Long-term secure storage for sensitive data

Long-term secure storage for sensitive data

Technology News |
By Christoph Hammerschmidt

Together with Japanese and Canadian partners, a team of researchers from the CROSSING Collaborative Research Center at Darmstadt Technical University has developed a data storage system whose encryption is supposed to be secure against hacking attempts even after many years. The target application of the development was electronic health records, the contents of which are generally highly confidential and must be protected against unauthorized access.

It is not only in Germany that the “electronic patient file” is being discussed. However, the question of data security continues to slow down developments. Because health data – which, with the progress of modern medicine, increasingly contain patient genome data – must be able to be stored securely for a lifetime and sometimes even beyond.

A major challenge in this context is the technological developments that can be expected in this long period of time, because they have a major impact on the security of existing procedures. “All encryption methods used today will become insecure in the coming years and decades,” explains Professor Johannes Buchmann and CROSSING spokesman. “The computing power of attackers are becoming ever larger and their attacks better. We can therefore assume that all encrypted data will be exposed after 20 years at the latest.”

In order to prevent this, Buchmann and his team started working with the Japanese research institute NICT (National Institute of Information and Communications Technology) on the “LINCOS – Long-Term Integrity and Confidentiality Protection System” project as early as 2015. Since 2017, the Japanese hospital operator Kochi Health Science Center and the Canadian company ISARA have also been on board. The system developed combines secure confidentiality protection with renewable integrity protection for the first time. This means that, regardless of the computing capacities and algorithms available in the future, no one can access or modify the protected data.

Long-term confidentiality is achieved through an approach called “Secret Sharing”. The original data set is distributed to different servers in such a way that individual parts do not make sense on their own. Only if enough parts are placed on top of each other, the original data record of the patient file is created again. Should one of the servers involved be compromised, the attacker cannot do anything with his captured share. In addition, the distribution is changed regularly. The integrity of the data is achieved by quantum computer resistant signatures. But even in the event that they are classified as insecure over time, the researchers have taken precautions: the signatures are exchanged regularly. This ensures complete integrity protection.

As the third component of the LINCOS system, the Canadian company ISARA, the industrial partner of the project, protects the data sent back and forth between the users and the server operators with quantum computer-resistant encryption. In the future, the researchers want to add a further security level, which they have already prototyped with their Japanese colleagues: Quantum key exchange. This method guarantees secure keys in the long term because it can be completely ruled out that an attacker listens when keys are exchanged. The scientists in the CROSSING Collaborative Research Centre are working on this in their own quantum laboratory at TU Darmstadt.

More information:  

If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :    eeNews on Google News


Linked Articles