empoWering prIvacy and securiTy in non-trusteD envirOnMents

Project Presentation 2016

witdom.eu

https://twitter.com/W1TD0M

https://www.linkedin.com/groups/8257514

2 2 empoWering prIvacy and securiTy in non-trusteD envirOnMents

Content 1) Project Facts

2) Value Proposition

3) Main innovations

4) Sought impact

5) Main Scenarios:

eHealth and FS

6) Project roadmap

7) WITDOM requirements

8) WITDOM Architecture

9) WITDOM platform

10) Project structure

WITDOM: “empoWering prIvacy and securiTy in non-trusteD envirOnMents”.

Research and Innovation Action.

Call 1 of the H2020-ICT-2014-1

ICT-32-2014 - topic of Cybersecurity, Trustworthy ICT

Project No. 644371

Started in January 2015

Duration: 36 months

Overall project budget: 4 million euro.

WITDOM consortium: 7 different organizations from 5 European countries

Project Facts

WITDOM value proposition

Storage/ Data processing

CLOUD PROVIDER

Untrusted domain (i.e: public cloud)

Trusted domain (i.e: private cloud)

End-users

Public Institution Regulator

3rd parties

IT DEPARTMENT

Operations

Internal users

Protected data

Requests

External users

WITDOM value proposition (II)

Framework for end-to-end protection of outsourced data in untrusted ICT-based environments.

Framework

Protection Building blocks

Reference Implementations

Guidelines

Platform

Scenarios

Metrics

General Outcomes Practical Level Implementation Level

6

Main innovations

Privacy Enhancing Techniques,

perturbation mechanisms and privacy

metrics

Privacy-preserving

cryptographic

techniques supporting encrypted processing

Cryptographic techniques for Integrity

and Verifiability of outsourced processes

European Legal

Landscape

Privacy metrics for

sensitive outsourced

data and quantifiable

leakage and traces

– Efficient HE

– Current limitations in

terms of full

anonymisation

– Produce efficient data

processing techniques.

– Integrity and consistency

guarantees

– Overcome current

restrictions to simple

storage services

– Overcomes limitations in

concurrent operation

Evolution of the EU data

protection regulation

Holistic vision, with

interrelated and entangled advance in all

areas

Macro level: • New paradigm for design and implementation of ICT

• Measurably higher level of security and privacy at marginal additional cost

• Products compliant with EU Data Protection legislation

Societal level • Increased user trust in ICT services and protection of user privacy

• Improved ability to detect breaches in security

• More resilient critical infrast. and services with built-in trustworthiness

Research & Innovation level • Simplified crypto primitives implementation, easy-to-manage

security (reduced complexity of security infrast.)

• Provable improved security than traditionally designed ICT

• User empowerment over data and trust relations (user-centric tools to define / automatically enforce privacy preferences)

Sought Impacts

Outcomes for Europe’s ICT Market Players

A cloudified version of the platform, ready to be deployed in most notable cloud platforms: Amazon, Google, Openstack…

A set of PETs, secure primitives and other building blocks (e.g. authorization) which can be combined, extended or re-arranged to address other scenarios.

The knowledge of deploying and implementing the framework in two privacy-sensitive pilot test settings.

WITDOM Scenarios: overview

Concept eHealth Financial

Scope Genetic/proteomic databases protection, shared for large-scale research analyses and outsourced individual clinical analyses.

Protection of large-scale outsourced financial data storage and processing.

Processes • Reads alignment • Variants annotations • Data remote access

• Credit card transaction fraud detection and prevention

• Credit risk scoring • Cash flow forecasting

Data size Big files (GB) Small records (<1KB)

Data quantity A few files per user (Medical reports, list of variants, raw genomic data)

Many records per users (personal info + transactions + customer portfolio)

Access to data A few access Many access

Computation Batch computation Batch & Real-time computations

eHealth scenario

Financial Services scenario

Other Areas of Application

Smart grid: efficiently and securely process housholds’ consumption data in order to

a) adjust the energy provisioning, and

b) accurately bill the customer without invading their privacy.

Public transportation: People using public transportation means (train, buses, underground) may share their personal data about their daily journeys in order to help the companies to improve their services.

Environment analysis: image processing from optical instruments and visual recording systems in order to locate hazardous events, locate missing people, or analyse people behaviour.

Towards an E2E security framework

WITDOM scenarios

Requirements: scenario, legal, technical

Common architecture

Preliminary toolset & platform

Use-case architectures

Preliminary prototypes

Prototypes evaluation

Final prototypes and platform

Y1 (2015)

Y2 (2016)

Y3 (2017)

User-centered design philosophy

Co-creation + SPbD methodology

Key: exploit feared events • Description of “bad scenarios” is easier

o I do not want “them” to do research on my DNA!

• Driven by known privacy/security principles o LINDDUN, STRIDE, etc.

