Ruben Radwan Tognetti
01 January 2015
13 December 2017
The advent of the Future Internet prompts fundamental transformations in whole ICT ecosystems, while bringing new opportunities to stakeholders in the availability and rational use of physical resources with large-scale savings in IT investments. It will also pose new security challenges especially for ensuring robust protection of privacy and integrity of personal information, which are a fundamental part of the societal acceptance of new ICT schemes, services and solutions. The consolidation of highly complex Cloud computing paradigms materializes the long-held dream of computing as an on-demand automatically managed utility, but at the same time it calls for the materialisation of technologies to enable tangible levels of trustworthiness and end-to-end security in the new ICT platforms and architectures.
While currently there are solid bases for homomorphic cryptography and secure processing of data, research in WITDOM will go further, aiming at truly efficient and practical privacy enhancing techniques and efficient signal and data processing in the encrypted domain, and develop a holistic security-by-design framework for quantitative evaluation of end-to-end security and privacy, aiming at guaranteing efficient and verifiable provision of privacy in the context of ICT services owned by third-party providers of distributed processing and storage, thereby maximizing independence from stated security and privacy commitments by respective providers.
Focusing on specific added-value scenarios, we will deliver automatic and efficient privacy provisioning solutions, which will cover varying needs of privacy for data that must be handled by non-trusted third parties, providing a greater malleability by dynamic adaptation to user needs and privacy preferences. In summary, privacy is preserved by keeping data confidential (encrypted and privacy-protected) in the un-trusted environment, while the data owner can operate with and make use of the data in the encrypted domain.
Are you looking for new Cybersecurity or Privacy services?
Find the right solution for your security needs!
WITDOM Protection Orchestrator
The Protection Orchestrator (PO) coordinates several protection components and services in order to effectively protect data before they leave a trusted environment for processing or storing reasons. The PO is in charge of parsing the protection configuration of an application and applying it.
WITDOM Identity Access Management
The WITDOM Identity and Access Management (IAM) component ensures that sensitive data in WITDOM is only accessible to individuals who are granted explicit entitlements to specific services, and has the ability to monitor / audit access to data and operations.
The WITDOM Key Management component provides management of secrets (for example, private and public encryption keys or credentials to access the storage) that are required for operations run by protection components.
Protection component that allows to anonymize data stored in a relational database. It selects automatically the anonymization algorithm that is more suitable for the data and the users' privacy requirements, and applies it seamlessly to the data, in order to protect privacy.
WITDOM Secure Signal Processing
WITDOM’s Secure Signal Processing (SSP) component performs secure signal processing operations on protected data and signals (encrypted, obfuscated, split or a combination thereof) in an untrusted environment, by preventing the disclosure of the sensitive information while it is being processed i
The Secure Computation component offers data protection functionalities by means of homomorphic encryption (HE) and secure multiparty computation (MPC), thus enabling privacy preserving computation in the untrusted domain.
WITDOM’s data masking component is responsible for masking sensitive data classified as direct identifiers. The masking process creates service-and-user-specific tokens that can be updated over time, satisfying two main security requirements: irreversibility and unlinkability.
The WITDOM End-2-End Encryption (E2EE) component provides protection functionalities in terms of locally encrypting data in the trusted domain before storing them in the untrusted domain for the secure backup purposes.
WITDOM Data Transformation and Storage
With every request to the WITDOM platform for processing of new data, the data are first transformed into the common WITDOM format (if it is not in this format already) and then stored in the WITDOM Storage for further processing.
WITDOM Integrity and Consistency Verification
WITDOM’s Integrity and Consistency Verification component protects the integrity and consistency of data outsourced to an untrusted remote storage.