empoWering prIvacy and securiTy in non-trusteD envirOnMents

WITDOM aims at producing a security and privacy framework for protection of data in untrusted and fast evolving ICT-based environments (mainly a hybrid cloud) with a particular focus in data-outsourcing scenarios, where new threats, vulnerabilities and risks due to new uses require end-to-end security solutions.

WITDOM assumes a trusted domain, a computationally restricted environment controlled by the end user, where security-critical services are hosted. Here, strict security and privacy controls need to be enforced before outsourcing. On the other hand, we have a cloud environment where virtually unlimited resources are available for heavy computational tasks. Those can be rented from cloud providers; however, the users have limited control over them and the provider is in full control. Therefore, this environment is considered an untrusted domain.

This framework is instantiated and validated in two application scenarios: a health scenario based on genetic data sharing for large research data analyses and individual outsourced clinical analyses; a financial services scenario based on the management of both customers’ data and finance data of contracts as well as providing outsourced secure financial services over private and public cloud instances.

The WITDOM framework uses security-and-privacy-by-design methodologies and advance the state of the art in effective protection of personal & sensitive data in the following areas: Privacy enhancing techniques, perturbation mechanisms and privacy metrics; Cryptographic privacy techniques supporting encrypted processing; Cryptographic techniques for integrity and verifiability of outsourced processes; European legal landscape.

The WITDOM platform orchestrates a variety of complex processes to protect sensitive data in the trusted domain in order to enable secure and privacy-preserving processing, storage, and sharing of protected data in an untrusted environment. To this end, WITDOM offers a wide set of protection functionalities (based on both crypto and non-cryptographical technologies) through a rich set of protection components: Anonymization; Secure signal processing; Secure computation; Integrity and consistency verification; Data masking and desensitisation; End-to-end encryption.

The framework is capable of adding new services as modular blocks. It relies on an administrative dashboard and a cloud orchestration service, and provides means to deploy the core services within the trusted or untrusted domain.
The generic framework is based on a generic architectural model, which uses the paradigm of service orientation, isolating the applications from the particular implementations and locations of its elements. The generic framework is suitable for different scenarios, though the project revolved around several use cases for the two project scenarios.
The development was guided by functional, non-functional, legal and ethical requirements elicited from general and particular scenarios. All the requirements were arranged in a tree-like structure and classified into three categories: core research requirements, demo requirements and production requirements.

Most of the protection components are the tangible result of the WITDOM Analysis of the SoTA in homomorphic encryption, secure processing, privacy enhancing techniques and integrity and consistency mechanisms. WITDOM challenges were related to the efficiency, applicability, generalizability and scalability of privacy protection techniques to achieve a true end-to-end protection of sensitive signals when processed in an untrusted environment. It’s worth mentioning that 3 patents applications were filed: 1 patent application on the data masking technology, and 2 patent applications on the Signal Secure Processing component.

WITDOM also contributed to current drafts and potential new standards belonging to the ISO/IEC JTC 1/SC 27, by means of a liaison with the working groups 2 and 5.

On the legal side, WITDOM worked on the analysis of the application of the EU legal framework on privacy enhancing technologies, particularly the data protection and cybersecurity package. The research focused on the extent to which data protection and cybersecurity legislation applies to the manipulation of (encrypted) personal data in untrusted environments, and the interaction between the basic stakeholders (data controller/processor/subject) in the context of processing personal data in these new environments. The WITDOM checklist for GDPR compliance shows how to support adopters with the GDPR by providing adequate technical measures and how adopters can ensure their compliance by taking recommendations on organizational level.

WITDOM framework and components were validated at primitive, system, and legal level. In the first case, the validation involved the component analysis as standalone protection mechanisms based on the KPIs. The purpose of our system-level validation is to assess the performance of the implemented solution and the user evaluation to assess the attractiveness of WITDOM and its prototypes. Finally the legal validation consisted of assessing the datasets used for the use-cases, the implementation of the legal and ethical requirements; and a compliance check for use cases.

The innovations sought are three-fold:
i) a novel framework for a quantitative evaluation of end-to-end security and privacy, aiming at guaranteeing efficient and verifiable provision of privacy in the context of ICT services owned by 3rd party providers;

ii) tools and technologies for efficient privacy protection of data outsourced and processed in untrusted environments. These techniques can be categorized in the four main research areas addressed in WITDOM: efficient lattice cryptosystems for homomorphic processing; efficient Privacy-Enhancing Technologies for obfuscation, noise addition, anonymization and data masking; and last, but not least, efficient and scalable integrity and consistency verification techniques to preserve fork-linearizability on data accessed and modified by several users on outsourced data stores.
The main strength resides in that the innovations in these areas are not applied independently or autonomously, but adequately and effectively composed and in an end-to-end secure and private architecture that defines a platform able to deploy privacy-preserving services on outsourced data with quantifiable and assessable technological guarantees.
Specific KPIs were proposed for assessing the expected and actual behavior and performance of the developed primitives. WITDOM also provided a generic architecture which gives coverage to developments on top of the framework by reusing the protection components developed and applicable for any kind of outsourced untrusted environment.

iii) The instantiation of the developed framework, platform and tools in two use-case scenarios, whose impact and sensitivity of the involved data make privacy a must, and where privacy and confidentiality constraints are a true barrier for profiting from the benefits of outsourced architectures and Cloud-based deployments.

Moreover, a key aspect of WITDOM innovations is built upon a legal assessment and validation of the recently reformed European Data Protection Regulation, linking legal and ethical requirements with technological means to guarantee their enforcement.