for the SecHealth workshop. Her areas of interest include cybersecurity, privacy and data protection, secure multi-party computations, and federated learning.