empoWering prIvacy and securiTy in non-trusteD envirOnMents

witdom.eu

General Presentation

2 2 empoWering prIvacy and securiTy in non-trusteD envirOnMents

Content 1) Project Facts

2) Objectives

3) Main Outcomes

4) Main innovations

5) Architecture

6) Pilots

7) Project structure

8) Project roadmap

3

WITDOM stands for “empoWering prIvacy and securiTy in non-trusteD envirOnMents”.

It is a Research and Innovation Action co-funded by the European Union H2020 Programme, within the thematic priority of Information and communications technologies (ICT).

WITDOM was approved under call 1 of the H2020-ICT-2014-1, ICT-32-2014 in the topic of Cybersecurity, Trustworthy ICT with project No. 644371.

WITDOM started in January 2015 will run for 36 months.

The overall project budget is around 4 million euro.

7 different organizations from 5 European countries form the WITDOM consortium.

Project Facts

4

A framework for end-to-end protection of data in untrusted and fast-evolving ICT-based environments. • Driven by privacy-and-security-by-design (PSbD) principles.

• Holistic and all-encompassing.

• Provide end-to-end security.

Tools for effective protection of sensitive data: • Resource-efficient cryptographic primitives (e.g: SHE, FHE,

SMC).

• Privacy Enhanced Technologies (PETs) to enhance privacy-utility tradeoffs.

• Effective verification of data and process integrity.

• Secure protocols for outsourcing sensitive data.

• Evaluation and assessment of privacy preferences.

This WITDOM framework will be instantiated and validated in two application scenarios (eHealth and Financial Services) with demanding privacy requirements to protect sensitive data.

Objectives

6

Main Outcomes

• Analysis and assessment of end-to-end privacy/security

• Objective privacy metrics and quantifiable evaluation mechanisms.

• Guidelines and methods for the analysis of security requirements and trust relationships

• PSbD and user-empowered architectures and scenarios for outsourced / distributed environments.

• Definition and enforcement of user-centric privacy-preferences.

• Multi-party security and privacy analysis for outsourced/distributed eHealth and Financial services scenarios, instantiated architectures.

• Resource-efficient cryptographic primitives, protocols and PETs for outsourced processing of sensitive data (addressing the trade-off between good performance and strong cryptographic protection).

• Efficient cryptographic verifiability mechanisms for user-empowered outsourced processing

• Evaluation of the developed primitives, quantitative assessment of the net advances in utility, efficiency and privacy/security

• Privacy-preserving toolkit mplementing privacy-preserving primitives, protocols, privacy-enhancing techniques (PETs) and formalized preferences for user-centric verifiable outsourced processing (open-access building blocks).

• Multi-disciplinary assessment of prototypes for eHealth and Banking scenarios, making use of the toolkit and showcasing the net advance and impact of the general and practical outcomes in two privacy-aware scenarios.

General Outcomes

Framework

Practical Level Platform

Implementation

Level

Toolkit&

prototypes

7

Main innovations

Privacy Enhancing Techniques, perturbation mechanisms and privacy

metrics

Privacy-preserving

cryptographic techniques supporting encrypted processing

Cryptographic techniques for Integrity and Verifiability

of outsourced processes

European Legal

Landscape

– Comprehensive privacy metrics for

sensitive outsourced data and

quantifiable leakage and traces

– Privacy guarantees even if an

adversary has access to arbitrary

background and secondary

information (based on DP)

– Fine-tune other complexity-

dependent methods to match the life-

span of Cloud-related environments.

– Resource efficient SHE and FHE

– PEKS, PERKS, SMC, ZK

– Overcome the current limitations in

terms of full anonymisation of financial

and eHealth data

– Produce efficient data processing

techniques in both scenarios

– Integrity and consistency guarantees

(i.e., fork-linearizability and derived)

– Overcome current restrictions to

simple storage services, and the

severe limitations in concurrent

operation

– Advance verification of remote

computation respecting multi-client

input privacy

– Follow the evolution GDPR, opinions

and recommendations of Article 29

WP

– Translate these legal requirements

into technological requirements,

enabling seamless assessment of

legal compliance Holistic vision, with

interrelated and entangled advance in all

areas

8

Architecture

SPM:

Coding/obfuscating/encryp

ting allowing for the secure

realization of certain

operations implemented as

secure primitives within the

secure processing modules

(APIs or software libraries)

with a client-server structure

Comms protocols:

Between two SPMs, as part

of the advanced

cryptographic techniques

used for data and signal

processing in the encrypted

domain and PETs

Policy Enforcement, Auth,

Verifiability

Compliance of user

preferences to access

control to private data,

anonymity/privacy

enforcement, and data and

process integrity.

Secure Storage Module

Encryption standards,

perturbation mechanisms

and data formats in

unsecured environments,

enabling the verifiable

encrypted processing

protocols.

9

Genetic/proteomic databases protection, shared for large-scale research analyses and outsourced individual clinical analyses.

Scenario I: e-Health

Citizens

(Data owners)

Database

Generators

(Genetic data)

Genetic

Research

Institutes

Certification Authority

& Key Management

Private

Requests:

Genetic Analyses

and Studies

Cloud

Diagnosis

Services

Genetic

Research

Knowledge

enabling

Genetic Diagnosis

Citizens with their

protected DNA

metadata

Private

RequestsProtected Metadata

Knowledgebase

Expert System

working with

Protected Signals

Outsourced

Genetic Databases with

protected raw data

10

Protection of large-scale outsourced financial data storage and processing (financial risk calculation, fraud detection,...)

Scenario II: Financial Services

Protected

Processing

requestsBanking

Institution

Certification Authority

& Key Management

Outsourced Databases

processing protected data

Other

Banking

Institutions

Security

Perimeters

In-House

Private

Cloud

Bank Clients

Public

Cloud

11

Project Structure

WP1 Project &

Innovation Management

(ATOS)

WP7 Dissemination,

communication, exploitation and standardization

(ATOS)

WP2 Requirements analysis and prototypes evaluation

(FCSR)

WP3 Basic research on enabling privacy

and cryptographic tools

(UVIGO)

WP6 Legal requirements

and validation (KU Leuven)

WP5 Privacy preserving

platform toolkit and prototypes

(XLAB)

WP4 applied research and architectural

design (IBM)

12

Project Roadmap

Requirements Formalization

Legal Requirements

Fundamental Research

Architecture

Implementation&Prototypes

Translation of DP Directives

Management

Communication/Dissemination/Standardization/Exploitation

Validation/ Assessment

Final Validation

WP1

WP2

WP3

WP4

WP5

WP6

WP7

Year 1 (M1-M12) Year 2 (M3-M24) Year 3 (M25-M36)

Partners

Contact

Elsa Prieto (Atos)

WITDOM coordinator and Exploitation & Innovation Manager

elsa.prieto@atos.net

witdom.eu

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 64437. This work was supported in part by the Swiss State Secretariat for Education, Research and Innovation under contract No. 15.0098. The opinions expressed and arguments employed herein do not necessarily reflect the official views of the European Commission or the Swiss Government.