Requirements methodology SPACE

Non-functional Requirements

Number of Non-functional Requirements

Requirement elicitation activity

Interviews /workshops

User Journey Maps Personas

Functional Requirements

Functional Requirements

Number of functional requirements

Data types DPD/GDPR General/sensitive

Anonymous

Pseudonymous Varies

Health data Sensitive

Genetic data Sensitive

Medical data Sensitive

Health related data Sensitive

Data which allows for health related conclusions Sensitive

Financial data General

Legal and Ethical Requirements

Approach: Focus on general character of the WITDOM system: analysis of general

requirements. Focus on complementarity and diversity in WITDOM scenarios: analysis of

sector specific requirements. Focus on future oriented approach of WITDOM: analysis of the changing

international requirements.

Legal and Ethical requirements (II)

Concept eHealth Financial

Legal Requirements

• Outsourcing • Genetic data protection • Provision of care • Clinical trials (consent) • Further use for research

purposes

• Outsourcing • Fraud scoring • Cash-flow prediction • Data protection: 4 Data

quality principles (Transparency, Proportionality, Finality and Lawfulness)

Ethical Principles

• Respect for Persons/Principle of Autonomy

• Non-maleficence • Beneficence • Justice • Dignity • Responsibility • Accountability

• Non-maleficence • Wrongful discrimination • Transparency • Accountability

Research challenges in WITDOM

Secure and efficient cryptographic building blocks

• Efficient SHE, no bootstrapping

• HW-mediated FHE

• Function optimization

• Security Analysis

• Implementation in HELib

Applied Cryptography for efficient processing in the Encrypted Domain

• Primitive redesign

• Signal and data pre-coding/SPED

• Combination of PETs and crypto

• Trade-off analysis

• Scalability

• Masking approaches

Non-cryptographic Privacy Enhancing Techniques

• Unlinkability through anonymization/pseudonimization techniques

• Applicability of perturbation techniques

• Link to applied metrics and privacy-utility trade-offs

• Scenario-specifics for achievable privacy and adequate PETs-based approach

Integrity and Verifiability of Outsourced Processes

• Increase efficiency

• Advance in complex system models

• Generalization of verification methods

• Violation recovery

• Integration with privacy-preservation

General framework, combined advances in all research areas

Functional requirements drive development of secure processing tools (protection components).

Methodology for formalization and assessment of privacy-related technical requirements

Difficult but possible interplay between cryptographic and privacy guarantees.

Challenge: Optimize Utility-Efficiency-Privacy tradeoff

Technological requirements and assessment methodology

Requirements Elicitation

Privacy Property Metric Threshold Validation

Dialogue with scenarios

Iterative with scenarios

Dialogue with scenarios

Supervised by scenarios

WITDOM Initial Architecture

Trusted domain

KM

Untrusted domain

PO

Broker IAM

Services

Applications

Broker

Secured Services

SSP Anonym.

Masking

Integrity SC

E2EE

SSP

Masking

Integrity SC

E2EE

Core components (platform)

Protection components

Applications & services

Each protection component will be able to deploy over specified IaaS

Deployment mechanism:

WITDOM platform

Trusted domain Untrusted domain

Chef server

Cloudify manager

WITDOM Platform

OS1 OS2 AWS

DEB/RPM packages

Chef scripts

Blueprint/TOSCA document

Deployment on trusted domain/local infrastructure

Trusted and cloud environment

Cloud environment

Project Structure W

P1

P

roje

ct &

Inn

ova

tio

n M

anag

emen

t (A

TOS)

WP

7

Dis

sem

inat

ion

, co

mm

un

icat

ion

, exp

loit

atio

n

and

sta

nd

ard

izat

ion

(AT

OS)

WP2 Requirements analysis and prototypes evaluation

(FCSR)

WP3 Basic research on enabling privacy

and cryptographic tools

(UVIGO)

WP6 Legal requirements and

validation (KU Leuven)

WP5 Privacy preserving

platform toolkit and prototypes

(XLAB)

WP4 applied research and architectural

design (IBM)

Project Roadmap

Requirements Formalization

Legal Requirements

Fundamental Research

Architecture

Implementation & Prototypes

Translation of DP Directives

Management

Communication/Dissemination/Standardization/Exploitation

Validation/ Assessment

Final Validation

WP1

WP2

WP3

WP4

WP5

WP6

WP7

2015 (M1-M12) 2016 (M3-M24) 2017 (M25-M36)

Thank you very much for your attention!

Partners

Contact

Elsa Prieto (Atos)

WITDOM coordinator

elsa.prieto@atos.net

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 64437. This work was supported in part by the Swiss State Secretariat for Education, Research and Innovation under contract No. 15.0098. The opinions expressed and arguments employed herein do not necessarily reflect the official views of the European Commission or the Swiss Government.

witdom.eu

https://twitter.com/W1TD0M

https://www.linkedin.com/groups/8257514