Data privacy: on the cloud but user-controlled

Data privacy: on the cloud but user-controlled

Technology News |
By Julien Happich

The Sieve, as they’ve called the data-selective cryptographic system, is yet another user-controlled data privacy tool put forward by the research institute (see Cutting down on personal data leaks) and one can only wish their tools will be embraced by application developers and promoted as a privacy-aware differentiating feature among end-users.

Rather than being data-blind, web users would store all of their personal data, in encrypted form, on the cloud and any app that wanted to use specific data items would send a request to the user and receive a secret key that decrypted only those items. If the user wanted to revoke the app’s access, Sieve would re-encrypt the data with a new key.

“This is a rethinking of the Web infrastructure,” says Frank Wang, a PhD student in electrical engineering and computer science and one of the system’s designers. “Maybe it’s better that one person manages all their data. There’s one type of security and not 10 types of security. We’re trying to present an alternative model that would be beneficial to both users and applications.”

Sieve required the researchers to develop practical versions of two cutting-edge cryptographic techniques called attribute-based encryption and key homomorphism. With attribute-based encryption, data items in a file are assigned different labels, or “attributes.”

After encryption, secret keys can be generated that unlock only particular combinations of attributes: name and zip code but not street name, for instance, or zip code and date of birth but not name.

The problem with attribute-based encryption — and decryption — is that it’s slow. To get around that, the MIT and Harvard researchers envision that Sieve users would lump certain types of data together under a single attribute. For instance, a doctor might be interested in data from a patient’s fitness-tracking device but probably not in the details of a single afternoon’s run. The user might choose to group fitness data by month.

Sieve includes tables that track the locations at which grouped data items are stored in the cloud. Each of those tables is encrypted under a single attribute, but the data they point to are encrypted using standard — and more efficient — encryption algorithms. As a consequence, the size of the data item encrypted through attribute-based encryption — the table — is fixed, which makes decryption more efficient.

With key homomorphism, the cloud server can re-encrypt the data it’s storing without decrypting it first — or without sending it to the user for decryption, re-encryption, and re-uploading.

Wang developed an interface that displays a Sieve user’s data items as a list and allows the user to create and label icons that represent different attributes. Dragging a data item onto an icon assigns it that attribute.

Now, under today’s pressure to play various data mining tricks and run artificial intelligence algorithms across big data sets, will app developers want to seclude themselves from the free-for-all data climate that web giants have managed to enforce through their pervasive online services?

Or will they want to promote their new apps as Sieve-compliant instead, in a push to seduce increasingly privacy-conscious customers while leveraging unique and secure inter-device data sharing, as the MIT researchers hope?


Related news:

Cutting down on personal data leaks

Android users sue Google over personal data power-drain

End-to-end encryption for the masses

Private ID as a service leverages smartphone-enabled biometrics

Dutch government pushes for PUFs in smartphones

If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :    eeNews on Google News


Linked Articles