Upload
elsa-prieto
View
93
Download
0
Embed Size (px)
Citation preview
2 2 empoWering prIvacy and securiTy in non-trusteD envirOnMents
Content 1) Project Facts
2) Objectives
3) Main Outcomes
4) Main innovations
5) Architecture
6) Pilots
7) Project structure
8) Project roadmap
3
WITDOM stands for “empoWering prIvacy and securiTy in non-trusteD envirOnMents”.
It is a Research and Innovation Action co-funded by the European Union H2020 Programme, within the thematic priority of Information and communications technologies (ICT).
WITDOM was approved under call 1 of the H2020-ICT-2014-1, ICT-32-2014 in the topic of Cybersecurity, Trustworthy ICT with project No. 644371.
WITDOM started in January 2015 will run for 36 months.
The overall project budget is around 4 million euro.
7 different organizations from 5 European countries form the WITDOM consortium.
Project Facts
4
A framework for end-to-end protection of data in untrusted and fast-evolving ICT-based environments. • Driven by privacy-and-security-by-design (PSbD) principles.
• Holistic and all-encompassing.
• Provide end-to-end security.
Tools for effective protection of sensitive data: • Resource-efficient cryptographic primitives (e.g: SHE, FHE,
SMC).
• Privacy Enhanced Technologies (PETs) to enhance privacy-utility tradeoffs.
• Effective verification of data and process integrity.
• Secure protocols for outsourcing sensitive data.
• Evaluation and assessment of privacy preferences.
This WITDOM framework will be instantiated and validated in two application scenarios (eHealth and Financial Services) with demanding privacy requirements to protect sensitive data.
Objectives
6
Main Outcomes
• Analysis and assessment of end-to-end privacy/security
• Objective privacy metrics and quantifiable evaluation mechanisms.
• Guidelines and methods for the analysis of security requirements and trust relationships
• PSbD and user-empowered architectures and scenarios for outsourced / distributed environments.
• Definition and enforcement of user-centric privacy-preferences.
• Multi-party security and privacy analysis for outsourced/distributed eHealth and Financial services scenarios, instantiated architectures.
• Resource-efficient cryptographic primitives, protocols and PETs for outsourced processing of sensitive data (addressing the trade-off between good performance and strong cryptographic protection).
• Efficient cryptographic verifiability mechanisms for user-empowered outsourced processing
• Evaluation of the developed primitives, quantitative assessment of the net advances in utility, efficiency and privacy/security
• Privacy-preserving toolkit mplementing privacy-preserving primitives, protocols, privacy-enhancing techniques (PETs) and formalized preferences for user-centric verifiable outsourced processing (open-access building blocks).
• Multi-disciplinary assessment of prototypes for eHealth and Banking scenarios, making use of the toolkit and showcasing the net advance and impact of the general and practical outcomes in two privacy-aware scenarios.
General Outcomes
Framework
Practical Level Platform
Implementation
Level
Toolkit&
prototypes
7
Main innovations
Privacy Enhancing Techniques, perturbation mechanisms and privacy
metrics
Privacy-preserving
cryptographic techniques supporting encrypted processing
Cryptographic techniques for Integrity and Verifiability
of outsourced processes
European Legal
Landscape
– Comprehensive privacy metrics for
sensitive outsourced data and
quantifiable leakage and traces
– Privacy guarantees even if an
adversary has access to arbitrary
background and secondary
information (based on DP)
– Fine-tune other complexity-
dependent methods to match the life-
span of Cloud-related environments.
– Resource efficient SHE and FHE
– PEKS, PERKS, SMC, ZK
– Overcome the current limitations in
terms of full anonymisation of financial
and eHealth data
– Produce efficient data processing
techniques in both scenarios
– Integrity and consistency guarantees
(i.e., fork-linearizability and derived)
– Overcome current restrictions to
simple storage services, and the
severe limitations in concurrent
operation
– Advance verification of remote
computation respecting multi-client
input privacy
– Follow the evolution GDPR, opinions
and recommendations of Article 29
WP
– Translate these legal requirements
into technological requirements,
enabling seamless assessment of
legal compliance Holistic vision, with
interrelated and entangled advance in all
areas
8
Architecture
SPM:
Coding/obfuscating/encryp
ting allowing for the secure
realization of certain
operations implemented as
secure primitives within the
secure processing modules
(APIs or software libraries)
with a client-server structure
Comms protocols:
Between two SPMs, as part
of the advanced
cryptographic techniques
used for data and signal
processing in the encrypted
domain and PETs
Policy Enforcement, Auth,
Verifiability
Compliance of user
preferences to access
control to private data,
anonymity/privacy
enforcement, and data and
process integrity.
Secure Storage Module
Encryption standards,
perturbation mechanisms
and data formats in
unsecured environments,
enabling the verifiable
encrypted processing
protocols.
9
Genetic/proteomic databases protection, shared for large-scale research analyses and outsourced individual clinical analyses.
Scenario I: e-Health
Citizens
(Data owners)
Database
Generators
(Genetic data)
Genetic
Research
Institutes
Certification Authority
& Key Management
Private
Requests:
Genetic Analyses
and Studies
Cloud
Diagnosis
Services
Genetic
Research
Knowledge
enabling
Genetic Diagnosis
Citizens with their
protected DNA
metadata
Private
RequestsProtected Metadata
Knowledgebase
Expert System
working with
Protected Signals
Outsourced
Genetic Databases with
protected raw data
10
Protection of large-scale outsourced financial data storage and processing (financial risk calculation, fraud detection,...)
Scenario II: Financial Services
Protected
Processing
requestsBanking
Institution
Certification Authority
& Key Management
Outsourced Databases
processing protected data
Other
Banking
Institutions
Security
Perimeters
In-House
Private
Cloud
Bank Clients
Public
Cloud
11
Project Structure
WP1 Project &
Innovation Management
(ATOS)
WP7 Dissemination,
communication, exploitation and standardization
(ATOS)
WP2 Requirements analysis and prototypes evaluation
(FCSR)
WP3 Basic research on enabling privacy
and cryptographic tools
(UVIGO)
WP6 Legal requirements
and validation (KU Leuven)
WP5 Privacy preserving
platform toolkit and prototypes
(XLAB)
WP4 applied research and architectural
design (IBM)
12
Project Roadmap
Requirements Formalization
Legal Requirements
Fundamental Research
Architecture
Implementation&Prototypes
Translation of DP Directives
Management
Communication/Dissemination/Standardization/Exploitation
Validation/ Assessment
Final Validation
WP1
WP2
WP3
WP4
WP5
WP6
WP7
Year 1 (M1-M12) Year 2 (M3-M24) Year 3 (M25-M36)
Partners
Contact
Elsa Prieto (Atos)
WITDOM coordinator and Exploitation & Innovation Manager
witdom.eu
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 64437. This work was supported in part by the Swiss State Secretariat for Education, Research and Innovation under contract No. 15.0098. The opinions expressed and arguments employed herein do not necessarily reflect the official views of the European Commission or the Swiss Government.