Secure, Cloud-based Storage and Processing of Sensitive Documents
Companies and organizations more and more rely on software services that are implemented in the cloud, the so-called SaaS services (Software as a Service). Examples are telecom operators that create and manage massive amounts of invoices, or hospitals that manage patient records. They take out a subscription with a SaaS provider to have their data managed and stored.
There is, however, a mounting security and privacy concern. Customers rely on SaaS providers to keep their sensitive documents – invoices, patient records – secure and private. But these SaaS providers in their turn will subscribe to data centers and storage solutions that may be outside of their control, services offered e.g. by Microsoft or Amazon and physically located on the other side of the globe.
This calls for additional trust barriers between the SaaS provider, storage solutions and hosting providers. These should be trust barriers where the control and keys are in the hands of the trusted SaaS providers and where the sensitive documents remain opaque at all times for the storage and hosting providers.
“With SeClosed, our goal was to develop the basis for a generic security solution for SaaS providers,” says Koen Handekyn, project lead and CEO of UP-nxt at the time. “We did this in the form of a customizable add-on to existing and widely-used data access middleware, an add-on that gives application developers a powerful access to advanced encryption strategies and that takes away the burden to implement and integrate these on their own.”
The solution that the SeClosed partners envisioned allows to annotate data elements separately as a way to indicate their security requirements and to define policies concerning where and how these elements should be stored and which encryption tactics should be used. “That encryption could be a standard scheme (such as AES), but then the documents cannot be searched without first retrieving and decrypting them,” says Wouter Joosen, director of DistriNet, an imec research group at KU Leuven. “More intelligent data protection tactics allow searching in encrypted data, or applying functions on encrypted data. The latter tactics include homomorphic encryption. They largely belong to the domain of research. In this project, however, we have examined how we could apply them to two practical use cases.”
The two research partners are top in their field: DistriNet has an extensive expertise in the design and implementation of data access middleware, and COSIC is famous for its research on encryption tactics. UP-nxt and Agfa Healthcare are two SaaS providers looking to extend their expertise, and Proximus is a trusted storage and hosting provider.
SeClosed has developed an add-on to existing, widely-used data access middleware for secure multi-cloud storage (e.g. Hibernate). This solves the issue of SaaS application developers who are often unable to deal with complex cryptographic API calls in application code.
The add-on is easily configurable. It is annotation- and policy-driven and allows defining rules and appropriate storage and encryption tactics per data element. That way, it is for example possible to define which elements can be stored locally and unencrypted with a trusted intermediary, and which elements should be stored in the cloud and remain encrypted at all times.
SeClosed developed two types of advanced application-specific encryption tactics. One is for text-based search with full encryption of the index and database, and the second involves
homomorphic encryption tactics for sums and averages. These were developed for use on top of unchanged NoSQL databases such as Cassandra, MongoDB or ElasticSearch. These solve the key issue that current operations and data aggregation functions cannot be applied to encrypted data in the storage environment.
UP-nxt offers SaaS services to manage financial data and documents such as invoices. Once these have been encrypted and stored, UP-nxt’s customers may want to query for all open invoices of an organization, or for totals of invoices. In SeClosed, we made a number of schemas that allow doing these queries on the encrypted data.
Agfa Healthcare managed medical documents and patient records for e.g. hospitals. The challenge is to allow datamining without first decrypting all the data. One example that we developed is computing the average BMI (Body Mass Index) for all people from a region or city. To do so, we had to carefully examine what was possible with homomorphic computing to arrive at a practical solution.