CloudSEEP1 technologies comprise state-of-the-art privacy-preserving tools and advanced encrypted processing algorithms to securely process private signals and data (techniques commonly known as Signal Processing in the Encrypted Domain). These algorithms allow to build secure solutions for unreliable environments through a set of core operations. Since it is a software solution, it is easily virtualizable and scalable, so it is possible to apply it in the cloud to take advantage of all its advantages without compromising the confidentiality of sensitive data, even during its processing.
Encrypted processing of sensitive data in Cloud environments with full privacy guarantees through advanced cryptographic primitives
Currently, oursourced environments like Cloud computing suffer from trust issues that hold back their full wide-spread adoption when dealing with sensitive data:
- There are many Cloud applications in which service providers must process clients’ personal, private or confidential data
- Clients may be reluctant to access Cloud resources due to privacy constraints and data sensitivity
- Traditional approaches like encrypting communications are not enough for protecting these data
- It is customary to keep private what should be private
By applying CloudSEEP’s state-of-the-art privacy-preserving techniques to these data for operating on them (a.k.a. Signal Processing in the Encrypted Domain), we achieve the highest level of privacy and confidentiality, featuring:
- User-Control: using of client-managed and revokable keys that the server will never gain access to.
- Full privacy guarantee: concealing of data during all their life-cycle: data never leave their encrypted state while they are processed at the Cloud, with no possible access from any unauthorized third party, or even by the provider itself.
- Leveraging a new class of secure services: cloud services are seamlessly provided on the encrypted data, and results will also be encrypted, only viewable by the owner of those data.
- Seamless integration: the underlying technology does not require any specific or dedicated hardware element. A middleware layer transparetly provides all the encryption, blind encrypted operation and client-side decryption.
This figure represents the high-level architecture needed to apply CloudSEEP technology to the Cloud.
The middleware layer provides full protection for the data in the Cloud, and leverages encrypted services with no extra hardware requirements and providing a dedicated API for encrypted operations.
SCAPE’s CloudSEEP solutions are based on state-of-the-art bleeding edge encryption techniques, which are the product of an actively developed research work. Some of the most recent scientific publications are:
- J. R. Troncoso-Pastoriza, D. González-Jiménez, and F. Pérez-González, “Fully Private Noninteractive Face Verification”, IEEE Transactions on Information Forensics and Security, vol. 8, no. 7, pp. 1101-1114, 2013
- Z. Erkin, J.R. Troncoso-Pastoriza, R. Lagendijk, and F. Pérez-González, “Privacy-Preserving Data Aggregation in Smart Metering Systems: An Overview”, IEEE Signal Processing Magazine, vol. 30, no. 2, pp. 75-86, 2013
- J. R. Troncoso-Pastoriza and F. Pérez-González, “Secure Signal Processing in the Cloud: enabling technologies for privacy-preserving multimedia cloud processing”, IEEE Signal Processing Magazine, vol. 30, no. 2, pp. 29-41, 2013
- J. R. Troncoso-Pastoriza and F. Pérez-González, “Efficient Protocols for Secure Adaptive Filtering”, in IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Prage, Czech Republic, 2011, pp. 5860-5863
- J. R. Troncoso-Pastoriza and F. Pérez-González, “Secure Adaptive Filtering”, IEEE Transactions on Information Forensics and Security, vol. 6, pp. 469-485, 2011
- J. R. Troncoso-Pastoriza and F. Pérez-González, “CryptoDSPs for Cloud Privacy”, in International Workshop on Cloud Information System Engineering (CISE), Hong Kong, China, 2010, vol. 6724
- J. R. Troncoso-Pastoriza and F. Pérez-González, “Secure and Private Medical Clouds using Encrypted Processing”, in Virtual Physiological Human (VPH), Brussels, Belgium, 2010